| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.09.2012, 20:09
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Das war ein Satz mit X! Du musst mein Fixscript in die Textbox von OTL kopieren, nicht das Logfile selbst!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.09.2012, 20:57
| #17 |
 | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Hmmm hab ich das falsche kopiert oder wie? :S
__________________Alles klar dann mach ich das gleich nochmal! Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1300459055-3312340215-1431206078-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FactoryTest not found.
Registry value HKEY_USERS\S-1-5-21-1300459055-3312340215-1431206078-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-21-1300459055-3312340215-1431206078-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42e325b3-e9e3-11e1-9657-e4d53dcdc33e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42e325b3-e9e3-11e1-9657-e4d53dcdc33e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42e325b3-e9e3-11e1-9657-e4d53dcdc33e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42e325b3-e9e3-11e1-9657-e4d53dcdc33e}\ not found.
File E:\autostart_DEU.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42e325b3-e9e3-11e1-9657-e4d53dcdc33e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42e325b3-e9e3-11e1-9657-e4d53dcdc33e}\ not found.
File E:\autostart_DEU.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42e325b3-e9e3-11e1-9657-e4d53dcdc33e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42e325b3-e9e3-11e1-9657-e4d53dcdc33e}\ not found.
File E:\autostart_DEU.exe not found.
========== FILES ==========
C:\Users\Manu\AppData\Local\{00302CAF-A738-4449-83CA-22A24AACC869} folder moved successfully.
C:\Users\Manu\AppData\Local\{02FB76DD-3BD3-48C7-B758-48458F9EB432} folder moved successfully.
C:\Users\Manu\AppData\Local\{046C7B00-97EC-4212-886C-F08FA29751F0} folder moved successfully.
C:\Users\Manu\AppData\Local\{1882C191-849C-4635-B419-747DFF3E5704} folder moved successfully.
C:\Users\Manu\AppData\Local\{200A62C6-E086-4AFB-9E88-6E442B5B73F4} folder moved successfully.
C:\Users\Manu\AppData\Local\{21B8DCE9-6CE6-4F5E-BA20-3B99DD4534D2} folder moved successfully.
C:\Users\Manu\AppData\Local\{26A5B827-8AAD-45A8-B86B-C8A1158A10A0} folder moved successfully.
C:\Users\Manu\AppData\Local\{276C8BC7-A29B-419E-8664-34769A22B7DB} folder moved successfully.
C:\Users\Manu\AppData\Local\{2B2CA209-8742-4113-8A3D-22C58BC3C9FA} folder moved successfully.
C:\Users\Manu\AppData\Local\{2EBE16FF-C0CC-4ECE-BF99-2EA6E123BBD8} folder moved successfully.
C:\Users\Manu\AppData\Local\{2EC29C3C-E867-45D9-99E6-105A8306B551} folder moved successfully.
C:\Users\Manu\AppData\Local\{2FD29161-DE6C-4676-849B-37202132E586} folder moved successfully.
C:\Users\Manu\AppData\Local\{30C91DED-3B0F-4C06-9983-08069A531128} folder moved successfully.
C:\Users\Manu\AppData\Local\{379C03D1-9707-429E-8116-4C23638CF629} folder moved successfully.
C:\Users\Manu\AppData\Local\{3F0BC064-5415-403E-BB24-AB3D77782136} folder moved successfully.
C:\Users\Manu\AppData\Local\{4290013B-6DE4-466E-9D17-DF9A31DA3028} folder moved successfully.
C:\Users\Manu\AppData\Local\{46EFC154-F073-4FD0-9596-80C96B4BF8C5} folder moved successfully.
C:\Users\Manu\AppData\Local\{4AB1B17C-BA3A-4774-8C34-977FFCF643AE} folder moved successfully.
C:\Users\Manu\AppData\Local\{4C9EE5BC-8A75-4C30-AEB4-3EDB61E8AC3A} folder moved successfully.
C:\Users\Manu\AppData\Local\{5644F74C-4E88-4C5C-8BA7-688F04B717D8} folder moved successfully.
C:\Users\Manu\AppData\Local\{58B169AB-C89B-4C51-8521-FD6AC1C4DADF} folder moved successfully.
C:\Users\Manu\AppData\Local\{594261D9-BA27-4459-B2B9-5F14D2D96629} folder moved successfully.
C:\Users\Manu\AppData\Local\{5BB4E254-9093-475A-9BAC-56502D3439AE} folder moved successfully.
C:\Users\Manu\AppData\Local\{62D6FA50-CF20-46A9-89CB-5FCBF003DB85} folder moved successfully.
C:\Users\Manu\AppData\Local\{692A422B-C1AA-435A-8FEB-729F842C3A48} folder moved successfully.
C:\Users\Manu\AppData\Local\{6BB03517-403F-4E31-8899-4AF7E64E016B} folder moved successfully.
C:\Users\Manu\AppData\Local\{70B21448-822B-42EF-8A37-3ABC3FF61FC0} folder moved successfully.
C:\Users\Manu\AppData\Local\{7FAE37B6-EFB8-4A02-B38F-112B11DF7150} folder moved successfully.
C:\Users\Manu\AppData\Local\{826F8530-7211-4151-8194-DF6B3B0897B1} folder moved successfully.
C:\Users\Manu\AppData\Local\{8D3E4821-B0A0-457F-A131-BB6CB432E23B} folder moved successfully.
C:\Users\Manu\AppData\Local\{91C3B7E7-3608-4C61-9C8E-87244AD0F6DE} folder moved successfully.
C:\Users\Manu\AppData\Local\{95936EF5-A266-44CE-B397-901F9098E7D2} folder moved successfully.
C:\Users\Manu\AppData\Local\{9C5705A6-4E77-4011-B552-D4CAD892FAA2} folder moved successfully.
C:\Users\Manu\AppData\Local\{A17348AC-CEDD-4EA3-8529-6A4BFCBACA78} folder moved successfully.
C:\Users\Manu\AppData\Local\{A1D56DDA-1600-4EDA-8441-0C96D9643B3A} folder moved successfully.
C:\Users\Manu\AppData\Local\{A6233309-AADD-4D84-95C1-C55A4119713E} folder moved successfully.
C:\Users\Manu\AppData\Local\{B1755247-B4DA-42AD-9324-97CF8CA825CE} folder moved successfully.
C:\Users\Manu\AppData\Local\{B808C6A5-DA1A-4E9F-902A-99FB4DDF1317} folder moved successfully.
C:\Users\Manu\AppData\Local\{B9E32450-24CF-4A28-B403-C9333B1F7E7A} folder moved successfully.
C:\Users\Manu\AppData\Local\{BF0E6B5B-6F19-477D-94B2-9E090DE44D0F} folder moved successfully.
C:\Users\Manu\AppData\Local\{C1EC80BE-612B-42B7-890F-0B0D8E7F2B75} folder moved successfully.
C:\Users\Manu\AppData\Local\{C65E2DE1-49B9-47FF-AA29-802F597435A5} folder moved successfully.
C:\Users\Manu\AppData\Local\{C7396D77-EEE1-467B-BCBF-653F27C0EE6B} folder moved successfully.
C:\Users\Manu\AppData\Local\{C763BE3C-566F-4316-8F42-E2041C6D42A2} folder moved successfully.
C:\Users\Manu\AppData\Local\{C96498D0-6400-416C-98BB-E192D6F2C37D} folder moved successfully.
C:\Users\Manu\AppData\Local\{C9EFD0A2-C5F5-4D6B-9CA7-422D2F4DC98C} folder moved successfully.
C:\Users\Manu\AppData\Local\{CD4CDE3F-27EA-4FFA-8B9D-4076FC984035} folder moved successfully.
C:\Users\Manu\AppData\Local\{D3B3A1A1-02A7-446D-9ED1-91B56D62286C} folder moved successfully.
C:\Users\Manu\AppData\Local\{D6759710-84A9-46A9-ADD8-4EEDCC314575} folder moved successfully.
C:\Users\Manu\AppData\Local\{D73A81D8-77DF-4FDA-9B0B-A13B957C0E10} folder moved successfully.
C:\Users\Manu\AppData\Local\{D7A00EC1-302C-4B5D-B4B9-1179A16D77D5} folder moved successfully.
C:\Users\Manu\AppData\Local\{DC666454-8894-4B25-8F71-D1D3B53BB6EA} folder moved successfully.
C:\Users\Manu\AppData\Local\{E0D7228B-BCF3-42AF-A33E-25A13BA2B113} folder moved successfully.
C:\Users\Manu\AppData\Local\{E1052295-1369-4A2E-9ADE-1C73A2470844} folder moved successfully.
C:\Users\Manu\AppData\Local\{E84F2F35-ED1A-4B09-9ECF-C09BF4BFAD02} folder moved successfully.
C:\Users\Manu\AppData\Local\{E9518066-7A5B-400A-8ACF-F9C19A4CBFE8} folder moved successfully.
C:\Users\Manu\AppData\Local\{EF48756A-810D-4736-ABDB-CBFE29D81D08} folder moved successfully.
C:\Users\Manu\AppData\Local\{EFC94541-5CD8-49B0-A0EA-3736E47A6DE7} folder moved successfully.
C:\Users\Manu\AppData\Local\{F0344776-4C1D-43FD-B254-2E78977D18E8} folder moved successfully.
C:\Users\Manu\AppData\Local\{F112810F-C3F5-42F5-9D9F-56B7EA9A9C0B} folder moved successfully.
C:\Users\Manu\AppData\Local\{F358F426-A780-47A5-AFCC-A882E50BE29F} folder moved successfully.
C:\Users\Manu\AppData\Local\{FBBC2E20-B6F0-47FB-884F-32B4B255CF71} folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\sesn folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\revocation\g_0000 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\revocation folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_007F folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_007E folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_007D folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_007C folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_007B folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_007A folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0079 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0078 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0077 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0076 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0075 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0074 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0073 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0072 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0071 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0070 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_006F folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_006E folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_006D folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_006C folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_006B folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_006A folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0069 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0068 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0067 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0066 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0065 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0064 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0063 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0062 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0061 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0060 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_005F folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_005E folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_005D folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_005C folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_005B folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_005A folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0059 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0058 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0057 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0056 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0055 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0054 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0053 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0052 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0051 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0050 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_004F folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_004E folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_004D folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_004C folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_004B folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_004A folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0049 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0048 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0047 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0046 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0045 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0044 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0043 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0042 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0041 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0040 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_003F folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_003E folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_003D folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_003C folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_003B folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_003A folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0039 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0038 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0037 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0036 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0035 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0034 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0033 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0032 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0031 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0030 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_002F folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_002E folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_002D folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_002C folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_002B folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_002A folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0029 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0028 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0027 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0026 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0025 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0024 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0023 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0022 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0021 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0020 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_001F folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_001E folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_001D folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_001C folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_001B folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_001A folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0019 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0018 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0017 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0016 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0015 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0014 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0013 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0011 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0010 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_000F folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_000E folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_000D folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_000C folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_000B folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_000A folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0009 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0008 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0007 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0006 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0005 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0004 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0003 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0002 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0001 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\g_0000 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\sesn folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0075 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0070 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0055 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0052 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0051 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0032 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0029 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0027 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0026 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0022 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0021 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_001F folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_001E folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0019 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0013 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_000F folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0009 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002\g_0008 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache\assoc002 folder moved successfully.
C:\Users\Manu\AppData\Local\Opera\Opera\cache folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Manu\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Manu\Desktop\cmd.bat deleted successfully.
C:\Users\Manu\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Manu
->Temp folder emptied: 4243951 bytes
->Temporary Internet Files folder emptied: 22025200 bytes
->Google Chrome cache emptied: 106247938 bytes
->Flash cache emptied: 4433 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108538 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 27794539167 bytes
Total Files Cleaned = 26.633,00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 09272012_225935
Files\Folders moved on Reboot...
C:\Users\Manu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
28.09.2012, 09:51
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
28.09.2012, 15:56
| #19 |
| | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsamCode:
ATTFilter 16:52:18.0396 3052 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:52:18.0496 3052 ============================================================
16:52:18.0496 3052 Current date / time: 2012/09/28 16:52:18.0496
16:52:18.0496 3052 SystemInfo:
16:52:18.0496 3052
16:52:18.0496 3052 OS Version: 6.1.7601 ServicePack: 1.0
16:52:18.0496 3052 Product type: Workstation
16:52:18.0496 3052 ComputerName: MANU-PC
16:52:18.0496 3052 UserName: Manu
16:52:18.0496 3052 Windows directory: C:\windows
16:52:18.0496 3052 System windows directory: C:\windows
16:52:18.0496 3052 Running under WOW64
16:52:18.0496 3052 Processor architecture: Intel x64
16:52:18.0496 3052 Number of processors: 4
16:52:18.0496 3052 Page size: 0x1000
16:52:18.0496 3052 Boot type: Normal boot
16:52:18.0496 3052 ============================================================
16:52:18.0876 3052 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
16:52:18.0876 3052 ============================================================
16:52:18.0876 3052 \Device\Harddisk0\DR0:
16:52:18.0876 3052 MBR partitions:
16:52:18.0876 3052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
16:52:18.0876 3052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D62800
16:52:18.0906 3052 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x51DC7800, BlocksNum 0x3A00800
16:52:18.0906 3052 ============================================================
16:52:18.0936 3052 C: <-> \Device\Harddisk0\DR0\Partition2
16:52:18.0986 3052 D: <-> \Device\Harddisk0\DR0\Partition3
16:52:18.0986 3052 ============================================================
16:52:18.0986 3052 Initialize success
16:52:18.0986 3052 ============================================================
16:53:27.0353 1012 ============================================================
16:53:27.0353 1012 Scan started
16:53:27.0353 1012 Mode: Manual; SigCheck; TDLFS;
16:53:27.0353 1012 ============================================================
16:53:27.0712 1012 ================ Scan system memory ========================
16:53:27.0712 1012 System memory - ok
16:53:27.0712 1012 ================ Scan services =============================
16:53:27.0915 1012 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
16:53:28.0008 1012 1394ohci - ok
16:53:28.0040 1012 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
16:53:28.0055 1012 ACPI - ok
16:53:28.0102 1012 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
16:53:28.0133 1012 AcpiPmi - ok
16:53:28.0180 1012 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
16:53:28.0196 1012 ACPIVPC - ok
16:53:28.0305 1012 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:53:28.0320 1012 AdobeARMservice - ok
16:53:28.0461 1012 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:53:28.0476 1012 AdobeFlashPlayerUpdateSvc - ok
16:53:28.0508 1012 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
16:53:28.0523 1012 adp94xx - ok
16:53:28.0570 1012 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
16:53:28.0586 1012 adpahci - ok
16:53:28.0601 1012 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
16:53:28.0601 1012 adpu320 - ok
16:53:28.0632 1012 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:53:28.0679 1012 AeLookupSvc - ok
16:53:28.0726 1012 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
16:53:28.0773 1012 AFD - ok
16:53:28.0820 1012 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
16:53:28.0835 1012 agp440 - ok
16:53:28.0866 1012 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
16:53:28.0913 1012 ALG - ok
16:53:28.0929 1012 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
16:53:28.0944 1012 aliide - ok
16:53:28.0944 1012 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
16:53:28.0960 1012 amdide - ok
16:53:28.0976 1012 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
16:53:29.0007 1012 AmdK8 - ok
16:53:29.0022 1012 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
16:53:29.0069 1012 AmdPPM - ok
16:53:29.0085 1012 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
16:53:29.0100 1012 amdsata - ok
16:53:29.0116 1012 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
16:53:29.0132 1012 amdsbs - ok
16:53:29.0147 1012 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
16:53:29.0163 1012 amdxata - ok
16:53:29.0178 1012 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
16:53:29.0225 1012 AppID - ok
16:53:29.0272 1012 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:53:29.0319 1012 AppIDSvc - ok
16:53:29.0350 1012 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
16:53:29.0381 1012 Appinfo - ok
16:53:29.0428 1012 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
16:53:29.0444 1012 arc - ok
16:53:29.0459 1012 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
16:53:29.0475 1012 arcsas - ok
16:53:29.0568 1012 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:53:29.0584 1012 aspnet_state - ok
16:53:29.0615 1012 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
16:53:29.0631 1012 aswFsBlk - ok
16:53:29.0662 1012 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
16:53:29.0662 1012 aswMonFlt - ok
16:53:29.0678 1012 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
16:53:29.0693 1012 aswRdr - ok
16:53:29.0724 1012 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\windows\system32\drivers\aswSnx.sys
16:53:29.0740 1012 aswSnx - ok
16:53:29.0771 1012 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\windows\system32\drivers\aswSP.sys
16:53:29.0771 1012 aswSP - ok
16:53:29.0787 1012 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\windows\system32\drivers\aswTdi.sys
16:53:29.0802 1012 aswTdi - ok
16:53:29.0834 1012 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:53:29.0896 1012 AsyncMac - ok
16:53:29.0943 1012 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
16:53:29.0943 1012 atapi - ok
16:53:29.0990 1012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:53:30.0052 1012 AudioEndpointBuilder - ok
16:53:30.0052 1012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
16:53:30.0083 1012 AudioSrv - ok
16:53:30.0192 1012 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:53:30.0208 1012 avast! Antivirus - ok
16:53:30.0239 1012 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
16:53:30.0286 1012 AxInstSV - ok
16:53:30.0333 1012 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
16:53:30.0380 1012 b06bdrv - ok
16:53:30.0426 1012 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
16:53:30.0458 1012 b57nd60a - ok
16:53:30.0567 1012 [ B5D54119CE0BB77872C33A717CB76386 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
16:53:30.0629 1012 BCM43XX - ok
16:53:30.0676 1012 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
16:53:30.0707 1012 BDESVC - ok
16:53:30.0723 1012 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
16:53:30.0770 1012 Beep - ok
16:53:30.0801 1012 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
16:53:30.0848 1012 BFE - ok
16:53:30.0894 1012 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
16:53:30.0957 1012 BITS - ok
16:53:31.0004 1012 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:53:31.0035 1012 blbdrive - ok
16:53:31.0066 1012 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:53:31.0082 1012 bowser - ok
16:53:31.0144 1012 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
16:53:31.0160 1012 BPntDrv - ok
16:53:31.0175 1012 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
16:53:31.0206 1012 BrFiltLo - ok
16:53:31.0206 1012 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
16:53:31.0222 1012 BrFiltUp - ok
16:53:31.0253 1012 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
16:53:31.0269 1012 Browser - ok
16:53:31.0284 1012 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:53:31.0316 1012 Brserid - ok
16:53:31.0316 1012 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:53:31.0347 1012 BrSerWdm - ok
16:53:31.0347 1012 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:53:31.0362 1012 BrUsbMdm - ok
16:53:31.0362 1012 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:53:31.0394 1012 BrUsbSer - ok
16:53:31.0440 1012 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
16:53:31.0472 1012 BthEnum - ok
16:53:31.0503 1012 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
16:53:31.0534 1012 BTHMODEM - ok
16:53:31.0550 1012 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
16:53:31.0565 1012 BthPan - ok
16:53:31.0596 1012 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
16:53:31.0628 1012 BTHPORT - ok
16:53:31.0659 1012 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
16:53:31.0690 1012 bthserv - ok
16:53:31.0706 1012 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
16:53:31.0721 1012 BTHUSB - ok
16:53:31.0784 1012 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
16:53:31.0799 1012 BTWAMPFL - ok
16:53:31.0799 1012 [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
16:53:31.0799 1012 btwaudio - ok
16:53:31.0815 1012 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\drivers\btwavdt.sys
16:53:31.0830 1012 btwavdt - ok
16:53:31.0877 1012 [ 3D5E7FB2CB69A6186C7954C0859173F4 ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
16:53:31.0908 1012 btwdins - ok
16:53:31.0908 1012 [ 346B4051B3D7FF70E8F027869B8ECA6E ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
16:53:31.0924 1012 btwl2cap - ok
16:53:31.0924 1012 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
16:53:31.0940 1012 btwrchid - ok
16:53:31.0940 1012 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:53:31.0986 1012 cdfs - ok
16:53:32.0033 1012 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
16:53:32.0049 1012 cdrom - ok
16:53:32.0096 1012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
16:53:32.0142 1012 CertPropSvc - ok
16:53:32.0158 1012 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
16:53:32.0189 1012 circlass - ok
16:53:32.0205 1012 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
16:53:32.0220 1012 CLFS - ok
16:53:32.0314 1012 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:32.0330 1012 clr_optimization_v2.0.50727_32 - ok
16:53:32.0361 1012 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:53:32.0376 1012 clr_optimization_v2.0.50727_64 - ok
16:53:32.0439 1012 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:53:32.0454 1012 clr_optimization_v4.0.30319_32 - ok
16:53:32.0470 1012 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:53:32.0470 1012 clr_optimization_v4.0.30319_64 - ok
16:53:32.0517 1012 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
16:53:32.0517 1012 clwvd - ok
16:53:32.0548 1012 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:53:32.0579 1012 CmBatt - ok
16:53:32.0595 1012 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
16:53:32.0610 1012 cmdide - ok
16:53:32.0642 1012 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
16:53:32.0657 1012 CNG - ok
16:53:32.0688 1012 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
16:53:32.0704 1012 Compbatt - ok
16:53:32.0720 1012 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
16:53:32.0751 1012 CompositeBus - ok
16:53:32.0751 1012 COMSysApp - ok
16:53:32.0751 1012 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
16:53:32.0766 1012 crcdisk - ok
16:53:32.0798 1012 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
16:53:32.0813 1012 CryptSvc - ok
16:53:32.0907 1012 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:53:32.0922 1012 cvhsvc - ok
16:53:32.0954 1012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
16:53:33.0000 1012 DcomLaunch - ok
16:53:33.0032 1012 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
16:53:33.0078 1012 defragsvc - ok
16:53:33.0094 1012 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:53:33.0125 1012 DfsC - ok
16:53:33.0156 1012 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
16:53:33.0219 1012 Dhcp - ok
16:53:33.0250 1012 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
16:53:33.0297 1012 discache - ok
16:53:33.0312 1012 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
16:53:33.0328 1012 Disk - ok
16:53:33.0328 1012 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
16:53:33.0344 1012 Dnscache - ok
16:53:33.0375 1012 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
16:53:33.0406 1012 dot3svc - ok
16:53:33.0422 1012 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
16:53:33.0468 1012 DPS - ok
16:53:33.0515 1012 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:53:33.0546 1012 drmkaud - ok
16:53:33.0578 1012 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
16:53:33.0593 1012 dtsoftbus01 - ok
16:53:33.0624 1012 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:53:33.0640 1012 DXGKrnl - ok
16:53:33.0656 1012 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
16:53:33.0702 1012 EapHost - ok
16:53:33.0749 1012 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
16:53:33.0843 1012 ebdrv - ok
16:53:33.0874 1012 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
16:53:33.0905 1012 EFS - ok
16:53:33.0983 1012 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
16:53:34.0014 1012 ehRecvr - ok
16:53:34.0030 1012 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
16:53:34.0046 1012 ehSched - ok
16:53:34.0092 1012 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
16:53:34.0108 1012 elxstor - ok
16:53:34.0108 1012 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
16:53:34.0139 1012 ErrDev - ok
16:53:34.0186 1012 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
16:53:34.0233 1012 EventSystem - ok
16:53:34.0248 1012 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
16:53:34.0264 1012 exfat - ok
16:53:34.0280 1012 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
16:53:34.0326 1012 fastfat - ok
16:53:34.0358 1012 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
16:53:34.0389 1012 Fax - ok
16:53:34.0436 1012 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
16:53:34.0436 1012 fbfmon - ok
16:53:34.0451 1012 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
16:53:34.0467 1012 fdc - ok
16:53:34.0498 1012 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
16:53:34.0514 1012 fdPHost - ok
16:53:34.0545 1012 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
16:53:34.0576 1012 FDResPub - ok
16:53:34.0623 1012 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:53:34.0638 1012 FileInfo - ok
16:53:34.0638 1012 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:53:34.0685 1012 Filetrace - ok
16:53:34.0716 1012 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
16:53:34.0732 1012 flpydisk - ok
16:53:34.0748 1012 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:53:34.0763 1012 FltMgr - ok
16:53:34.0794 1012 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
16:53:34.0826 1012 FontCache - ok
16:53:34.0872 1012 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:53:34.0888 1012 FontCache3.0.0.0 - ok
16:53:34.0904 1012 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:53:34.0919 1012 FsDepends - ok
16:53:34.0950 1012 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:53:34.0966 1012 Fs_Rec - ok
16:53:35.0013 1012 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:53:35.0028 1012 fvevol - ok
16:53:35.0060 1012 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
16:53:35.0060 1012 gagp30kx - ok
16:53:35.0106 1012 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
16:53:35.0138 1012 gpsvc - ok
16:53:35.0247 1012 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:53:35.0262 1012 gupdate - ok
16:53:35.0262 1012 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:53:35.0278 1012 gupdatem - ok
16:53:35.0325 1012 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:53:35.0340 1012 gusvc - ok
16:53:35.0372 1012 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:53:35.0387 1012 hcw85cir - ok
16:53:35.0403 1012 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:53:35.0450 1012 HdAudAddService - ok
16:53:35.0481 1012 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
16:53:35.0512 1012 HDAudBus - ok
16:53:35.0512 1012 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
16:53:35.0543 1012 HidBatt - ok
16:53:35.0543 1012 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
16:53:35.0559 1012 HidBth - ok
16:53:35.0590 1012 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
16:53:35.0606 1012 HidIr - ok
16:53:35.0637 1012 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
16:53:35.0668 1012 hidserv - ok
16:53:35.0684 1012 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
16:53:35.0684 1012 HidUsb - ok
16:53:35.0730 1012 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
16:53:35.0777 1012 hkmsvc - ok
16:53:35.0793 1012 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:53:35.0824 1012 HomeGroupListener - ok
16:53:35.0855 1012 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:53:35.0886 1012 HomeGroupProvider - ok
16:53:35.0918 1012 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
16:53:35.0933 1012 HpSAMD - ok
16:53:35.0980 1012 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
16:53:36.0027 1012 HTTP - ok
16:53:36.0042 1012 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:53:36.0042 1012 hwpolicy - ok
16:53:36.0074 1012 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
16:53:36.0074 1012 i8042prt - ok
16:53:36.0105 1012 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
16:53:36.0120 1012 iaStor - ok
16:53:36.0152 1012 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:53:36.0167 1012 iaStorV - ok
16:53:36.0230 1012 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:53:36.0245 1012 idsvc - ok
16:53:36.0432 1012 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
16:53:36.0698 1012 igfx - ok
16:53:36.0713 1012 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
16:53:36.0713 1012 iirsp - ok
16:53:36.0744 1012 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
16:53:36.0791 1012 IKEEXT - ok
16:53:36.0900 1012 [ A9853214CC97796579D75B1F59C51DCD ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
16:53:36.0932 1012 IntcAzAudAddService - ok
16:53:36.0978 1012 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
16:53:36.0994 1012 IntcDAud - ok
16:53:37.0010 1012 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
16:53:37.0010 1012 intelide - ok
16:53:37.0041 1012 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
16:53:37.0072 1012 intelppm - ok
16:53:37.0119 1012 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:53:37.0150 1012 IPBusEnum - ok
16:53:37.0166 1012 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:53:37.0181 1012 IpFilterDriver - ok
16:53:37.0212 1012 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
16:53:37.0275 1012 iphlpsvc - ok
16:53:37.0275 1012 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
16:53:37.0306 1012 IPMIDRV - ok
16:53:37.0306 1012 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:53:37.0337 1012 IPNAT - ok
16:53:37.0368 1012 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
16:53:37.0400 1012 IRENUM - ok
16:53:37.0400 1012 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
16:53:37.0400 1012 isapnp - ok
16:53:37.0415 1012 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
16:53:37.0431 1012 iScsiPrt - ok
16:53:37.0462 1012 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
16:53:37.0478 1012 kbdclass - ok
16:53:37.0493 1012 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
16:53:37.0509 1012 kbdhid - ok
16:53:37.0524 1012 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
16:53:37.0540 1012 KeyIso - ok
16:53:37.0571 1012 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:53:37.0587 1012 KSecDD - ok
16:53:37.0587 1012 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:53:37.0602 1012 KSecPkg - ok
16:53:37.0618 1012 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
16:53:37.0665 1012 ksthunk - ok
16:53:37.0680 1012 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
16:53:37.0712 1012 KtmRm - ok
16:53:37.0758 1012 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
16:53:37.0805 1012 LanmanServer - ok
16:53:37.0836 1012 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:53:37.0883 1012 LanmanWorkstation - ok
16:53:37.0930 1012 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
16:53:37.0930 1012 LHDmgr - ok
16:53:37.0961 1012 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:53:37.0992 1012 lltdio - ok
16:53:38.0024 1012 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
16:53:38.0070 1012 lltdsvc - ok
16:53:38.0102 1012 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
16:53:38.0148 1012 lmhosts - ok
16:53:38.0211 1012 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:53:38.0226 1012 LMS - ok
16:53:38.0258 1012 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
16:53:38.0258 1012 LSI_FC - ok
16:53:38.0273 1012 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
16:53:38.0273 1012 LSI_SAS - ok
16:53:38.0289 1012 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
16:53:38.0289 1012 LSI_SAS2 - ok
16:53:38.0289 1012 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
16:53:38.0304 1012 LSI_SCSI - ok
16:53:38.0320 1012 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
16:53:38.0351 1012 luafv - ok
16:53:38.0429 1012 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
16:53:38.0429 1012 MBAMProtector - ok
16:53:38.0492 1012 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:53:38.0507 1012 MBAMService - ok
16:53:38.0538 1012 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
16:53:38.0554 1012 Mcx2Svc - ok
16:53:38.0585 1012 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
16:53:38.0601 1012 megasas - ok
16:53:38.0616 1012 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
16:53:38.0632 1012 MegaSR - ok
16:53:38.0648 1012 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
16:53:38.0648 1012 MEIx64 - ok
16:53:38.0741 1012 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:53:38.0757 1012 Microsoft Office Groove Audit Service - ok
16:53:38.0788 1012 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
16:53:38.0835 1012 MMCSS - ok
16:53:38.0850 1012 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
16:53:38.0882 1012 Modem - ok
16:53:38.0897 1012 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:53:38.0928 1012 monitor - ok
16:53:38.0944 1012 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
16:53:38.0960 1012 mouclass - ok
16:53:38.0975 1012 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
16:53:38.0991 1012 mouhid - ok
16:53:39.0006 1012 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:53:39.0022 1012 mountmgr - ok
16:53:39.0022 1012 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
16:53:39.0038 1012 mpio - ok
16:53:39.0038 1012 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:53:39.0069 1012 mpsdrv - ok
16:53:39.0116 1012 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
16:53:39.0162 1012 MpsSvc - ok
16:53:39.0194 1012 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:53:39.0225 1012 MRxDAV - ok
16:53:39.0240 1012 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:53:39.0272 1012 mrxsmb - ok
16:53:39.0303 1012 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:53:39.0318 1012 mrxsmb10 - ok
16:53:39.0334 1012 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:53:39.0350 1012 mrxsmb20 - ok
16:53:39.0365 1012 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
16:53:39.0381 1012 msahci - ok
16:53:39.0381 1012 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
16:53:39.0396 1012 msdsm - ok
16:53:39.0428 1012 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
16:53:39.0459 1012 MSDTC - ok
16:53:39.0474 1012 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
16:53:39.0506 1012 Msfs - ok
16:53:39.0537 1012 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:53:39.0584 1012 mshidkmdf - ok
16:53:39.0599 1012 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
16:53:39.0599 1012 msisadrv - ok
16:53:39.0646 1012 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:53:39.0677 1012 MSiSCSI - ok
16:53:39.0693 1012 msiserver - ok
16:53:39.0693 1012 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:53:39.0724 1012 MSKSSRV - ok
16:53:39.0740 1012 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:53:39.0786 1012 MSPCLOCK - ok
16:53:39.0786 1012 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:53:39.0818 1012 MSPQM - ok
16:53:39.0833 1012 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:53:39.0849 1012 MsRPC - ok
16:53:39.0864 1012 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
16:53:39.0864 1012 mssmbios - ok
16:53:39.0896 1012 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:53:39.0927 1012 MSTEE - ok
16:53:39.0927 1012 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
16:53:39.0942 1012 MTConfig - ok
16:53:39.0958 1012 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
16:53:39.0974 1012 Mup - ok
16:53:40.0005 1012 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
16:53:40.0052 1012 napagent - ok
16:53:40.0098 1012 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:53:40.0130 1012 NativeWifiP - ok
16:53:40.0176 1012 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
16:53:40.0192 1012 NDIS - ok
16:53:40.0208 1012 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:53:40.0239 1012 NdisCap - ok
16:53:40.0254 1012 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:53:40.0286 1012 NdisTapi - ok
16:53:40.0317 1012 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:53:40.0332 1012 Ndisuio - ok
16:53:40.0348 1012 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:53:40.0395 1012 NdisWan - ok
16:53:40.0410 1012 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:53:40.0457 1012 NDProxy - ok
16:53:40.0473 1012 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:53:40.0520 1012 NetBIOS - ok
16:53:40.0551 1012 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:53:40.0582 1012 NetBT - ok
16:53:40.0598 1012 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
16:53:40.0613 1012 Netlogon - ok
16:53:40.0644 1012 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
16:53:40.0691 1012 Netman - ok
16:53:40.0722 1012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:40.0738 1012 NetMsmqActivator - ok
16:53:40.0738 1012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:40.0754 1012 NetPipeActivator - ok
16:53:40.0769 1012 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
16:53:40.0816 1012 netprofm - ok
16:53:40.0816 1012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:40.0832 1012 NetTcpActivator - ok
16:53:40.0832 1012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:40.0832 1012 NetTcpPortSharing - ok
16:53:40.0878 1012 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
16:53:40.0894 1012 nfrd960 - ok
16:53:40.0910 1012 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
16:53:40.0956 1012 NlaSvc - ok
16:53:40.0988 1012 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
16:53:41.0019 1012 Npfs - ok
16:53:41.0019 1012 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
16:53:41.0066 1012 nsi - ok
16:53:41.0081 1012 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:53:41.0097 1012 nsiproxy - ok
16:53:41.0144 1012 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:53:41.0190 1012 Ntfs - ok
16:53:41.0206 1012 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
16:53:41.0253 1012 Null - ok
16:53:41.0456 1012 [ 7328528DAF9B8A486E16595A35043DB0 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
16:53:41.0596 1012 nvlddmkm - ok
16:53:41.0643 1012 [ 8AE5A124F3B65C3EC531D251A3E9C87F ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
16:53:41.0643 1012 nvpciflt - ok
16:53:41.0658 1012 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
16:53:41.0674 1012 nvraid - ok
16:53:41.0674 1012 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
16:53:41.0690 1012 nvstor - ok
16:53:41.0736 1012 [ CEA3416907C17BB6623D9CB1E015B3C4 ] NVSvc C:\windows\system32\nvvsvc.exe
16:53:41.0768 1012 NVSvc - ok
16:53:41.0846 1012 [ 741688E5A65CC43567BCC329AE130075 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:53:41.0877 1012 nvUpdatusService - ok
16:53:41.0892 1012 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
16:53:41.0892 1012 nv_agp - ok
16:53:41.0986 1012 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:53:41.0986 1012 odserv - ok
16:53:42.0002 1012 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
16:53:42.0017 1012 ohci1394 - ok
16:53:42.0080 1012 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:53:42.0095 1012 ose - ok
16:53:42.0220 1012 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:53:42.0345 1012 osppsvc - ok
16:53:42.0376 1012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:53:42.0407 1012 p2pimsvc - ok
16:53:42.0438 1012 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
16:53:42.0454 1012 p2psvc - ok
16:53:42.0485 1012 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
16:53:42.0501 1012 Parport - ok
16:53:42.0516 1012 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
16:53:42.0532 1012 partmgr - ok
16:53:42.0548 1012 Partner Service - ok
16:53:42.0563 1012 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
16:53:42.0610 1012 PcaSvc - ok
16:53:42.0626 1012 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
16:53:42.0641 1012 pci - ok
16:53:42.0641 1012 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
16:53:42.0657 1012 pciide - ok
16:53:42.0657 1012 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
16:53:42.0672 1012 pcmcia - ok
16:53:42.0672 1012 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
16:53:42.0688 1012 pcw - ok
16:53:42.0704 1012 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:53:42.0750 1012 PEAUTH - ok
16:53:42.0844 1012 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
16:53:42.0875 1012 PerfHost - ok
16:53:42.0922 1012 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
16:53:43.0000 1012 pla - ok
16:53:43.0031 1012 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:53:43.0062 1012 PlugPlay - ok
16:53:43.0078 1012 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:53:43.0109 1012 PNRPAutoReg - ok
16:53:43.0125 1012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:53:43.0140 1012 PNRPsvc - ok
16:53:43.0172 1012 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:53:43.0218 1012 PolicyAgent - ok
16:53:43.0250 1012 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
16:53:43.0281 1012 Power - ok
16:53:43.0312 1012 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:53:43.0374 1012 PptpMiniport - ok
16:53:43.0374 1012 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
16:53:43.0390 1012 Processor - ok
16:53:43.0421 1012 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
16:53:43.0437 1012 ProfSvc - ok
16:53:43.0452 1012 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:53:43.0468 1012 ProtectedStorage - ok
16:53:43.0484 1012 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:53:43.0530 1012 Psched - ok
16:53:43.0562 1012 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
16:53:43.0624 1012 ql2300 - ok
16:53:43.0640 1012 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
16:53:43.0640 1012 ql40xx - ok
16:53:43.0671 1012 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
16:53:43.0686 1012 QWAVE - ok
16:53:43.0702 1012 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:53:43.0718 1012 QWAVEdrv - ok
16:53:43.0718 1012 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:53:43.0749 1012 RasAcd - ok
16:53:43.0780 1012 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:53:43.0811 1012 RasAgileVpn - ok
16:53:43.0827 1012 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
16:53:43.0874 1012 RasAuto - ok
16:53:43.0889 1012 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:53:43.0920 1012 Rasl2tp - ok
16:53:43.0952 1012 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
16:53:43.0983 1012 RasMan - ok
16:53:43.0998 1012 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:53:44.0030 1012 RasPppoe - ok
16:53:44.0045 1012 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:53:44.0092 1012 RasSstp - ok
16:53:44.0108 1012 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:53:44.0139 1012 rdbss - ok
16:53:44.0139 1012 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
16:53:44.0154 1012 rdpbus - ok
16:53:44.0186 1012 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:53:44.0201 1012 RDPCDD - ok
16:53:44.0232 1012 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:53:44.0264 1012 RDPENCDD - ok
16:53:44.0279 1012 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:53:44.0310 1012 RDPREFMP - ok
16:53:44.0326 1012 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:53:44.0357 1012 RDPWD - ok
16:53:44.0373 1012 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:53:44.0388 1012 rdyboost - ok
16:53:44.0420 1012 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
16:53:44.0451 1012 RemoteAccess - ok
16:53:44.0482 1012 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:53:44.0513 1012 RemoteRegistry - ok
16:53:44.0529 1012 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
16:53:44.0560 1012 RFCOMM - ok
16:53:44.0591 1012 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:53:44.0638 1012 RpcEptMapper - ok
16:53:44.0654 1012 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
16:53:44.0685 1012 RpcLocator - ok
16:53:44.0700 1012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
16:53:44.0732 1012 RpcSs - ok
16:53:44.0763 1012 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:53:44.0810 1012 rspndr - ok
16:53:44.0841 1012 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
16:53:44.0856 1012 RSUSBVSTOR - ok
16:53:44.0888 1012 [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
16:53:44.0903 1012 RTL8167 - ok
16:53:44.0934 1012 [ A11AB0AF5C7C2724D493F837C51F1575 ] RtLedService C:\Program Files\Realtek\RtLED\RtLEDService.exe
16:53:44.0966 1012 RtLedService ( UnsignedFile.Multi.Generic ) - warning
16:53:44.0966 1012 RtLedService - detected UnsignedFile.Multi.Generic (1)
16:53:45.0106 1012 [ 8AC69F3C7A8A8BD94EA26A08AE5D1839 ] rtsuvc C:\windows\system32\DRIVERS\rtsuvc.sys
16:53:45.0200 1012 rtsuvc - ok
16:53:45.0215 1012 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
16:53:45.0215 1012 SamSs - ok
16:53:45.0231 1012 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
16:53:45.0246 1012 sbp2port - ok
16:53:45.0262 1012 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
16:53:45.0309 1012 SCardSvr - ok
16:53:45.0340 1012 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:53:45.0371 1012 scfilter - ok
16:53:45.0402 1012 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
16:53:45.0449 1012 Schedule - ok
16:53:45.0480 1012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
16:53:45.0512 1012 SCPolicySvc - ok
16:53:45.0527 1012 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:53:45.0558 1012 SDRSVC - ok
16:53:45.0605 1012 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
16:53:45.0652 1012 secdrv - ok
16:53:45.0668 1012 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
16:53:45.0699 1012 seclogon - ok
16:53:45.0714 1012 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
16:53:45.0746 1012 SENS - ok
16:53:45.0761 1012 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
16:53:45.0792 1012 SensrSvc - ok
16:53:45.0808 1012 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
16:53:45.0824 1012 Serenum - ok
16:53:45.0839 1012 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
16:53:45.0855 1012 Serial - ok
16:53:45.0886 1012 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
16:53:45.0902 1012 sermouse - ok
16:53:45.0933 1012 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
16:53:45.0964 1012 SessionEnv - ok
16:53:45.0980 1012 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
16:53:45.0980 1012 sffdisk - ok
16:53:45.0995 1012 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
16:53:46.0011 1012 sffp_mmc - ok
16:53:46.0011 1012 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
16:53:46.0042 1012 sffp_sd - ok
16:53:46.0042 1012 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
16:53:46.0058 1012 sfloppy - ok
16:53:46.0089 1012 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
16:53:46.0104 1012 Sftfs - ok
16:53:46.0151 1012 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:53:46.0167 1012 sftlist - ok
16:53:46.0198 1012 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
16:53:46.0198 1012 Sftplay - ok
16:53:46.0214 1012 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
16:53:46.0214 1012 Sftredir - ok
16:53:46.0229 1012 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
16:53:46.0245 1012 Sftvol - ok
16:53:46.0260 1012 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:53:46.0260 1012 sftvsa - ok
16:53:46.0292 1012 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
16:53:46.0323 1012 SharedAccess - ok
16:53:46.0354 1012 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:53:46.0401 1012 ShellHWDetection - ok
16:53:46.0448 1012 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
16:53:46.0463 1012 SiSRaid2 - ok
16:53:46.0463 1012 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
16:53:46.0479 1012 SiSRaid4 - ok
16:53:46.0526 1012 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:53:46.0541 1012 SkypeUpdate - ok
16:53:46.0557 1012 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
16:53:46.0604 1012 Smb - ok
16:53:46.0635 1012 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:53:46.0666 1012 SNMPTRAP - ok
16:53:46.0682 1012 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
16:53:46.0697 1012 spldr - ok
16:53:46.0728 1012 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
16:53:46.0744 1012 Spooler - ok
16:53:46.0806 1012 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
16:53:46.0916 1012 sppsvc - ok
16:53:46.0931 1012 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:53:46.0962 1012 sppuinotify - ok
16:53:46.0994 1012 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
16:53:47.0025 1012 srv - ok
16:53:47.0056 1012 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:53:47.0072 1012 srv2 - ok
16:53:47.0087 1012 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:53:47.0103 1012 srvnet - ok
16:53:47.0150 1012 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:53:47.0181 1012 SSDPSRV - ok
16:53:47.0196 1012 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
16:53:47.0228 1012 SstpSvc - ok
16:53:47.0259 1012 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
16:53:47.0259 1012 stexstor - ok
16:53:47.0290 1012 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
16:53:47.0337 1012 stisvc - ok
16:53:47.0352 1012 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
16:53:47.0368 1012 swenum - ok
16:53:47.0384 1012 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
16:53:47.0430 1012 swprv - ok
16:53:47.0477 1012 [ 08425CD92972C6430F350A9697F4A553 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
16:53:47.0508 1012 SynTP - ok
16:53:47.0555 1012 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
16:53:47.0602 1012 SysMain - ok
16:53:47.0633 1012 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:53:47.0649 1012 TabletInputService - ok
16:53:47.0664 1012 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
16:53:47.0711 1012 TapiSrv - ok
16:53:47.0727 1012 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
16:53:47.0758 1012 TBS - ok
16:53:47.0820 1012 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:53:47.0867 1012 Tcpip - ok
16:53:47.0898 1012 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:53:47.0930 1012 TCPIP6 - ok
16:53:47.0961 1012 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:53:48.0008 1012 tcpipreg - ok
16:53:48.0008 1012 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:53:48.0023 1012 TDPIPE - ok
16:53:48.0054 1012 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:53:48.0070 1012 TDTCP - ok
16:53:48.0086 1012 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:53:48.0132 1012 tdx - ok
16:53:48.0148 1012 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
16:53:48.0148 1012 TermDD - ok
16:53:48.0195 1012 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
16:53:48.0242 1012 TermService - ok
16:53:48.0257 1012 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
16:53:48.0288 1012 Themes - ok
16:53:48.0304 1012 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
16:53:48.0335 1012 THREADORDER - ok
16:53:48.0351 1012 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
16:53:48.0382 1012 TrkWks - ok
16:53:48.0429 1012 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:53:48.0460 1012 TrustedInstaller - ok
16:53:48.0476 1012 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:53:48.0522 1012 tssecsrv - ok
16:53:48.0569 1012 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
16:53:48.0585 1012 TsUsbFlt - ok
16:53:48.0600 1012 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
16:53:48.0600 1012 TsUsbGD - ok
16:53:48.0647 1012 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:53:48.0678 1012 tunnel - ok
16:53:48.0678 1012 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
16:53:48.0694 1012 uagp35 - ok
16:53:48.0694 1012 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:53:48.0741 1012 udfs - ok
16:53:48.0756 1012 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:53:48.0772 1012 UI0Detect - ok
16:53:48.0788 1012 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
16:53:48.0803 1012 uliagpkx - ok
16:53:48.0834 1012 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
16:53:48.0850 1012 umbus - ok
16:53:48.0866 1012 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
16:53:48.0897 1012 UmPass - ok
16:53:48.0990 1012 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:53:49.0022 1012 UNS - ok
16:53:49.0053 1012 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
16:53:49.0100 1012 upnphost - ok
16:53:49.0115 1012 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:53:49.0146 1012 usbccgp - ok
16:53:49.0178 1012 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
16:53:49.0193 1012 usbcir - ok
16:53:49.0209 1012 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
16:53:49.0225 1012 usbehci - ok
16:53:49.0256 1012 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:53:49.0303 1012 usbhub - ok
16:53:49.0303 1012 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
16:53:49.0334 1012 usbohci - ok
16:53:49.0349 1012 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
16:53:49.0365 1012 usbprint - ok
16:53:49.0381 1012 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
16:53:49.0412 1012 USBSTOR - ok
16:53:49.0412 1012 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
16:53:49.0443 1012 usbuhci - ok
16:53:49.0474 1012 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
16:53:49.0490 1012 usbvideo - ok
16:53:49.0521 1012 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
16:53:49.0568 1012 UxSms - ok
16:53:49.0583 1012 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
16:53:49.0599 1012 VaultSvc - ok
16:53:49.0630 1012 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
16:53:49.0646 1012 vdrvroot - ok
16:53:49.0661 1012 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
16:53:49.0739 1012 vds - ok
16:53:49.0755 1012 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:53:49.0771 1012 vga - ok
16:53:49.0786 1012 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
16:53:49.0817 1012 VgaSave - ok
16:53:49.0817 1012 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
16:53:49.0833 1012 vhdmp - ok
16:53:49.0833 1012 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
16:53:49.0849 1012 viaide - ok
16:53:49.0849 1012 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
16:53:49.0864 1012 volmgr - ok
16:53:49.0880 1012 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:53:49.0895 1012 volmgrx - ok
16:53:49.0911 1012 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
16:53:49.0927 1012 volsnap - ok
16:53:49.0958 1012 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
16:53:49.0958 1012 vsmraid - ok
16:53:50.0005 1012 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
16:53:50.0067 1012 VSS - ok
16:53:50.0083 1012 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:53:50.0114 1012 vwifibus - ok
16:53:50.0145 1012 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:53:50.0161 1012 vwififlt - ok
16:53:50.0176 1012 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
16:53:50.0207 1012 W32Time - ok
16:53:50.0239 1012 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
16:53:50.0270 1012 WacomPen - ok
16:53:50.0301 1012 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:53:50.0332 1012 WANARP - ok
16:53:50.0332 1012 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:53:50.0348 1012 Wanarpv6 - ok
16:53:50.0379 1012 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
16:53:50.0441 1012 wbengine - ok
16:53:50.0457 1012 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
16:53:50.0488 1012 WbioSrvc - ok
16:53:50.0504 1012 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
16:53:50.0535 1012 wcncsvc - ok
16:53:50.0551 1012 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:53:50.0582 1012 WcsPlugInService - ok
16:53:50.0613 1012 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
16:53:50.0629 1012 Wd - ok
16:53:50.0644 1012 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
16:53:50.0660 1012 Wdf01000 - ok
16:53:50.0675 1012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
16:53:50.0722 1012 WdiServiceHost - ok
16:53:50.0722 1012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
16:53:50.0738 1012 WdiSystemHost - ok
16:53:50.0753 1012 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
16:53:50.0785 1012 WebClient - ok
16:53:50.0800 1012 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
16:53:50.0847 1012 Wecsvc - ok
16:53:50.0863 1012 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
16:53:50.0894 1012 wercplsupport - ok
16:53:50.0894 1012 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
16:53:50.0925 1012 WerSvc - ok
16:53:50.0972 1012 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
16:53:51.0003 1012 WfpLwf - ok
16:53:51.0019 1012 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
16:53:51.0019 1012 WIMMount - ok
16:53:51.0050 1012 WinDefend - ok
16:53:51.0065 1012 WinHttpAutoProxySvc - ok
16:53:51.0112 1012 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
16:53:51.0143 1012 Winmgmt - ok
16:53:51.0206 1012 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
16:53:51.0284 1012 WinRM - ok
16:53:51.0315 1012 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
16:53:51.0362 1012 Wlansvc - ok
16:53:51.0455 1012 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:53:51.0487 1012 wlidsvc - ok
16:53:51.0533 1012 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
16:53:51.0549 1012 WmiAcpi - ok
16:53:51.0580 1012 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
16:53:51.0611 1012 wmiApSrv - ok
16:53:51.0643 1012 WMPNetworkSvc - ok
16:53:51.0658 1012 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
16:53:51.0674 1012 WPCSvc - ok
16:53:51.0689 1012 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
16:53:51.0705 1012 WPDBusEnum - ok
16:53:51.0721 1012 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
16:53:51.0752 1012 ws2ifsl - ok
16:53:51.0767 1012 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
16:53:51.0783 1012 wscsvc - ok
16:53:51.0799 1012 WSearch - ok
16:53:51.0814 1012 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
16:53:51.0830 1012 wsvd - ok
16:53:51.0892 1012 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
16:53:51.0955 1012 wuauserv - ok
16:53:51.0970 1012 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
16:53:52.0017 1012 WudfPf - ok
16:53:52.0048 1012 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
16:53:52.0079 1012 WUDFRd - ok
16:53:52.0111 1012 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
16:53:52.0142 1012 wudfsvc - ok
16:53:52.0157 1012 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
16:53:52.0189 1012 WwanSvc - ok
16:53:52.0204 1012 ================ Scan global ===============================
16:53:52.0220 1012 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
16:53:52.0251 1012 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
16:53:52.0251 1012 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
16:53:52.0282 1012 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
16:53:52.0313 1012 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
16:53:52.0329 1012 [Global] - ok
16:53:52.0329 1012 ================ Scan MBR ==================================
16:53:52.0329 1012 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:53:52.0781 1012 \Device\Harddisk0\DR0 - ok
16:53:52.0781 1012 ================ Scan VBR ==================================
16:53:52.0781 1012 [ B49517320A08B7BA7A1FB38CB3C7746C ] \Device\Harddisk0\DR0\Partition1
16:53:52.0781 1012 \Device\Harddisk0\DR0\Partition1 - ok
16:53:52.0813 1012 [ 69955D67C6BE00237E0FCFB9C00E84D0 ] \Device\Harddisk0\DR0\Partition2
16:53:52.0813 1012 \Device\Harddisk0\DR0\Partition2 - ok
16:53:52.0844 1012 [ E731CBC39ACBF2A01E5F3543D8AC1B9F ] \Device\Harddisk0\DR0\Partition3
16:53:52.0844 1012 \Device\Harddisk0\DR0\Partition3 - ok
16:53:52.0844 1012 ============================================================
16:53:52.0844 1012 Scan finished
16:53:52.0844 1012 ============================================================
16:53:52.0859 4592 Detected object count: 1
16:53:52.0859 4592 Actual detected object count: 1
16:54:03.0140 4592 RtLedService ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:03.0140 4592 RtLedService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
28.09.2012, 16:01
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 16:06
| #21 |
| | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Wow! Das geht ja Super-Schnell! Ich setz mich gleich dran! Gruß! Combofix Logfile: Code:
ATTFilter ComboFix 12-09-27.03 - Manu 28.09.2012 17:10:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8106.6388 [GMT 2:00]
ausgeführt von:: c:\users\Manu\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\s.bat
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-28 bis 2012-09-28 ))))))))))))))))))))))))))))))
.
.
2012-09-28 15:13 . 2012-09-28 15:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-28 15:13 . 2012-09-28 15:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-27 15:51 . 2012-09-27 15:51 -------- d-----w- C:\_OTL
2012-09-26 04:19 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 04:19 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F5E1F41-5A9B-4AD8-862B-951EA29FEF5C}\mpengine.dll
2012-09-23 18:08 . 2012-09-23 18:08 -------- d-----w- c:\program files (x86)\ESET
2012-09-23 08:34 . 2012-09-23 08:34 -------- d-----w- c:\program files (x86)\7-Zip
2012-09-23 07:31 . 2012-08-24 10:17 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-16 21:01 . 2012-09-16 21:01 -------- d-----w- c:\users\Manu\AppData\Roaming\cbuenger
2012-09-16 21:01 . 2004-08-28 12:03 739472 ----a-w- c:\windows\SysWow64\sg20O.ocx
2012-09-16 21:01 . 2004-08-24 21:55 53248 ----a-w- c:\windows\SysWow64\cbvCalendar.dll
2012-09-16 21:01 . 2004-06-18 21:09 40960 ----a-w- c:\windows\SysWow64\CBDTPicker.dll
2012-09-16 21:01 . 2004-03-26 09:36 122880 ----a-w- c:\windows\SysWow64\cbNet.dll
2012-09-16 21:01 . 2003-05-14 20:07 389120 ----a-w- c:\windows\SysWow64\actskn43.ocx
2012-09-16 21:01 . 2003-01-26 12:41 40960 ----a-w- c:\windows\SysWow64\SSubTmr6.dll
2012-09-16 21:01 . 2002-02-17 11:17 65536 ----a-w- c:\windows\SysWow64\CBXML.dll
2012-09-16 21:01 . 2002-02-08 00:01 208896 ----a-w- c:\windows\SysWow64\cbPrinter.dll
2012-09-16 21:01 . 2002-01-10 23:09 57344 ----a-w- c:\windows\SysWow64\cbSysHTrck.dll
2012-09-16 21:01 . 2000-05-21 23:00 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
2012-09-16 21:01 . 2000-05-21 23:00 140488 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
2012-09-16 21:01 . 2012-09-16 21:01 -------- d-----w- c:\program files (x86)\Wecker6
2012-09-13 20:40 . 2012-09-13 20:40 -------- d-----w- c:\program files (x86)\Microsoft
2012-09-12 16:54 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 16:54 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:54 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:54 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 16:54 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 16:54 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:54 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-10 15:07 . 2012-09-10 15:07 -------- d-----w- c:\users\Manu\.dvdcss
2012-09-10 15:06 . 2012-09-10 15:06 -------- d-----w- c:\users\Manu\AppData\Local\MPlayer
2012-09-10 15:05 . 2012-09-10 15:06 -------- d-----w- c:\programdata\PMS
2012-09-10 15:05 . 2012-09-10 15:06 -------- d-----w- c:\program files (x86)\PS3 Media Server
2012-09-03 17:43 . 2012-09-03 17:43 -------- d-----w- c:\users\Manu\AppData\Local\Diagnostics
2012-08-29 21:18 . 2012-08-29 21:18 -------- d-----w- c:\users\Manu\AppData\Roaming\Malwarebytes
2012-08-29 21:18 . 2012-08-29 21:18 -------- d-----w- c:\programdata\Malwarebytes
2012-08-29 21:18 . 2012-08-29 21:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-29 21:18 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 20:27 . 2012-09-23 12:05 -------- d-----w- c:\users\Manu\AppData\Roaming\vlc
2012-08-29 20:26 . 2012-08-29 20:26 -------- d-----w- c:\program files\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 18:53 . 2012-08-14 17:42 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 18:53 . 2012-08-14 17:42 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-13 05:30 . 2012-08-16 11:30 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-21 09:13 . 2012-08-14 17:26 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-08-14 17:26 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-08-14 17:26 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-08-14 17:26 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-08-14 17:26 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-08-14 17:27 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-08-14 17:26 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-08-14 17:26 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-08-14 17:26 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-19 10:53 . 2012-08-19 10:53 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-18 00:47 . 2012-08-18 00:47 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-17 12:42 . 2012-08-17 12:42 380928 ----a-w- c:\windows\SysWow64\lame_enc.dll
2012-08-15 18:50 . 2012-08-15 18:50 268784 ----a-w- c:\windows\system32\javaws.exe
2012-08-15 18:50 . 2012-08-15 18:50 189424 ----a-w- c:\windows\system32\javaw.exe
2012-08-15 18:50 . 2012-08-15 18:50 188912 ----a-w- c:\windows\system32\java.exe
2012-08-15 18:50 . 2012-08-14 17:38 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-15 18:50 . 2012-08-14 17:38 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 18:48 . 2012-08-15 18:48 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-15 18:48 . 2012-08-15 18:48 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-18 18:15 . 2012-08-15 17:29 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-16 04:49 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 17:32 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 17:32 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 17:32 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 17:32 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-27 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-11-27 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wecker für Windows 6.lnk - c:\program files (x86)\Wecker6\Wecker.exe [2012-9-16 1622066]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
SRS Premium Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe [2010-12-17 1927528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-11-27 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-11-27 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-06 25960]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-11-27 13408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-19 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-06 2009704]
S2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe [2010-09-30 311296]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-11-27 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [2010-12-15 8200552]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 91542502
*Deregistered* - 91542502
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 18:53]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 04:38]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 04:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-11-27 04:27 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-11-27 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-11-27 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-11-27 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-11-27 5908928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E} - c:\program files (x86)\Wecker6\WfWIEButton.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-28 17:15:38
ComboFix-quarantined-files.txt 2012-09-28 15:15
.
Vor Suchlauf: 9 Verzeichnis(se), 612.573.425.664 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 612.187.463.680 Bytes frei
.
- - End Of File - - A84FCC54E42C4BE5B0CAEF88D1B9B794
|
|
28.09.2012, 18:38
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dirlook::
c:\users\Manu\AppData\Roaming\cbuenger
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 20:07
| #23 |
| | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Combofix Logfile: Code:
ATTFilter ComboFix 12-09-27.03 - Manu 28.09.2012 21:00:24.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8106.6421 [GMT 2:00]
ausgeführt von:: c:\users\Manu\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Manu\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-28 bis 2012-09-28 ))))))))))))))))))))))))))))))
.
.
2012-09-28 19:03 . 2012-09-28 19:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-28 19:03 . 2012-09-28 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 16:12 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{82711720-9FFE-4654-A3CF-DDCBAF52364E}\mpengine.dll
2012-09-27 15:51 . 2012-09-27 15:51 -------- d-----w- C:\_OTL
2012-09-26 04:19 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 18:08 . 2012-09-23 18:08 -------- d-----w- c:\program files (x86)\ESET
2012-09-23 08:34 . 2012-09-23 08:34 -------- d-----w- c:\program files (x86)\7-Zip
2012-09-23 07:31 . 2012-08-24 10:17 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-16 21:01 . 2012-09-16 21:01 -------- d-----w- c:\users\Manu\AppData\Roaming\cbuenger
2012-09-16 21:01 . 2004-08-28 12:03 739472 ----a-w- c:\windows\SysWow64\sg20O.ocx
2012-09-16 21:01 . 2004-08-24 21:55 53248 ----a-w- c:\windows\SysWow64\cbvCalendar.dll
2012-09-16 21:01 . 2004-06-18 21:09 40960 ----a-w- c:\windows\SysWow64\CBDTPicker.dll
2012-09-16 21:01 . 2004-03-26 09:36 122880 ----a-w- c:\windows\SysWow64\cbNet.dll
2012-09-16 21:01 . 2003-05-14 20:07 389120 ----a-w- c:\windows\SysWow64\actskn43.ocx
2012-09-16 21:01 . 2003-01-26 12:41 40960 ----a-w- c:\windows\SysWow64\SSubTmr6.dll
2012-09-16 21:01 . 2002-02-17 11:17 65536 ----a-w- c:\windows\SysWow64\CBXML.dll
2012-09-16 21:01 . 2002-02-08 00:01 208896 ----a-w- c:\windows\SysWow64\cbPrinter.dll
2012-09-16 21:01 . 2002-01-10 23:09 57344 ----a-w- c:\windows\SysWow64\cbSysHTrck.dll
2012-09-16 21:01 . 2000-05-21 23:00 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
2012-09-16 21:01 . 2000-05-21 23:00 140488 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
2012-09-16 21:01 . 2012-09-16 21:01 -------- d-----w- c:\program files (x86)\Wecker6
2012-09-13 20:40 . 2012-09-13 20:40 -------- d-----w- c:\program files (x86)\Microsoft
2012-09-12 16:54 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 16:54 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:54 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:54 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 16:54 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 16:54 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:54 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-10 15:07 . 2012-09-10 15:07 -------- d-----w- c:\users\Manu\.dvdcss
2012-09-10 15:06 . 2012-09-10 15:06 -------- d-----w- c:\users\Manu\AppData\Local\MPlayer
2012-09-10 15:05 . 2012-09-10 15:06 -------- d-----w- c:\programdata\PMS
2012-09-10 15:05 . 2012-09-10 15:06 -------- d-----w- c:\program files (x86)\PS3 Media Server
2012-09-03 17:43 . 2012-09-03 17:43 -------- d-----w- c:\users\Manu\AppData\Local\Diagnostics
2012-08-29 21:18 . 2012-08-29 21:18 -------- d-----w- c:\users\Manu\AppData\Roaming\Malwarebytes
2012-08-29 21:18 . 2012-08-29 21:18 -------- d-----w- c:\programdata\Malwarebytes
2012-08-29 21:18 . 2012-08-29 21:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-29 21:18 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 20:27 . 2012-09-23 12:05 -------- d-----w- c:\users\Manu\AppData\Roaming\vlc
2012-08-29 20:26 . 2012-08-29 20:26 -------- d-----w- c:\program files\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 18:53 . 2012-08-14 17:42 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 18:53 . 2012-08-14 17:42 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-13 05:30 . 2012-08-16 11:30 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-21 09:13 . 2012-08-14 17:26 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-08-14 17:26 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-08-14 17:26 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-08-14 17:26 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-08-14 17:26 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-08-14 17:27 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-08-14 17:26 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-08-14 17:26 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-08-14 17:26 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-19 10:53 . 2012-08-19 10:53 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-18 00:47 . 2012-08-18 00:47 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-17 12:42 . 2012-08-17 12:42 380928 ----a-w- c:\windows\SysWow64\lame_enc.dll
2012-08-15 18:50 . 2012-08-15 18:50 268784 ----a-w- c:\windows\system32\javaws.exe
2012-08-15 18:50 . 2012-08-15 18:50 189424 ----a-w- c:\windows\system32\javaw.exe
2012-08-15 18:50 . 2012-08-15 18:50 188912 ----a-w- c:\windows\system32\java.exe
2012-08-15 18:50 . 2012-08-14 17:38 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-15 18:50 . 2012-08-14 17:38 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 18:48 . 2012-08-15 18:48 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-15 18:48 . 2012-08-15 18:48 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-18 18:15 . 2012-08-15 17:29 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-16 04:49 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 17:32 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 17:32 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 17:32 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 17:32 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Manu\AppData\Roaming\cbuenger ----
.
2012-09-16 21:01 . 2002-11-18 17:49 370939 ----a-w- c:\users\Manu\AppData\Roaming\cbuenger\Skins\green.skn
2012-09-16 21:01 . 2002-11-19 19:49 252681 ----a-w- c:\users\Manu\AppData\Roaming\cbuenger\Skins\Web-II.skn
2012-09-16 21:01 . 2001-12-11 00:28 223411 ----a-w- c:\users\Manu\AppData\Roaming\cbuenger\Skins\Notes.skn
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-27 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-11-27 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wecker für Windows 6.lnk - c:\program files (x86)\Wecker6\Wecker.exe [2012-9-16 1622066]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
SRS Premium Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe [2010-12-17 1927528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-11-27 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-11-27 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-06 25960]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-11-27 13408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-19 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-06 2009704]
S2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe [2010-09-30 311296]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-11-27 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [2010-12-15 8200552]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 18:53]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 04:38]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 04:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-11-27 04:27 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-11-27 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-11-27 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-11-27 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-11-27 5908928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E} - c:\program files (x86)\Wecker6\WfWIEButton.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-28 21:05:22
ComboFix-quarantined-files.txt 2012-09-28 19:05
ComboFix2.txt 2012-09-28 15:15
.
Vor Suchlauf: 13 Verzeichnis(se), 612.257.792.000 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 612.190.281.728 Bytes frei
.
- - End Of File - - EF117D76DB47354C30358B854252F7CC
|
|
28.09.2012, 20:25
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 21:01
| #25 |
| | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Hier das GMER log: [code] OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 GMER Logfile: |
|
28.09.2012, 21:04
| #26 |
| | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Das hat irgendwie eben nicht geklappt ich schicks per datei angehängter Datei - Wenns okay ist! |
|
28.09.2012, 21:25
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Warum? Passt das nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 21:42
| #28 |
| | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam Ja irgendwie wurd das erst etwas komisch angezeigt - Sry! Ich poste das andere File jetzt nochmal in code-tags: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-28 21:54:13
-----------------------------
21:54:13.561 OS Version: Windows x64 6.1.7601 Service Pack 1
21:54:13.561 Number of processors: 4 586 0x2A07
21:54:13.561 ComputerName: MANU-PC UserName: Manu
21:54:16.946 Initialize success
21:54:17.273 AVAST engine defs: 12092800
21:55:08.947 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:55:08.947 Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 3
21:55:08.978 Disk 0 MBR read successfully
21:55:08.978 Disk 0 MBR scan
21:55:08.994 Disk 0 Windows 7 default MBR code
21:55:08.994 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
21:55:09.010 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 670405 MB offset 411648
21:55:09.010 Disk 0 Partition - 00 0F Extended LBA 29698 MB offset 1373401088
21:55:09.041 Disk 0 Partition 3 00 12 Compaq diag NTFS 15100 MB offset 1434222592
21:55:09.072 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29697 MB offset 1373403136
21:55:09.103 Disk 0 scanning C:\windows\system32\drivers
21:55:14.220 Service scanning
21:55:30.163 Modules scanning
21:55:30.163 Disk 0 trace - called modules:
21:55:30.179 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:55:30.179 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800967d060]
21:55:30.194 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800782b050]
21:55:32.690 AVAST engine scan C:\windows
21:55:36.668 AVAST engine scan C:\windows\system32
21:56:57.976 AVAST engine scan C:\windows\system32\drivers
21:57:06.353 AVAST engine scan C:\Users\Manu
21:58:29.579 AVAST engine scan C:\ProgramData
21:58:49.953 Scan finished successfully
21:59:24.710 Disk 0 MBR has been saved successfully to "C:\Users\Manu\Desktop\MBR.dat"
21:59:24.710 The log file has been saved successfully to "C:\Users\Manu\Desktop\aswMBR.txt"
|
|
28.09.2012, 22:06
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam In manchen Logs wird das CODE-Tag schon erzeugt Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.09.2012, 00:23
| #30 |
| | Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsamCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/29/2012 at 01:05 AM
Application Version : 5.5.1022
Core Rules Database Version : 9313
Trace Rules Database Version: 7125
Scan type : Complete Scan
Total Scan Time : 00:52:14
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 679
Memory threats detected : 0
Registry items scanned : 71848
Registry threats detected : 0
File items scanned : 117054
File threats detected : 95
Adware.Tracking Cookie
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\6BKSK0MR.txt [ /mediaplex.com ]
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\5F74JMTI.txt [ /atdmt.com ]
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\4KEO402U.txt [ /doubleclick.net ]
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\2HYIOCDE.txt [ /apmebf.com ]
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\HQQI0ZD1.txt [ /c.atdmt.com ]
C:\USERS\MANU\AppData\Roaming\Microsoft\Windows\Cookies\Low\GEH2TGI3.txt [ Cookie:manu@atdmt.com/ ]
C:\USERS\MANU\AppData\Roaming\Microsoft\Windows\Cookies\Low\WUCQ8W1H.txt [ Cookie:manu@doubleclick.net/ ]
C:\USERS\MANU\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLF346U1.txt [ Cookie:manu@adviva.net/ ]
C:\USERS\MANU\Cookies\5F74JMTI.txt [ Cookie:manu@atdmt.com/ ]
C:\USERS\MANU\Cookies\4KEO402U.txt [ Cookie:manu@doubleclick.net/ ]
C:\USERS\MANU\Cookies\2HYIOCDE.txt [ Cookie:manu@apmebf.com/ ]
C:\USERS\MANU\Cookies\HQQI0ZD1.txt [ Cookie:manu@c.atdmt.com/ ]
app.unitymedia.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymediakabelbwforum.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymediakabelbwforum.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymediakabelbwforum.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.unitymediakabelbwforum.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymediakabelbwforum.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymediakabelbwforum.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymediakabelbwforum.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymediakabelbwforum.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.mlsat02.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tomtailor.dyntracker.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quartermedia.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quartermedia.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnportal.112.2o7.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.olympiaverlag.122.2o7.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.habbo.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad4.adfarm1.adition.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\MANU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdn1.static.pornhub.phncdn.com [ C:\USERS\MANU\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\P2GAH8DW ]
imagesrv.adition.com [ C:\USERS\MANU\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\P2GAH8DW ]
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.28.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Manu :: MANU-PC [Administrator] 28.09.2012 23:40:52 mbam-log-2012-09-28 (23-40-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 326960 Laufzeit: 24 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam |
| angeblicher, angehängt, artikel, avast, befall, befallen, bereinigt, bereinigung, bundestrojaner, einiger, erfolgreicher, langsam, leihe, liebe, malwarebytes, meinung, nichts, programm, sache, suche, troja, trotz, viren, vollständig, ziemlich |
Linear-Darstellung
