| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malewarebytes findet pup.blabbersWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.10.2012, 10:22
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Malewarebytes findet pup.blabbers Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
:Files
C:\Alte Platte\E_daten\Dokumente\weitere\Ideen\Downloads\driver\SoftonicDownloader30671.exe
C:\Users\Jan\AppData\Roaming\BrowserCompanion\tbhcn.exe
C:\Users\Jan\Downloads\installer_pdf_shrink_2_0_Deutsch.exe
C:\Users\Jan\Downloads\SoftonicDownloader_fuer_free-download-manager.exe
C:\Users\Jan\Downloads\speedupmypc.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.10.2012, 12:06
| #17 |
 | Malewarebytes findet pup.blabbers Folgendes Log hat sich nach dem Neustart geöffnet:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
========== FILES ==========
C:\Alte Platte\E_daten\Dokumente\weitere\Ideen\Downloads\driver\SoftonicDownloader30671.exe moved successfully.
File\Folder C:\Users\Jan\AppData\Roaming\BrowserCompanion\tbhcn.exe not found.
C:\Users\Jan\Downloads\installer_pdf_shrink_2_0_Deutsch.exe moved successfully.
C:\Users\Jan\Downloads\SoftonicDownloader_fuer_free-download-manager.exe moved successfully.
C:\Users\Jan\Downloads\speedupmypc.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jan\Desktop\cmd.bat deleted successfully.
C:\Users\Jan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
User: Jan
->Temp folder emptied: 49724 bytes
->Java cache emptied: 1484558 bytes
->FireFox cache emptied: 212693281 bytes
->Flash cache emptied: 17423 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34992006 bytes
Session Manager Temp folder emptied: 221173697 bytes
Session Manager Tmp folder emptied: 1310720 bytes
RecycleBin emptied: 9947351012 bytes
Total Files Cleaned = 9.936,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10212012_125327
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
21.10.2012, 12:45
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet pup.blabbers Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
21.10.2012, 19:55
| #19 |
| | Malewarebytes findet pup.blabbers Hier das Log von Kapersky: Code:
ATTFilter 20:49:37.0970 3632 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:49:39.0218 3632 ============================================================
20:49:39.0218 3632 Current date / time: 2012/10/21 20:49:39.0218
20:49:39.0218 3632 SystemInfo:
20:49:39.0218 3632
20:49:39.0218 3632 OS Version: 6.1.7601 ServicePack: 1.0
20:49:39.0218 3632 Product type: Workstation
20:49:39.0218 3632 ComputerName: JAN-PC
20:49:39.0218 3632 UserName: Jan
20:49:39.0218 3632 Windows directory: C:\Windows
20:49:39.0218 3632 System windows directory: C:\Windows
20:49:39.0218 3632 Processor architecture: Intel x86
20:49:39.0218 3632 Number of processors: 2
20:49:39.0218 3632 Page size: 0x1000
20:49:39.0218 3632 Boot type: Normal boot
20:49:39.0218 3632 ============================================================
20:49:40.0403 3632 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:49:40.0403 3632 ============================================================
20:49:40.0403 3632 \Device\Harddisk0\DR0:
20:49:40.0403 3632 MBR partitions:
20:49:40.0403 3632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
20:49:40.0403 3632 ============================================================
20:49:40.0419 3632 C: <-> \Device\Harddisk0\DR0\Partition1
20:49:40.0419 3632 ============================================================
20:49:40.0419 3632 Initialize success
20:49:40.0419 3632 ============================================================
20:49:49.0093 3732 ============================================================
20:49:49.0093 3732 Scan started
20:49:49.0093 3732 Mode: Manual; SigCheck; TDLFS;
20:49:49.0093 3732 ============================================================
20:49:49.0576 3732 ================ Scan system memory ========================
20:49:49.0576 3732 System memory - ok
20:49:49.0576 3732 ================ Scan services =============================
20:49:49.0779 3732 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:49:49.0841 3732 1394ohci - ok
20:49:49.0966 3732 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
20:49:49.0997 3732 AAV UpdateService - ok
20:49:50.0044 3732 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:49:50.0075 3732 ACPI - ok
20:49:50.0122 3732 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:49:50.0138 3732 AcpiPmi - ok
20:49:50.0185 3732 [ 0FF1F2F287E65A66A3B72484B9895785 ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys
20:49:50.0216 3732 ACPIVPC - ok
20:49:50.0278 3732 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:49:50.0309 3732 AdobeFlashPlayerUpdateSvc - ok
20:49:50.0372 3732 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:49:50.0403 3732 adp94xx - ok
20:49:50.0419 3732 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:49:50.0434 3732 adpahci - ok
20:49:50.0465 3732 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:49:50.0481 3732 adpu320 - ok
20:49:50.0512 3732 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:49:50.0543 3732 AeLookupSvc - ok
20:49:50.0606 3732 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:49:50.0637 3732 AFD - ok
20:49:50.0684 3732 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:49:50.0715 3732 agp440 - ok
20:49:50.0731 3732 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:49:50.0746 3732 aic78xx - ok
20:49:50.0777 3732 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:49:50.0809 3732 ALG - ok
20:49:50.0855 3732 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:49:50.0887 3732 aliide - ok
20:49:50.0918 3732 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:49:50.0933 3732 amdagp - ok
20:49:50.0965 3732 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:49:50.0980 3732 amdide - ok
20:49:50.0996 3732 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:49:51.0011 3732 AmdK8 - ok
20:49:51.0027 3732 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:49:51.0043 3732 AmdPPM - ok
20:49:51.0089 3732 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:49:51.0105 3732 amdsata - ok
20:49:51.0121 3732 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:49:51.0136 3732 amdsbs - ok
20:49:51.0152 3732 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:49:51.0167 3732 amdxata - ok
20:49:51.0230 3732 [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
20:49:51.0261 3732 AntiVirFirewallService - ok
20:49:51.0292 3732 [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
20:49:51.0308 3732 AntiVirMailService - ok
20:49:51.0355 3732 [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:49:51.0370 3732 AntiVirSchedulerService - ok
20:49:51.0417 3732 [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:49:51.0433 3732 AntiVirService - ok
20:49:51.0464 3732 [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:49:51.0479 3732 AntiVirWebService - ok
20:49:51.0526 3732 [ FD6D4BC1CF7D1FEC5A17588007ECAFB5 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
20:49:51.0557 3732 ApfiltrService - ok
20:49:51.0635 3732 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:49:51.0667 3732 AppID - ok
20:49:51.0823 3732 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:49:51.0869 3732 AppIDSvc - ok
20:49:51.0901 3732 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:49:51.0932 3732 Appinfo - ok
20:49:51.0979 3732 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:49:51.0994 3732 arc - ok
20:49:52.0010 3732 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:49:52.0025 3732 arcsas - ok
20:49:52.0041 3732 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:49:52.0072 3732 AsyncMac - ok
20:49:52.0119 3732 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:49:52.0119 3732 atapi - ok
20:49:52.0166 3732 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:49:52.0197 3732 AudioEndpointBuilder - ok
20:49:52.0213 3732 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:49:52.0244 3732 Audiosrv - ok
20:49:52.0291 3732 [ E6263CDD0EF3B98CFA2A251A21D8BE2E ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
20:49:52.0306 3732 avfwim - ok
20:49:52.0353 3732 [ 48929A52C039738C3193581F7FC483A5 ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
20:49:52.0384 3732 avfwot - ok
20:49:52.0384 3732 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:49:52.0400 3732 avgntflt - ok
20:49:52.0431 3732 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:49:52.0431 3732 avipbb - ok
20:49:52.0447 3732 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:49:52.0462 3732 avkmgr - ok
20:49:52.0525 3732 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:49:52.0540 3732 AxInstSV - ok
20:49:52.0603 3732 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:49:52.0618 3732 b06bdrv - ok
20:49:52.0649 3732 [ 6F41A4C5745BB99F89406F57164F099E ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:49:52.0665 3732 b57nd60x - ok
20:49:52.0712 3732 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:49:52.0712 3732 BDESVC - ok
20:49:52.0774 3732 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:49:52.0805 3732 Beep - ok
20:49:52.0868 3732 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:49:52.0915 3732 BFE - ok
20:49:52.0961 3732 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:49:52.0993 3732 BITS - ok
20:49:52.0993 3732 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:49:53.0008 3732 blbdrive - ok
20:49:53.0055 3732 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:49:53.0071 3732 bowser - ok
20:49:53.0071 3732 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:49:53.0086 3732 BrFiltLo - ok
20:49:53.0102 3732 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:49:53.0117 3732 BrFiltUp - ok
20:49:53.0149 3732 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:49:53.0180 3732 Browser - ok
20:49:53.0195 3732 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:49:53.0227 3732 Brserid - ok
20:49:53.0242 3732 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:49:53.0258 3732 BrSerWdm - ok
20:49:53.0273 3732 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:49:53.0289 3732 BrUsbMdm - ok
20:49:53.0305 3732 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:49:53.0320 3732 BrUsbSer - ok
20:49:53.0336 3732 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:49:53.0351 3732 BTHMODEM - ok
20:49:53.0398 3732 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:49:53.0429 3732 bthserv - ok
20:49:53.0492 3732 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:49:53.0507 3732 cdfs - ok
20:49:53.0570 3732 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:49:53.0585 3732 cdrom - ok
20:49:53.0648 3732 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:49:53.0679 3732 CertPropSvc - ok
20:49:53.0695 3732 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:49:53.0695 3732 circlass - ok
20:49:53.0710 3732 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:49:53.0726 3732 CLFS - ok
20:49:53.0804 3732 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:49:53.0835 3732 clr_optimization_v2.0.50727_32 - ok
20:49:53.0929 3732 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:49:53.0944 3732 clr_optimization_v4.0.30319_32 - ok
20:49:53.0960 3732 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:49:53.0991 3732 CmBatt - ok
20:49:54.0022 3732 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:49:54.0038 3732 cmdide - ok
20:49:54.0069 3732 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:49:54.0100 3732 CNG - ok
20:49:54.0163 3732 [ C2FA222AC9DB9463F801451FF65ECBE8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
20:49:54.0178 3732 CnxtHdAudService - ok
20:49:54.0194 3732 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:49:54.0209 3732 Compbatt - ok
20:49:54.0272 3732 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:49:54.0287 3732 CompositeBus - ok
20:49:54.0303 3732 COMSysApp - ok
20:49:54.0319 3732 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:49:54.0334 3732 crcdisk - ok
20:49:54.0397 3732 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:49:54.0428 3732 CryptSvc - ok
20:49:54.0490 3732 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:49:54.0537 3732 DcomLaunch - ok
20:49:54.0568 3732 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:49:54.0599 3732 defragsvc - ok
20:49:54.0631 3732 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:49:54.0662 3732 DfsC - ok
20:49:54.0709 3732 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:49:54.0724 3732 Dhcp - ok
20:49:54.0787 3732 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:49:54.0818 3732 discache - ok
20:49:54.0865 3732 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:49:54.0865 3732 Disk - ok
20:49:54.0911 3732 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:49:54.0927 3732 Dnscache - ok
20:49:54.0974 3732 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:49:55.0021 3732 dot3svc - ok
20:49:55.0052 3732 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:49:55.0083 3732 DPS - ok
20:49:55.0130 3732 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:49:55.0145 3732 drmkaud - ok
20:49:55.0192 3732 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:49:55.0208 3732 DXGKrnl - ok
20:49:55.0255 3732 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:49:55.0301 3732 EapHost - ok
20:49:55.0411 3732 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:49:55.0457 3732 ebdrv - ok
20:49:55.0520 3732 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:49:55.0535 3732 EFS - ok
20:49:55.0613 3732 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:49:55.0645 3732 ehRecvr - ok
20:49:55.0676 3732 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:49:55.0691 3732 ehSched - ok
20:49:55.0738 3732 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:49:55.0769 3732 elxstor - ok
20:49:55.0801 3732 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:49:55.0816 3732 ErrDev - ok
20:49:55.0879 3732 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:49:55.0910 3732 EventSystem - ok
20:49:55.0957 3732 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:49:56.0003 3732 exfat - ok
20:49:56.0003 3732 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:49:56.0035 3732 fastfat - ok
20:49:56.0097 3732 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:49:56.0113 3732 Fax - ok
20:49:56.0128 3732 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:49:56.0144 3732 fdc - ok
20:49:56.0159 3732 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:49:56.0191 3732 fdPHost - ok
20:49:56.0206 3732 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:49:56.0222 3732 FDResPub - ok
20:49:56.0237 3732 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:49:56.0253 3732 FileInfo - ok
20:49:56.0253 3732 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:49:56.0284 3732 Filetrace - ok
20:49:56.0300 3732 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:49:56.0300 3732 flpydisk - ok
20:49:56.0331 3732 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:49:56.0347 3732 FltMgr - ok
20:49:56.0409 3732 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
20:49:56.0425 3732 FontCache - ok
20:49:56.0471 3732 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:49:56.0487 3732 FontCache3.0.0.0 - ok
20:49:56.0503 3732 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:49:56.0503 3732 FsDepends - ok
20:49:56.0549 3732 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:49:56.0565 3732 Fs_Rec - ok
20:49:56.0612 3732 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:49:56.0643 3732 fvevol - ok
20:49:56.0659 3732 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:49:56.0674 3732 gagp30kx - ok
20:49:56.0737 3732 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:49:56.0768 3732 gpsvc - ok
20:49:56.0861 3732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:49:56.0877 3732 gupdate - ok
20:49:56.0908 3732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:49:56.0924 3732 gupdatem - ok
20:49:56.0939 3732 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:49:56.0939 3732 hcw85cir - ok
20:49:57.0002 3732 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:49:57.0017 3732 HdAudAddService - ok
20:49:57.0049 3732 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:49:57.0064 3732 HDAudBus - ok
20:49:57.0080 3732 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:49:57.0095 3732 HidBatt - ok
20:49:57.0095 3732 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:49:57.0111 3732 HidBth - ok
20:49:57.0142 3732 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:49:57.0158 3732 HidIr - ok
20:49:57.0205 3732 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:49:57.0236 3732 hidserv - ok
20:49:57.0298 3732 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:49:57.0314 3732 HidUsb - ok
20:49:57.0361 3732 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:49:57.0407 3732 hkmsvc - ok
20:49:57.0454 3732 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:49:57.0470 3732 HomeGroupListener - ok
20:49:57.0501 3732 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:49:57.0532 3732 HomeGroupProvider - ok
20:49:57.0563 3732 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:49:57.0579 3732 HpSAMD - ok
20:49:57.0641 3732 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:49:57.0688 3732 HTTP - ok
20:49:57.0735 3732 [ 19E6885A061011D8DABE8F64498423FA ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:49:57.0751 3732 hwdatacard - ok
20:49:57.0766 3732 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:49:57.0782 3732 hwpolicy - ok
20:49:57.0844 3732 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:49:57.0860 3732 i8042prt - ok
20:49:57.0907 3732 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:49:57.0938 3732 iaStorV - ok
20:49:57.0985 3732 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:49:58.0016 3732 idsvc - ok
20:49:58.0063 3732 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:49:58.0078 3732 iirsp - ok
20:49:58.0094 3732 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:49:58.0125 3732 IKEEXT - ok
20:49:58.0172 3732 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:49:58.0187 3732 intelide - ok
20:49:58.0203 3732 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:49:58.0219 3732 intelppm - ok
20:49:58.0265 3732 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:49:58.0297 3732 IPBusEnum - ok
20:49:58.0312 3732 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:49:58.0343 3732 IpFilterDriver - ok
20:49:58.0406 3732 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:49:58.0453 3732 iphlpsvc - ok
20:49:58.0499 3732 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:49:58.0515 3732 IPMIDRV - ok
20:49:58.0531 3732 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:49:58.0562 3732 IPNAT - ok
20:49:58.0577 3732 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:49:58.0593 3732 IRENUM - ok
20:49:58.0640 3732 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:49:58.0655 3732 isapnp - ok
20:49:58.0687 3732 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:49:58.0718 3732 iScsiPrt - ok
20:49:58.0765 3732 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:49:58.0796 3732 kbdclass - ok
20:49:58.0843 3732 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:49:58.0858 3732 kbdhid - ok
20:49:58.0874 3732 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:49:58.0874 3732 KeyIso - ok
20:49:58.0905 3732 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:49:58.0921 3732 KSecDD - ok
20:49:58.0952 3732 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:49:58.0967 3732 KSecPkg - ok
20:49:59.0014 3732 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:49:59.0061 3732 KtmRm - ok
20:49:59.0108 3732 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:49:59.0123 3732 LanmanServer - ok
20:49:59.0186 3732 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:49:59.0217 3732 LanmanWorkstation - ok
20:49:59.0279 3732 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:49:59.0326 3732 lltdio - ok
20:49:59.0373 3732 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:49:59.0404 3732 lltdsvc - ok
20:49:59.0420 3732 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:49:59.0451 3732 lmhosts - ok
20:49:59.0482 3732 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:49:59.0482 3732 LSI_FC - ok
20:49:59.0498 3732 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:49:59.0513 3732 LSI_SAS - ok
20:49:59.0529 3732 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:49:59.0545 3732 LSI_SAS2 - ok
20:49:59.0560 3732 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:49:59.0576 3732 LSI_SCSI - ok
20:49:59.0591 3732 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:49:59.0607 3732 luafv - ok
20:49:59.0654 3732 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:49:59.0685 3732 Mcx2Svc - ok
20:49:59.0716 3732 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:49:59.0732 3732 megasas - ok
20:49:59.0747 3732 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:49:59.0763 3732 MegaSR - ok
20:49:59.0810 3732 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:49:59.0841 3732 MMCSS - ok
20:49:59.0857 3732 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:49:59.0888 3732 Modem - ok
20:49:59.0903 3732 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:49:59.0919 3732 monitor - ok
20:49:59.0950 3732 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:49:59.0966 3732 mouclass - ok
20:49:59.0997 3732 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:49:59.0997 3732 mouhid - ok
20:50:00.0044 3732 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:50:00.0059 3732 mountmgr - ok
20:50:00.0122 3732 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:50:00.0153 3732 MozillaMaintenance - ok
20:50:00.0184 3732 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:50:00.0200 3732 mpio - ok
20:50:00.0215 3732 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:50:00.0247 3732 mpsdrv - ok
20:50:00.0293 3732 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:50:00.0340 3732 MpsSvc - ok
20:50:00.0371 3732 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:50:00.0403 3732 MRxDAV - ok
20:50:00.0449 3732 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:50:00.0465 3732 mrxsmb - ok
20:50:00.0496 3732 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:50:00.0512 3732 mrxsmb10 - ok
20:50:00.0543 3732 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:50:00.0559 3732 mrxsmb20 - ok
20:50:00.0590 3732 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:50:00.0605 3732 msahci - ok
20:50:00.0621 3732 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:50:00.0637 3732 msdsm - ok
20:50:00.0668 3732 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:50:00.0699 3732 MSDTC - ok
20:50:00.0746 3732 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:50:00.0761 3732 Msfs - ok
20:50:00.0777 3732 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:50:00.0808 3732 mshidkmdf - ok
20:50:00.0839 3732 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:50:00.0855 3732 msisadrv - ok
20:50:00.0902 3732 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:50:00.0949 3732 MSiSCSI - ok
20:50:00.0964 3732 msiserver - ok
20:50:00.0980 3732 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:50:01.0011 3732 MSKSSRV - ok
20:50:01.0027 3732 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:50:01.0042 3732 MSPCLOCK - ok
20:50:01.0058 3732 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:50:01.0073 3732 MSPQM - ok
20:50:01.0089 3732 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:50:01.0105 3732 MsRPC - ok
20:50:01.0151 3732 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:50:01.0167 3732 mssmbios - ok
20:50:01.0167 3732 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:50:01.0198 3732 MSTEE - ok
20:50:01.0214 3732 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:50:01.0214 3732 MTConfig - ok
20:50:01.0229 3732 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:50:01.0245 3732 Mup - ok
20:50:01.0292 3732 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:50:01.0354 3732 napagent - ok
20:50:01.0385 3732 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:50:01.0401 3732 NativeWifiP - ok
20:50:01.0448 3732 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:50:01.0479 3732 NDIS - ok
20:50:01.0495 3732 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:50:01.0510 3732 NdisCap - ok
20:50:01.0541 3732 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:50:01.0557 3732 NdisTapi - ok
20:50:01.0604 3732 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:50:01.0651 3732 Ndisuio - ok
20:50:01.0697 3732 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:50:01.0713 3732 NdisWan - ok
20:50:01.0760 3732 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:50:01.0775 3732 NDProxy - ok
20:50:01.0791 3732 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:50:01.0822 3732 NetBIOS - ok
20:50:01.0869 3732 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:50:01.0900 3732 NetBT - ok
20:50:01.0916 3732 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:50:01.0931 3732 Netlogon - ok
20:50:01.0978 3732 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:50:02.0025 3732 Netman - ok
20:50:02.0025 3732 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:50:02.0072 3732 netprofm - ok
20:50:02.0103 3732 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:50:02.0119 3732 NetTcpPortSharing - ok
20:50:02.0306 3732 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
20:50:02.0384 3732 NETw5s32 - ok
20:50:02.0477 3732 [ AF1AE2E42B03395560B1CDE03230205C ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
20:50:02.0540 3732 netw5v32 - ok
20:50:02.0587 3732 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:50:02.0618 3732 nfrd960 - ok
20:50:02.0665 3732 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:50:02.0711 3732 NlaSvc - ok
20:50:02.0727 3732 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:50:02.0758 3732 Npfs - ok
20:50:02.0805 3732 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:50:02.0821 3732 nsi - ok
20:50:02.0836 3732 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:50:02.0867 3732 nsiproxy - ok
20:50:02.0945 3732 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:50:02.0977 3732 Ntfs - ok
20:50:02.0992 3732 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:50:03.0023 3732 Null - ok
20:50:03.0086 3732 [ 70A7EA12501F003383578D6203FACEDD ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
20:50:03.0101 3732 NVHDA - ok
20:50:03.0351 3732 [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:50:03.0507 3732 nvlddmkm - ok
20:50:03.0538 3732 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:50:03.0554 3732 nvraid - ok
20:50:03.0601 3732 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:50:03.0601 3732 nvstor - ok
20:50:03.0647 3732 [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc C:\Windows\system32\nvvsvc.exe
20:50:03.0679 3732 nvsvc - ok
20:50:03.0725 3732 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:50:03.0741 3732 nv_agp - ok
20:50:03.0788 3732 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:50:03.0803 3732 ohci1394 - ok
20:50:03.0835 3732 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:50:03.0850 3732 p2pimsvc - ok
20:50:03.0897 3732 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:50:03.0928 3732 p2psvc - ok
20:50:03.0959 3732 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:50:03.0975 3732 Parport - ok
20:50:04.0022 3732 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:50:04.0037 3732 partmgr - ok
20:50:04.0053 3732 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:50:04.0069 3732 Parvdm - ok
20:50:04.0069 3732 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:50:04.0100 3732 PcaSvc - ok
20:50:04.0131 3732 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:50:04.0162 3732 pci - ok
20:50:04.0162 3732 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:50:04.0178 3732 pciide - ok
20:50:04.0193 3732 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:50:04.0209 3732 pcmcia - ok
20:50:04.0225 3732 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:50:04.0240 3732 pcw - ok
20:50:04.0271 3732 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:50:04.0318 3732 PEAUTH - ok
20:50:04.0396 3732 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:50:04.0443 3732 pla - ok
20:50:04.0490 3732 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:50:04.0505 3732 PlugPlay - ok
20:50:04.0552 3732 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:50:04.0568 3732 PNRPAutoReg - ok
20:50:04.0599 3732 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:50:04.0615 3732 PNRPsvc - ok
20:50:04.0630 3732 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:50:04.0661 3732 PolicyAgent - ok
20:50:04.0708 3732 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:50:04.0739 3732 Power - ok
20:50:04.0786 3732 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:50:04.0833 3732 PptpMiniport - ok
20:50:04.0849 3732 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:50:04.0864 3732 Processor - ok
20:50:04.0911 3732 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:50:04.0942 3732 ProfSvc - ok
20:50:04.0958 3732 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:50:04.0973 3732 ProtectedStorage - ok
20:50:05.0005 3732 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:50:05.0036 3732 Psched - ok
20:50:05.0098 3732 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:50:05.0129 3732 ql2300 - ok
20:50:05.0161 3732 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:50:05.0161 3732 ql40xx - ok
20:50:05.0223 3732 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:50:05.0254 3732 QWAVE - ok
20:50:05.0270 3732 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:50:05.0285 3732 QWAVEdrv - ok
20:50:05.0301 3732 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:50:05.0332 3732 RasAcd - ok
20:50:05.0348 3732 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:50:05.0379 3732 RasAgileVpn - ok
20:50:05.0395 3732 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:50:05.0426 3732 RasAuto - ok
20:50:05.0441 3732 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:50:05.0457 3732 Rasl2tp - ok
20:50:05.0519 3732 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:50:05.0566 3732 RasMan - ok
20:50:05.0582 3732 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:50:05.0597 3732 RasPppoe - ok
20:50:05.0644 3732 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:50:05.0675 3732 RasSstp - ok
20:50:05.0707 3732 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:50:05.0753 3732 rdbss - ok
20:50:05.0769 3732 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:50:05.0785 3732 rdpbus - ok
20:50:05.0816 3732 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:50:05.0847 3732 RDPCDD - ok
20:50:05.0878 3732 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:50:05.0894 3732 RDPENCDD - ok
20:50:05.0909 3732 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:50:05.0941 3732 RDPREFMP - ok
20:50:05.0987 3732 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:50:05.0987 3732 RDPWD - ok
20:50:06.0050 3732 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:50:06.0065 3732 rdyboost - ok
20:50:06.0081 3732 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:50:06.0112 3732 RemoteAccess - ok
20:50:06.0143 3732 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:50:06.0175 3732 RemoteRegistry - ok
20:50:06.0190 3732 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:50:06.0206 3732 RpcEptMapper - ok
20:50:06.0253 3732 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:50:06.0284 3732 RpcLocator - ok
20:50:06.0299 3732 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:50:06.0331 3732 RpcSs - ok
20:50:06.0393 3732 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:50:06.0424 3732 rspndr - ok
20:50:06.0440 3732 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:50:06.0455 3732 SamSs - ok
20:50:06.0533 3732 [ F758025811001CBBDA8448A8AC29D73F ] SAService C:\Windows\system32\SAsrv.exe
20:50:06.0565 3732 SAService - ok
20:50:06.0611 3732 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:50:06.0627 3732 sbp2port - ok
20:50:06.0658 3732 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:50:06.0689 3732 SCardSvr - ok
20:50:06.0721 3732 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:50:06.0752 3732 scfilter - ok
20:50:06.0799 3732 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:50:06.0830 3732 Schedule - ok
20:50:06.0845 3732 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:50:06.0861 3732 SCPolicySvc - ok
20:50:06.0908 3732 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:50:06.0923 3732 SDRSVC - ok
20:50:07.0079 3732 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Jan\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
20:50:07.0095 3732 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
20:50:07.0095 3732 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
20:50:07.0142 3732 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:50:07.0173 3732 secdrv - ok
20:50:07.0220 3732 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:50:07.0251 3732 seclogon - ok
20:50:07.0282 3732 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:50:07.0313 3732 SENS - ok
20:50:07.0345 3732 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:50:07.0360 3732 SensrSvc - ok
20:50:07.0376 3732 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:50:07.0376 3732 Serenum - ok
20:50:07.0407 3732 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:50:07.0423 3732 Serial - ok
20:50:07.0469 3732 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:50:07.0501 3732 sermouse - ok
20:50:07.0532 3732 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:50:07.0563 3732 SessionEnv - ok
20:50:07.0610 3732 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:50:07.0610 3732 sffdisk - ok
20:50:07.0625 3732 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:50:07.0641 3732 sffp_mmc - ok
20:50:07.0657 3732 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:50:07.0672 3732 sffp_sd - ok
20:50:07.0672 3732 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:50:07.0688 3732 sfloppy - ok
20:50:07.0735 3732 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:50:07.0781 3732 SharedAccess - ok
20:50:07.0828 3732 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:50:07.0859 3732 ShellHWDetection - ok
20:50:07.0906 3732 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:50:07.0922 3732 sisagp - ok
20:50:07.0937 3732 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:50:07.0953 3732 SiSRaid2 - ok
20:50:07.0969 3732 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:50:07.0984 3732 SiSRaid4 - ok
20:50:08.0031 3732 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:50:08.0062 3732 SkypeUpdate - ok
20:50:08.0093 3732 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:50:08.0125 3732 Smb - ok
20:50:08.0171 3732 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:50:08.0187 3732 SNMPTRAP - ok
20:50:08.0203 3732 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:50:08.0218 3732 spldr - ok
20:50:08.0265 3732 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:50:08.0281 3732 Spooler - ok
20:50:08.0374 3732 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:50:08.0452 3732 sppsvc - ok
20:50:08.0483 3732 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:50:08.0515 3732 sppuinotify - ok
20:50:08.0546 3732 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:50:08.0561 3732 srv - ok
20:50:08.0593 3732 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:50:08.0593 3732 srv2 - ok
20:50:08.0624 3732 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:50:08.0639 3732 srvnet - ok
20:50:08.0686 3732 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:50:08.0717 3732 SSDPSRV - ok
20:50:08.0764 3732 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:50:08.0780 3732 ssmdrv - ok
20:50:08.0795 3732 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:50:08.0842 3732 SstpSvc - ok
20:50:08.0873 3732 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:50:08.0889 3732 stexstor - ok
20:50:08.0951 3732 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:50:08.0998 3732 StiSvc - ok
20:50:09.0029 3732 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:50:09.0045 3732 swenum - ok
20:50:09.0061 3732 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:50:09.0092 3732 swprv - ok
20:50:09.0170 3732 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:50:09.0201 3732 SysMain - ok
20:50:09.0217 3732 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:50:09.0232 3732 TabletInputService - ok
20:50:09.0263 3732 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:50:09.0295 3732 TapiSrv - ok
20:50:09.0310 3732 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:50:09.0341 3732 TBS - ok
20:50:09.0404 3732 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:50:09.0451 3732 Tcpip - ok
20:50:09.0497 3732 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:50:09.0529 3732 TCPIP6 - ok
20:50:09.0560 3732 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:50:09.0575 3732 tcpipreg - ok
20:50:09.0622 3732 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:50:09.0653 3732 TDPIPE - ok
20:50:09.0685 3732 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:50:09.0700 3732 TDTCP - ok
20:50:09.0731 3732 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:50:09.0778 3732 tdx - ok
20:50:09.0825 3732 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:50:09.0825 3732 TermDD - ok
20:50:09.0856 3732 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:50:09.0887 3732 TermService - ok
20:50:09.0934 3732 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:50:09.0965 3732 Themes - ok
20:50:09.0981 3732 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:50:09.0997 3732 THREADORDER - ok
20:50:10.0043 3732 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:50:10.0075 3732 TrkWks - ok
20:50:10.0168 3732 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:50:10.0199 3732 TrustedInstaller - ok
20:50:10.0231 3732 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:50:10.0246 3732 tssecsrv - ok
20:50:10.0277 3732 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:50:10.0293 3732 TsUsbFlt - ok
20:50:10.0355 3732 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:50:10.0387 3732 tunnel - ok
20:50:10.0433 3732 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:50:10.0449 3732 uagp35 - ok
20:50:10.0465 3732 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:50:10.0496 3732 udfs - ok
20:50:10.0511 3732 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:50:10.0527 3732 UI0Detect - ok
20:50:10.0574 3732 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:50:10.0589 3732 uliagpkx - ok
20:50:10.0636 3732 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:50:10.0652 3732 umbus - ok
20:50:10.0652 3732 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:50:10.0667 3732 UmPass - ok
20:50:10.0683 3732 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:50:10.0714 3732 upnphost - ok
20:50:10.0761 3732 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:50:10.0777 3732 usbccgp - ok
20:50:10.0823 3732 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:50:10.0855 3732 usbcir - ok
20:50:10.0901 3732 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:50:10.0917 3732 usbehci - ok
20:50:10.0948 3732 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:50:10.0979 3732 usbhub - ok
20:50:10.0979 3732 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:50:10.0995 3732 usbohci - ok
20:50:11.0011 3732 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:50:11.0026 3732 usbprint - ok
20:50:11.0104 3732 [ 44CDCF77305096E866381688635064D8 ] usbsmi C:\Windows\system32\DRIVERS\SMIksdrv.sys
20:50:11.0120 3732 usbsmi - ok
20:50:11.0135 3732 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:50:11.0151 3732 USBSTOR - ok
20:50:11.0198 3732 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:50:11.0198 3732 usbuhci - ok
20:50:11.0245 3732 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:50:11.0276 3732 usbvideo - ok
20:50:11.0307 3732 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:50:11.0338 3732 UxSms - ok
20:50:11.0338 3732 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:50:11.0354 3732 VaultSvc - ok
20:50:11.0401 3732 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:50:11.0416 3732 vdrvroot - ok
20:50:11.0479 3732 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:50:11.0510 3732 vds - ok
20:50:11.0541 3732 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:50:11.0572 3732 vga - ok
20:50:11.0635 3732 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:50:11.0681 3732 VgaSave - ok
20:50:11.0728 3732 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:50:11.0744 3732 vhdmp - ok
20:50:11.0791 3732 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:50:11.0806 3732 viaagp - ok
20:50:11.0822 3732 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:50:11.0822 3732 ViaC7 - ok
20:50:11.0853 3732 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:50:11.0853 3732 viaide - ok
20:50:11.0947 3732 [ 6E021D6DA429AD7288FE8322E2BBA96B ] VMCService C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
20:50:11.0947 3732 VMCService ( UnsignedFile.Multi.Generic ) - warning
20:50:11.0947 3732 VMCService - detected UnsignedFile.Multi.Generic (1)
20:50:11.0993 3732 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:50:12.0009 3732 volmgr - ok
20:50:12.0025 3732 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:50:12.0040 3732 volmgrx - ok
20:50:12.0056 3732 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:50:12.0071 3732 volsnap - ok
20:50:12.0103 3732 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:50:12.0118 3732 vsmraid - ok
20:50:12.0181 3732 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:50:12.0227 3732 VSS - ok
20:50:12.0243 3732 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:50:12.0259 3732 vwifibus - ok
20:50:12.0274 3732 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:50:12.0290 3732 vwififlt - ok
20:50:12.0337 3732 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:50:12.0383 3732 W32Time - ok
20:50:12.0399 3732 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:50:12.0415 3732 WacomPen - ok
20:50:12.0461 3732 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:50:12.0477 3732 WANARP - ok
20:50:12.0493 3732 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:50:12.0508 3732 Wanarpv6 - ok
20:50:12.0555 3732 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:50:12.0586 3732 wbengine - ok
20:50:12.0602 3732 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:50:12.0617 3732 WbioSrvc - ok
20:50:12.0664 3732 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:50:12.0695 3732 wcncsvc - ok
20:50:12.0711 3732 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:50:12.0727 3732 WcsPlugInService - ok
20:50:12.0773 3732 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:50:12.0789 3732 Wd - ok
20:50:12.0820 3732 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:50:12.0836 3732 Wdf01000 - ok
20:50:12.0851 3732 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:50:12.0867 3732 WdiServiceHost - ok
20:50:12.0867 3732 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:50:12.0883 3732 WdiSystemHost - ok
20:50:12.0945 3732 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:50:12.0961 3732 WebClient - ok
20:50:12.0976 3732 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:50:13.0007 3732 Wecsvc - ok
20:50:13.0023 3732 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:50:13.0039 3732 wercplsupport - ok
20:50:13.0054 3732 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:50:13.0085 3732 WerSvc - ok
20:50:13.0117 3732 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:50:13.0132 3732 WfpLwf - ok
20:50:13.0148 3732 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:50:13.0163 3732 WIMMount - ok
20:50:13.0195 3732 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:50:13.0226 3732 WinDefend - ok
20:50:13.0226 3732 WinHttpAutoProxySvc - ok
20:50:13.0304 3732 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:50:13.0335 3732 Winmgmt - ok
20:50:13.0397 3732 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:50:13.0444 3732 WinRM - ok
20:50:13.0507 3732 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:50:13.0538 3732 Wlansvc - ok
20:50:13.0538 3732 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:50:13.0553 3732 WmiAcpi - ok
20:50:13.0616 3732 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:50:13.0631 3732 wmiApSrv - ok
20:50:13.0725 3732 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:50:13.0741 3732 WMPNetworkSvc - ok
20:50:13.0787 3732 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:50:13.0819 3732 WPCSvc - ok
20:50:13.0850 3732 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:50:13.0881 3732 WPDBusEnum - ok
20:50:13.0928 3732 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:50:13.0943 3732 ws2ifsl - ok
20:50:13.0959 3732 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:50:13.0990 3732 wscsvc - ok
20:50:13.0990 3732 WSearch - ok
20:50:14.0068 3732 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:50:14.0131 3732 wuauserv - ok
20:50:14.0146 3732 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:50:14.0162 3732 WudfPf - ok
20:50:14.0193 3732 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:50:14.0209 3732 WUDFRd - ok
20:50:14.0224 3732 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:50:14.0255 3732 wudfsvc - ok
20:50:14.0271 3732 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:50:14.0287 3732 WwanSvc - ok
20:50:14.0302 3732 ================ Scan global ===============================
20:50:14.0349 3732 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:50:14.0380 3732 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
20:50:14.0396 3732 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
20:50:14.0458 3732 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:50:14.0505 3732 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:50:14.0505 3732 [Global] - ok
20:50:14.0505 3732 ================ Scan MBR ==================================
20:50:14.0521 3732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:50:15.0067 3732 \Device\Harddisk0\DR0 - ok
20:50:15.0067 3732 ================ Scan VBR ==================================
20:50:15.0082 3732 [ 07CECA067ADBDB8BAC76138450D1B9CB ] \Device\Harddisk0\DR0\Partition1
20:50:15.0082 3732 \Device\Harddisk0\DR0\Partition1 - ok
20:50:15.0082 3732 ============================================================
20:50:15.0082 3732 Scan finished
20:50:15.0082 3732 ============================================================
20:50:15.0098 1380 Detected object count: 2
20:50:15.0098 1380 Actual detected object count: 2
20:50:18.0795 1380 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:18.0795 1380 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:18.0795 1380 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:18.0795 1380 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.10.2012, 09:44
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet pup.blabbers Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 18:23
| #21 |
| | Malewarebytes findet pup.blabbers So, hier das Log von Combofix: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-10-22.01 - Jan 22.10.2012 19:09:31.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.2322 [GMT 2:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-22 bis 2012-10-22 ))))))))))))))))))))))))))))))
.
.
2012-10-21 10:53 . 2012-10-21 10:53 -------- d-----w- C:\_OTL
2012-10-19 17:57 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-17 18:26 . 2012-10-17 18:26 -------- d-----w- c:\program files\ESET
2012-10-15 18:08 . 2012-10-15 18:08 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes
2012-10-15 18:08 . 2012-10-15 18:08 -------- d-----w- c:\programdata\Malwarebytes
2012-10-15 18:08 . 2012-10-15 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-15 18:08 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-10 16:46 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 16:46 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-26 23:56 . 2012-09-26 23:56 -------- d-----w- c:\users\Jan\.thumbnails
2012-09-26 16:00 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 09:21 . 2012-06-04 13:52 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 09:21 . 2012-06-04 13:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 09:26 . 2012-08-21 18:43 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-14 09:26 . 2012-08-21 18:43 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59 . 2012-09-22 07:44 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:44 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:44 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-13 21:50 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-13 21:50 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-13 21:50 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-13 21:50 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57 . 2012-09-13 21:50 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-10-14 11:53 . 2012-10-14 11:53 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"Ocs_SM"="c:\users\Jan\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-18 106496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-07-04 10:52 2072576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-10-03 09:40 13826664 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2010-04-28 09:31 307768 ------w- c:\program files\CONEXANT\SAII\SAIICpl.exe
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Jan\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 09:21]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-22 11:55]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-22 11:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\yvl9e47t.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Lenovo EasyCamera - c:\windows\system32\RemoveSM37X.exe USB\VID_090c&PID_3712&MI_00 USB\VID_090c&PID_3713&MI_00 USB\VID_090c&PID_3714&MI_00 USB\VID_090c&PID_3715&MI_00 USB\VID_090c&PID_3716&MI_00 USB\VID_090c&PID_7371&MI_00 USB\VID_090c&PID_37A9&MI_00
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Conexant\SAII\SmartAudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-22 19:19:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-22 17:19
.
Vor Suchlauf: 12 Verzeichnis(se), 190.671.011.840 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 190.329.184.256 Bytes frei
.
- - End Of File - - B8EF2D43D4B6952CA0F06C24F7CF4251
|
|
23.10.2012, 11:13
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet pup.blabbers Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2012, 02:08
| #23 |
| | Malewarebytes findet pup.blabbers So, hier sind die Logs: GMER: [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-23 20:25:45
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-22HXZT3 rev.01.01A01
Running: 9q7ye060.exe; Driver: C:\Temp\pwldypow.sys
---- System - GMER 1.0.15 ----
SSDT 93E53D1E ZwCreateSection
SSDT 93E53D28 ZwRequestWaitReplyPort
SSDT 93E53D23 ZwSetContextThread
SSDT 93E53D2D ZwSetSecurityObject
SSDT 93E53D32 ZwSystemDebugControl
SSDT 93E53CBF ZwTerminateProcess
SSDT 93E53CBA ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E87A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC14D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EC862C 4 Bytes [1E, 3D, E5, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EC8988 4 Bytes [28, 3D, E5, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82EC89CC 4 Bytes [23, 3D, E5, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82EC8A48 4 Bytes [2D, 3D, E5, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82EC8A9C 4 Bytes [32, 3D, E5, 93]
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1724] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7505FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1724] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7505FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1724] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7505FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1724] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7505FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1724] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7505FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
---- EOF - GMER 1.0.15 ----
--- --- --- OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:36:51 on 23.10.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 16.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avfwot" (avfwot) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avfwot.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Temp\catchme.sys (File not found) "pwldypow" (pwldypow) - ? - C:\Temp\pwldypow.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_287.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "Free Download Manager" - ? - C:\Program Files\Free Download Manager\iefdm2.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SmartAudio" - ? - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Ocs_SM" - "OCS" - C:\Users\Jan\AppData\Roaming\OCS\SM\SearchAnonymizer.exe "SmartAudio" - ? - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe "Avira FireWall" (AntiVirFirewallService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Conexant SmartAudio service" (SAService) - "Conexant Systems, Inc." - C:\Windows\system32\SAsrv.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Jan\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 02:42:33
-----------------------------
02:42:33.763 OS Version: Windows 6.1.7601 Service Pack 1
02:42:33.763 Number of processors: 2 586 0x170A
02:42:33.763 ComputerName: JAN-PC UserName: Jan
02:42:46.306 Initialize success
02:51:46.813 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:51:46.813 Disk 0 Vendor: WDC_WD5000BPVT-22HXZT3 01.01A01 Size: 476940MB BusType: 11
02:51:46.860 Disk 0 MBR read successfully
02:51:46.860 Disk 0 MBR scan
02:51:46.860 Disk 0 Windows 7 default MBR code
02:51:46.876 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
02:51:46.891 Disk 0 scanning sectors +976771072
02:51:47.110 Disk 0 scanning C:\Windows\system32\drivers
02:52:35.282 Service scanning
02:53:03.581 Modules scanning
02:54:24.919 Disk 0 trace - called modules:
02:54:24.951
02:54:24.966 Scan finished successfully
03:00:06.232 Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
03:00:06.248 The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"
|
|
24.10.2012, 15:23
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet pup.blabbers Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2012, 22:13
| #25 |
| | Malewarebytes findet pup.blabbers Hi! So hat leider länger gedauert. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.25.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Jan :: JAN-PC [Administrator] 25.10.2012 20:24:46 mbam-log-2012-10-25 (20-24-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 291939 Laufzeit: 55 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/25/2012 at 01:59 AM
Application Version : 5.6.1012
Core Rules Database Version : 9466
Trace Rules Database Version: 7278
Scan type : Complete Scan
Total Scan Time : 02:04:39
Operating System Information
Windows Vista Home Premium 32-bit (Build 6.00.6000)
UAC On - Limited User
Memory items scanned : 644
Memory threats detected : 0
Registry items scanned : 35994
Registry threats detected : 0
File items scanned : 103927
File threats detected : 134
Adware.Tracking Cookie
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\FBW6RDN6.txt [ /tracking.quisma.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\16GV8AGS.txt [ /ads.creative-serving.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\XSARFGST.txt [ /adtech.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\A77BNEZ8.txt [ /ad.adnet.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\T1R3YYTD.txt [ /ad.zanox.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\CWJDWSHK.txt [ /lucidmedia.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\05OFBLMT.txt [ /atdmt.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\HK926Z0F.txt [ /eas.apm.emediate.eu ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\X9JXRDQD.txt [ /apmebf.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\56JV4U94.txt [ /ww251.smartadserver.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\V4NWC41V.txt [ /advertising.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\T88T4XG5.txt [ /adform.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\07H5EO6N.txt [ /ru4.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\VHDOZ5KE.txt [ /adviva.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\46IK98QN.txt [ /zanox-affiliate.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\TG5VFTHW.txt [ /track.adform.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\UXAN3MO7.txt [ /adfarm1.adition.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\SDFLKFEM.txt [ /bs.serving-sys.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\1963R4WY.txt [ /traffictrack.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\9GLGXB43.txt [ /tradedoubler.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\5YBSE5J4.txt [ /smartadserver.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\BMT6K4BO.txt [ /ad.360yield.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\4CKO8ZSR.txt [ /ad.yieldmanager.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\UBJ5RNQ9.txt [ /serving-sys.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\GP8I0ZPJ.txt [ /c.atdmt.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\HVTRV6GH.txt [ /specificclick.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\F7MZACSG.txt [ /statse.webtrendslive.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\PVKB6JPA.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\43JJQ0OG.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\PYDSO1CZ.txt [ /invitemedia.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\JLOKGB9M.txt [ /ads.lausitznews.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\64CE6A51.txt [ /media6degrees.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\C3W9DR12.txt [ /mediaplex.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\2JZ7VAJB.txt [ /webmasterplan.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\DB6YQMZH.txt [ /revsci.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\KDLD8TBL.txt [ /doubleclick.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\PULBXDXP.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\39DJX944.txt [ /im.banner.t-online.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\IWTLGBL3.txt [ /adxpose.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\17GAI9GP.txt [ /zanox.com ]
C:\USERS\JAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\jan@atdmt[1].txt [ Cookie:jan@atdmt.com/ ]
C:\USERS\JAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\jan@apmebf[1].txt [ Cookie:jan@apmebf.com/ ]
C:\USERS\JAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\jan@c.atdmt[2].txt [ Cookie:jan@c.atdmt.com/ ]
C:\USERS\JAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\jan@serving-sys[1].txt [ Cookie:jan@serving-sys.com/ ]
C:\USERS\JAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\jan@mediaplex[1].txt [ Cookie:jan@mediaplex.com/ ]
C:\USERS\JAN\Cookies\FBW6RDN6.txt [ Cookie:jan@tracking.quisma.com/ ]
C:\USERS\JAN\Cookies\XSARFGST.txt [ Cookie:jan@adtech.de/ ]
C:\USERS\JAN\Cookies\A77BNEZ8.txt [ Cookie:jan@ad.adnet.de/ ]
C:\USERS\JAN\Cookies\05OFBLMT.txt [ Cookie:jan@atdmt.com/ ]
C:\USERS\JAN\Cookies\HK926Z0F.txt [ Cookie:jan@eas.apm.emediate.eu/ ]
C:\USERS\JAN\Cookies\X9JXRDQD.txt [ Cookie:jan@apmebf.com/ ]
C:\USERS\JAN\Cookies\56JV4U94.txt [ Cookie:jan@ww251.smartadserver.com/ ]
C:\USERS\JAN\Cookies\V4NWC41V.txt [ Cookie:jan@advertising.com/ ]
C:\USERS\JAN\Cookies\T88T4XG5.txt [ Cookie:jan@adform.net/ ]
C:\USERS\JAN\Cookies\07H5EO6N.txt [ Cookie:jan@ru4.com/ ]
C:\USERS\JAN\Cookies\46IK98QN.txt [ Cookie:jan@zanox-affiliate.de/ ]
C:\USERS\JAN\Cookies\UXAN3MO7.txt [ Cookie:jan@adfarm1.adition.com/ ]
C:\USERS\JAN\Cookies\1963R4WY.txt [ Cookie:jan@traffictrack.de/ ]
C:\USERS\JAN\Cookies\9GLGXB43.txt [ Cookie:jan@tradedoubler.com/ ]
C:\USERS\JAN\Cookies\5YBSE5J4.txt [ Cookie:jan@smartadserver.com/ ]
C:\USERS\JAN\Cookies\4CKO8ZSR.txt [ Cookie:jan@ad.yieldmanager.com/ ]
C:\USERS\JAN\Cookies\UBJ5RNQ9.txt [ Cookie:jan@serving-sys.com/ ]
C:\USERS\JAN\Cookies\GP8I0ZPJ.txt [ Cookie:jan@c.atdmt.com/ ]
C:\USERS\JAN\Cookies\HVTRV6GH.txt [ Cookie:jan@specificclick.net/ ]
C:\USERS\JAN\Cookies\F7MZACSG.txt [ Cookie:jan@statse.webtrendslive.com/ ]
C:\USERS\JAN\Cookies\PVKB6JPA.txt [ Cookie:jan@ad1.adfarm1.adition.com/ ]
C:\USERS\JAN\Cookies\64CE6A51.txt [ Cookie:jan@media6degrees.com/ ]
C:\USERS\JAN\Cookies\C3W9DR12.txt [ Cookie:jan@mediaplex.com/ ]
C:\USERS\JAN\Cookies\2JZ7VAJB.txt [ Cookie:jan@webmasterplan.com/ ]
C:\USERS\JAN\Cookies\KDLD8TBL.txt [ Cookie:jan@doubleclick.net/ ]
C:\USERS\JAN\Cookies\PULBXDXP.txt [ Cookie:jan@ad2.adfarm1.adition.com/ ]
C:\USERS\JAN\Cookies\39DJX944.txt [ Cookie:jan@im.banner.t-online.de/ ]
C:\USERS\JAN\Cookies\17GAI9GP.txt [ Cookie:jan@zanox.com/ ]
C:\USERS\JAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAN@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
track.webtrekk.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
kinofinder.kino-zeit.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.shinystat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
mediadb.kicker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.germanwings.112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
webstats.fernsehturm-stuttgart.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
engine.letsstat.nl [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
engine.letsstat.nl [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
commons.wikimedia.org [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.oms.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
incubator.wikimedia.org [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
track.blogcounter.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
traffic.brand-wall.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.stepstone.112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
traffic.brand-wall.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.olympiaverlag.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-MSFake
C:\USERS\JAN\APPDATA\ROAMING\DESKTOPICONFORAMAZON\ICONFORAMAZON.EXE
|
|
26.10.2012, 11:19
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet pup.blabbersCode:
ATTFilter UAC On - Limited User
Bitte so wie es in der Anleitung steht auch ausführen! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2012, 21:35
| #27 |
| | Malewarebytes findet pup.blabbers Hi. Oh, sorry. Da it wohl was schiefgegangen. Hier das Log: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/27/2012 at 09:04 PM
Application Version : 5.6.1012
Core Rules Database Version : 9484
Trace Rules Database Version: 7296
Scan type : Complete Scan
Total Scan Time : 01:14:41
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 729
Memory threats detected : 0
Registry items scanned : 36138
Registry threats detected : 0
File items scanned : 104007
File threats detected : 135
Adware.Tracking Cookie
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\FBW6RDN6.txt [ /tracking.quisma.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\16GV8AGS.txt [ /ads.creative-serving.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\XSARFGST.txt [ /adtech.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\A77BNEZ8.txt [ /ad.adnet.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\T1R3YYTD.txt [ /ad.zanox.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\CWJDWSHK.txt [ /lucidmedia.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\05OFBLMT.txt [ /atdmt.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\HK926Z0F.txt [ /eas.apm.emediate.eu ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\X9JXRDQD.txt [ /apmebf.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\56JV4U94.txt [ /ww251.smartadserver.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\V4NWC41V.txt [ /advertising.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\T88T4XG5.txt [ /adform.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\07H5EO6N.txt [ /ru4.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\VHDOZ5KE.txt [ /adviva.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\46IK98QN.txt [ /zanox-affiliate.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\TG5VFTHW.txt [ /track.adform.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\UXAN3MO7.txt [ /adfarm1.adition.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\SDFLKFEM.txt [ /bs.serving-sys.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\1963R4WY.txt [ /traffictrack.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\9GLGXB43.txt [ /tradedoubler.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\5YBSE5J4.txt [ /smartadserver.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\BMT6K4BO.txt [ /ad.360yield.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\4CKO8ZSR.txt [ /ad.yieldmanager.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\UBJ5RNQ9.txt [ /serving-sys.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\GP8I0ZPJ.txt [ /c.atdmt.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\HVTRV6GH.txt [ /specificclick.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\F7MZACSG.txt [ /statse.webtrendslive.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\PVKB6JPA.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\43JJQ0OG.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\PYDSO1CZ.txt [ /invitemedia.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\JLOKGB9M.txt [ /ads.lausitznews.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\64CE6A51.txt [ /media6degrees.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\C3W9DR12.txt [ /mediaplex.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\2JZ7VAJB.txt [ /webmasterplan.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\DB6YQMZH.txt [ /revsci.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\KDLD8TBL.txt [ /doubleclick.net ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\PULBXDXP.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\39DJX944.txt [ /im.banner.t-online.de ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\IWTLGBL3.txt [ /adxpose.com ]
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\17GAI9GP.txt [ /zanox.com ]
C:\USERS\JAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\jan@atdmt[1].txt [ Cookie:jan@atdmt.com/ ]
C:\USERS\JAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\jan@apmebf[1].txt [ Cookie:jan@apmebf.com/ ]
C:\USERS\JAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\jan@c.atdmt[2].txt [ Cookie:jan@c.atdmt.com/ ]
C:\USERS\JAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\jan@serving-sys[1].txt [ Cookie:jan@serving-sys.com/ ]
C:\USERS\JAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\jan@mediaplex[1].txt [ Cookie:jan@mediaplex.com/ ]
C:\USERS\JAN\Cookies\FBW6RDN6.txt [ Cookie:jan@tracking.quisma.com/ ]
C:\USERS\JAN\Cookies\XSARFGST.txt [ Cookie:jan@adtech.de/ ]
C:\USERS\JAN\Cookies\A77BNEZ8.txt [ Cookie:jan@ad.adnet.de/ ]
C:\USERS\JAN\Cookies\05OFBLMT.txt [ Cookie:jan@atdmt.com/ ]
C:\USERS\JAN\Cookies\HK926Z0F.txt [ Cookie:jan@eas.apm.emediate.eu/ ]
C:\USERS\JAN\Cookies\X9JXRDQD.txt [ Cookie:jan@apmebf.com/ ]
C:\USERS\JAN\Cookies\56JV4U94.txt [ Cookie:jan@ww251.smartadserver.com/ ]
C:\USERS\JAN\Cookies\V4NWC41V.txt [ Cookie:jan@advertising.com/ ]
C:\USERS\JAN\Cookies\T88T4XG5.txt [ Cookie:jan@adform.net/ ]
C:\USERS\JAN\Cookies\07H5EO6N.txt [ Cookie:jan@ru4.com/ ]
C:\USERS\JAN\Cookies\46IK98QN.txt [ Cookie:jan@zanox-affiliate.de/ ]
C:\USERS\JAN\Cookies\UXAN3MO7.txt [ Cookie:jan@adfarm1.adition.com/ ]
C:\USERS\JAN\Cookies\1963R4WY.txt [ Cookie:jan@traffictrack.de/ ]
C:\USERS\JAN\Cookies\9GLGXB43.txt [ Cookie:jan@tradedoubler.com/ ]
C:\USERS\JAN\Cookies\5YBSE5J4.txt [ Cookie:jan@smartadserver.com/ ]
C:\USERS\JAN\Cookies\4CKO8ZSR.txt [ Cookie:jan@ad.yieldmanager.com/ ]
C:\USERS\JAN\Cookies\UBJ5RNQ9.txt [ Cookie:jan@serving-sys.com/ ]
C:\USERS\JAN\Cookies\GP8I0ZPJ.txt [ Cookie:jan@c.atdmt.com/ ]
C:\USERS\JAN\Cookies\HVTRV6GH.txt [ Cookie:jan@specificclick.net/ ]
C:\USERS\JAN\Cookies\F7MZACSG.txt [ Cookie:jan@statse.webtrendslive.com/ ]
C:\USERS\JAN\Cookies\PVKB6JPA.txt [ Cookie:jan@ad1.adfarm1.adition.com/ ]
C:\USERS\JAN\Cookies\64CE6A51.txt [ Cookie:jan@media6degrees.com/ ]
C:\USERS\JAN\Cookies\C3W9DR12.txt [ Cookie:jan@mediaplex.com/ ]
C:\USERS\JAN\Cookies\2JZ7VAJB.txt [ Cookie:jan@webmasterplan.com/ ]
C:\USERS\JAN\Cookies\KDLD8TBL.txt [ Cookie:jan@doubleclick.net/ ]
C:\USERS\JAN\Cookies\PULBXDXP.txt [ Cookie:jan@ad2.adfarm1.adition.com/ ]
C:\USERS\JAN\Cookies\39DJX944.txt [ Cookie:jan@im.banner.t-online.de/ ]
C:\USERS\JAN\Cookies\17GAI9GP.txt [ Cookie:jan@zanox.com/ ]
C:\USERS\JAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAN@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
track.webtrekk.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
kinofinder.kino-zeit.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.shinystat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
mediadb.kicker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.germanwings.112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
webstats.fernsehturm-stuttgart.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
engine.letsstat.nl [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
engine.letsstat.nl [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
commons.wikimedia.org [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.oms.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
incubator.wikimedia.org [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
track.blogcounter.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
traffic.brand-wall.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.stepstone.112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.olympiaverlag.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
traffic.brand-wall.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVL9E47T.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-MSFake
C:\USERS\JAN\APPDATA\ROAMING\DESKTOPICONFORAMAZON\ICONFORAMAZON.EXE
|
|
27.10.2012, 23:04
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet pup.blabbers Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg, der angebliche Fund bei Amazon ist ein Fehlalarm. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2012, 18:38
| #29 |
| | Malewarebytes findet pup.blabbers Hi! also kann ich die Funde jetzte über SUPERAntiSpyware löschen? Ansonsten läuft alles gut, keine Probleme. Danke für die Tips, ich werde da sicherlich was machen! |
|
29.10.2012, 08:27
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet pup.blabbersZitat:
Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Scan machen, aber immer vorher ans Update denken. Es empfiehlt sich auf jeden Fall nach der beseitigten Infektion auch möglichst alle Passwörter zu ändern. Abschließend ein ganz wichtiger Punkt: Absicherung des Rechners, aktualisieren der Programme siehe http://www.trojaner-board.de/96344-a...tml#post627442
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malewarebytes findet pup.blabbers |
| ausgeführt, avira, browser, cache, durchgeführt, gefunde, gelöscht, gen, gestern, gmer, hänge, langsamer, malewarebytes, popup, pup.blabbers, rechner, scan, warnungen, öffnet |
Linear-Darstellung
