| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Claro-Search Virus (?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.12.2012, 00:25
| #1 |
 |  Claro-Search Virus (?) Hallo alle miteinander Ich habe vor kurzem ein Programm installieren wollen. Statt mit einem tollen Programm wurde ich aber scheinbar mit einem Virus beschenkt. Jetzt ist es so, dass die Startseite von Internet Explorer und Firefox ständig (auf claro-search.com) geändert wird, sobald der Browser geschlossen wird. Avira AntiVir und Malwarebytes Anti-Malware haben sich nach jeweils einem kompletten Suchlauf über nichts beschwert, claro scheint unsichtbar zu sein. Hat jemand schon eine Ahnung von diesem claro-search-Problem und/oder weiß, wie man es los wird? Google ist in dieser Sache wohl gegen mich, ich habe keine Lösung gefunden. // Edit: Ich bin mir nicht sicher, ob es sich hier um einen Virus handelt oder nicht.... Jedenfalls hab ich jetzt (durch die Logs, die ich mir gerade mal durchgelesen habe) mal geguckt, was sich da getan hat. Unter Anderem wurde bei der Installation etwas namens "Browser Manager" installiert. Im Startmenü gibt's dazu einen Deinstaller. Führt man den aus, wird die Startseite nicht mehr ständig durch die claro-search seite ersetzt. Fraglich ist, ob trotzdem noch etwas oder gar ein Virus vorhanden ist. // Logs von OTL OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.12.2012 00:04:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,73% Memory free 15,92 Gb Paging File | 14,39 Gb Available in Paging File | 90,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 99,90 Gb Total Space | 38,64 Gb Free Space | 38,68% Space Free | Partition Type: NTFS Drive D: | 831,51 Gb Total Space | 683,46 Gb Free Space | 82,19% Space Free | Partition Type: NTFS Drive E: | 93,99 Gb Total Space | 93,90 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Drive F: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 1768,93 Gb Total Space | 1343,81 Gb Free Space | 75,97% Space Free | Partition Type: NTFS Computer Name: *****SPC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.03 00:03:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2012.11.27 09:03:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.27 09:03:01 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.27 09:03:01 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe PRC - [2012.10.06 08:13:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.23 20:43:48 | 003,477,640 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe PRC - [2012.09.23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.24 13:15:52 | 000,577,536 | ---- | M] (Hauppauge Computer Works) -- D:\Programme\Hauppauge\WinTV\TVServer\HauppaugeTVServer.exe PRC - [2012.08.16 16:16:04 | 000,402,944 | ---- | M] (Hauppauge Computer Works) -- D:\Programme\Hauppauge\WinTV\TVServer\CaptureGenUSB.exe ========== Modules (No Company Name) ========== MOD - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe MOD - [2012.11.12 11:03:58 | 002,147,352 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll MOD - [2012.09.23 20:43:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu ========== Services (SafeList) ========== SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.12.02 15:34:45 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.27 09:03:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.27 09:03:01 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.14 22:35:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager) SRV - [2012.10.06 08:13:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.10.05 22:40:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.24 13:15:52 | 000,577,536 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- D:\Programme\Hauppauge\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.21 23:21:05 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2012.11.14 19:06:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.14 19:06:59 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.12 15:19:52 | 000,019,840 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc) DRV:64bit: - [2011.12.12 15:19:22 | 000,658,944 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda) DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.09.17 18:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA D8 16 A8 40 A3 CD 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117452&tt=4812_5&babsrc=SP_ss&mntrId=30a5974a00000000000020cf30bbab81 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: D:\Programme\AmazonMP3Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012.11.14 22:06:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.12.02 15:38:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2012.12.02 15:34:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.01 20:14:25 | 000,000,000 | ---D | M] [2012.10.05 22:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2012.10.05 23:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hcw1svum.default\extensions [2012.11.23 19:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yym5pkfn.default\extensions [2012.10.06 21:12:15 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yym5pkfn.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2012.10.06 21:12:16 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yym5pkfn.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.10.05 22:51:01 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\hcw1svum.default\extensions\testpilot@labs.mozilla.com.xpi [2012.10.05 23:21:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\hcw1svum.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.17 23:01:34 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\compatibility@addons.mozilla.org.xpi [2012.11.04 10:15:11 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\firebug@software.joehewitt.com.xpi [2012.09.12 12:37:32 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\testpilot@labs.mozilla.com.xpi [2012.08.15 16:17:17 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2012.09.06 16:46:01 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.11.23 19:05:17 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2012.12.02 17:02:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk = D:\Programme\Nettalk6\Nettalk.exe (Nicolas Kruse) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC601C21-E265-4961-B40C-AA7D8D16AA40}: DhcpNameServer = 192.168.0.1 O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.11 18:03:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2012.08.23 22:57:54 | 000,000,000 | ---D | M] - G:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.03 00:03:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.12.02 23:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.12.02 23:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.02 17:13:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.02 16:57:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.02 16:57:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.02 16:57:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.02 16:57:27 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.02 16:57:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.02 12:10:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2012.12.02 12:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.02 12:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.02 12:10:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.01 21:21:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Roni Music [2012.12.01 21:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Roni Music [2012.12.01 20:14:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012.12.01 20:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.12.01 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Babylon [2012.12.01 20:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.12.01 20:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.11.24 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Amazon MP3 [2012.11.24 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Amazon [2012.11.24 12:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012.11.23 16:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.11.23 15:44:38 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.11.23 15:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.21 23:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2012.11.21 17:51:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\LibreOffice [2012.11.21 17:46:35 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6 [2012.11.19 13:37:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\com.adobe.dmp.contentviewer [2012.11.17 11:58:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.11.17 11:58:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2012.11.16 17:12:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.11.16 17:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.11.16 17:12:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Notepad++ [2012.11.16 17:07:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\FileZilla [2012.11.16 17:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012.11.16 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2012.11.15 22:32:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\AdobeMuse [2012.11.15 16:22:32 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Adobe Scripts [2012.11.15 16:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.15 16:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.11.14 22:48:02 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat [2012.11.14 22:36:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PACE Anti-Piracy [2012.11.14 22:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy [2012.11.14 22:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy [2012.11.14 22:36:40 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Adobe [2012.11.14 21:02:15 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys [2012.11.14 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2012.11.14 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.11.14 21:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2012.11.14 21:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012.11.14 20:10:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.11.14 20:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.11.14 20:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012.11.14 20:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.11.14 20:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.11.14 20:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.11.14 20:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.11.14 20:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.11.14 19:18:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.11.14 19:18:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Adobe ========== Files - Modified Within 30 Days ========== [2012.12.03 00:03:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.12.03 00:03:09 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2012.12.03 00:02:06 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe [2012.12.02 23:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.02 23:18:41 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.02 23:18:41 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.02 23:17:19 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.02 23:17:19 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.02 23:17:19 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.02 23:17:19 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.02 23:17:19 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.02 23:11:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.02 23:10:59 | 2115,280,895 | -HS- | M] () -- C:\hiberfil.sys [2012.12.02 17:02:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.12.01 20:20:46 | 000,000,054 | ---- | M] () -- C:\Windows\Player.INI [2012.11.28 20:33:06 | 000,000,132 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.11.28 14:36:48 | 005,473,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.23 16:39:01 | 000,000,600 | ---- | M] () -- C:\Users\*****\AppData\Local\PUTTY.RND [2012.11.21 23:21:05 | 000,024,576 | ---- | M] () -- C:\Windows\SysWow64\AsIO.dll [2012.11.21 23:21:05 | 000,015,416 | ---- | M] () -- C:\Windows\SysNative\drivers\ASACPI.sys [2012.11.21 23:21:05 | 000,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.11.15 16:20:54 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI [2012.11.14 19:06:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.14 19:06:59 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2012.12.03 00:03:09 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2012.12.03 00:02:08 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe [2012.12.02 16:57:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.02 16:57:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.02 16:57:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.02 16:57:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.02 16:57:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.01 20:20:46 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI [2012.11.21 23:23:35 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.11.21 23:23:35 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.11.20 09:01:52 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk [2012.11.17 23:12:10 | 000,000,132 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.11.16 13:11:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 13:06:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.15 22:31:15 | 000,001,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS6.lnk [2012.11.14 22:36:46 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2012.11.14 22:07:00 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk [2012.11.14 22:07:00 | 000,002,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk [2012.11.14 22:07:00 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk [2012.11.14 20:52:06 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk [2012.11.14 20:50:48 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk [2012.11.14 20:46:34 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk [2012.11.14 20:46:07 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk [2012.11.14 20:09:41 | 000,001,650 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk [2012.11.14 20:09:18 | 000,001,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk [2012.11.14 20:09:02 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2012.11.14 20:08:42 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk [2012.11.14 20:07:40 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012.11.14 20:07:38 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012.11.14 20:07:22 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.11.14 19:19:12 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2012.10.10 14:49:29 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Local\PUTTY.RND [2012.10.07 23:44:40 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2012.10.07 23:44:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.10.07 23:44:33 | 000,037,513 | ---- | C] () -- C:\Windows\Irremote.ini [2012.10.07 23:44:24 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe [2012.10.07 23:40:30 | 000,007,188 | ---- | C] () -- C:\Windows\HCWPNP.INI [2012.10.07 01:49:17 | 000,000,332 | ---- | C] () -- C:\Users\*****\SciTE.session [2012.10.06 08:42:41 | 000,007,606 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg [2012.10.06 08:14:07 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.10.06 08:13:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.05 23:02:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.28 02:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 02:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.24 12:30:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Amazon [2012.12.01 20:14:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon [2012.11.17 11:58:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.11.19 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.dmp.contentviewer [2012.11.14 22:48:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat [2012.12.02 23:11:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dropbox [2012.11.26 14:18:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla [2012.11.21 17:51:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LibreOffice [2012.12.03 00:04:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nettalk [2012.11.16 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++ [2012.10.05 23:41:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin [2012.12.01 21:21:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Roni Music [2012.11.14 20:10:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.10.09 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2012.10.05 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2012.12.02 23:54:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1227 bytes -> C:\ProgramData\Microsoft:aWucimsIRjTIMuuUuCtzLXHiVGs @Alternate Data Stream - 1149 bytes -> C:\Users\*****\AppData\Local\uvUzpyhhIja:DBGonlGMksOwm7cjpVhGBqXqB @Alternate Data Stream - 1034 bytes -> C:\ProgramData\Microsoft:8dQf1KHfAltBKxJKR8rdMyqQ < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.12.2012 00:04:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,73% Memory free
15,92 Gb Paging File | 14,39 Gb Available in Paging File | 90,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 38,64 Gb Free Space | 38,68% Space Free | Partition Type: NTFS
Drive D: | 831,51 Gb Total Space | 683,46 Gb Free Space | 82,19% Space Free | Partition Type: NTFS
Drive E: | 93,99 Gb Total Space | 93,90 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive F: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1768,93 Gb Total Space | 1343,81 Gb Free Space | 75,97% Space Free | Partition Type: NTFS
Computer Name: *****SPC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078BF4CF-E043-4DEB-9B43-B0143A0523B4}" = lport=138 | protocol=17 | dir=in | app=system |
"{0842347E-CF96-4D80-BBC8-C85CDA77B023}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12E64484-54E1-4517-B279-EE28D3BB2BBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2166F564-A03A-42F2-A71E-6F0C1C3F6B0C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{313D82E4-8CBE-4C78-A0CC-25126AF10632}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32913AB2-FDE6-4B3E-B6B8-CA0F6B04AC2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34B79B1C-6353-4A43-9B5B-EDCFFB7E3E70}" = lport=137 | protocol=17 | dir=in | app=system |
"{3C3B7ED3-3317-423F-A7A8-7E5952A928BC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3CE01325-B938-4389-A4E2-6AE9B5956397}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{46DB5FE9-89E8-47BD-AC5D-34244ACE4F7C}" = rport=445 | protocol=6 | dir=out | app=system |
"{64193C10-D820-4E62-A03B-29C4B3A0B7B9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9C576E1B-5A21-4A3B-9DAE-6336F29224B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A963D44D-0289-4531-A5F6-6B8786209DD7}" = lport=139 | protocol=6 | dir=in | app=system |
"{ACC6D569-BB6F-4940-8DE9-5560BD1C892F}" = rport=138 | protocol=17 | dir=out | app=system |
"{BA686935-F419-46D4-BF39-F57E6CB2E895}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9370CDD-B350-4AC6-971C-0A1016F80904}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBB91DDE-9CA1-4419-BD9F-C36B874EC512}" = rport=139 | protocol=6 | dir=out | app=system |
"{EDE197A3-A652-4067-B9F8-C073AF1F311C}" = lport=445 | protocol=6 | dir=in | app=system |
"{EEE6F6C1-B96B-4793-AFF5-72DBBC83C683}" = rport=137 | protocol=17 | dir=out | app=system |
"{F735079D-D85A-458A-A5B7-98B1D2DCD374}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEFF8103-394C-49B2-84DB-D47237458CA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B1E1D7-9E19-4A3C-B4D9-EF94D5486FFF}" = protocol=6 | dir=out | app=system |
"{0A2F0E1F-555F-43DD-936B-82D17BC93501}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1EB90DB1-CA3D-4AAA-9E87-3508698FE886}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{25C6DC92-2561-4F67-B4CD-E0D69DE3806C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E996DC8-BEA3-4EC9-9986-F33B408D5F44}" = protocol=17 | dir=in | app=d:\programme\utorrent\utorrent.exe |
"{35C39396-479A-40A2-844D-AEF0CC1A1A99}" = protocol=6 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe |
"{379EFF94-842D-4B6A-A366-3E9A0DBCF365}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{383D0AF8-B0A0-4CB0-8C0D-306152EA7692}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{39DA69F6-F978-43AE-A3BA-C25465576595}" = protocol=6 | dir=in | app=d:\programme\utorrent\utorrent.exe |
"{3F72D32E-DD15-464E-837A-5B93329363A9}" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"{43FFC225-4FDF-49E3-88A4-CB644F0D5CBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{454F7D1A-4122-4D3F-8117-1D398E4C8BC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{530C708B-AB24-421B-A766-E4FAB47965B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{58B7120A-C3F6-4834-96D5-DA69B89A5F9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5B3CC59F-E6BD-4B73-8D2A-FC745F5092C5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{78B8850C-6EA7-477F-B1AC-80EFC24382DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A0A014A-AF2C-4AAB-86B0-7496BD4BB167}" = protocol=6 | dir=in | app=d:\programme\origin games\battlefield 3\bf3.exe |
"{7E241A9D-CB1B-4783-87FF-FDA2F9EA8782}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{830BE7F4-C424-41B0-A41E-A7FA60F982F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92F5D16D-FC0D-4C48-B0A4-B4D13B64A54F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{93990FCB-07D1-46B7-BA68-3CC11DD00A74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98B1298C-FA27-4239-991D-F53FEC632BB2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A64CAE97-824F-4D1F-80A7-C8C75BEB48D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7DB77C4-16EF-48CC-8CDA-4323495D841F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{AE77738C-6794-4C80-AEE7-F4196A946878}" = protocol=17 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe |
"{B9BB67EB-4636-4494-9EC1-4E8C43BC74D7}" = protocol=17 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe |
"{BA7DFCAF-4395-4158-AF3D-C27FC431C533}" = dir=in | app=d:\programme\itunes\itunes.exe |
"{BE228CF6-32BA-4EA8-95DA-07A8DAF0FC86}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFB57565-0D1D-4688-A1F1-36147CCCC725}" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"{C27396A8-0110-4174-8662-98A80E47DB6C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4A1B32B-22FD-40ED-A455-F3D066043B49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C83CCF96-2E02-451B-BCDC-A70159036536}" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{CC818797-C05A-4B4A-AD9F-BC51ECB3D3CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D15C8E63-69EC-494C-AF1E-5D63283D3334}" = protocol=17 | dir=in | app=d:\programme\origin games\battlefield 3\bf3.exe |
"{D4F2AD35-F09B-4D9C-97E4-5B2D35634C22}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D6DA4BD7-C4A6-43C6-801F-D2A7167E4D79}" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{E5A1BB83-C7D4-4B00-AC63-A033D214A236}" = protocol=6 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe |
"{E7934C3D-DE26-430D-84D9-8FDBF3F6715E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{EB66313C-54AF-4E3D-A538-0A8B2920FB8B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCEA371A-71D8-43B7-95C9-657605092EC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FEB12B1C-2AE3-4876-B015-6232503D7B92}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{34B9585A-32CA-4AF1-8805-731F4928537B}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{61C00CA8-421E-44DE-9EFB-187D4D8B15E1}G:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=g:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{7FC04818-804E-4401-900E-A3E8C6DC94B1}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"TCP Query User{96C78E79-67D7-46DF-B03C-E3B036787505}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{A2069BCE-5B3E-453D-A490-FAEE9A9190B6}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{70249A02-C2B4-40A4-BC12-74F19B20C1AF}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{765B3F03-628C-47FF-85B1-5145BD0915EC}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"UDP Query User{A5AE6585-DD75-4A8E-A12E-CC90209A019D}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D9E55894-D4EA-4D40-95C1-777D8FE8134D}G:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=g:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{DE2C2123-5A9C-491F-903B-C73410328EF7}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23D3F585-AE29-4670-8E3E-64A0EFB29240}" = Adobe Acrobat XI Pro
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{483A865C-A74A-12BF-1276-D0111A488F50}" = Adobe® Content Viewer
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7176B973-6011-43C1-AEBC-2D73FE7C6982}" = Adobe Premiere Pro CS6
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AutoItv3" = AutoIt v3.3.8.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.6.0
"Fraps" = Fraps (remove only)
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 18.0 (x86 de)" = Mozilla Thunderbird 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nettalk_is1" = Nettalk 6.7
"Notepad++" = Notepad++
"Origin" = Origin
"PuTTY_is1" = PuTTY version 0.62
"uTorrent" = µTorrent
"xampp" = XAMPP 1.8.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.11.2012 16:37:48 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10015
Error - 30.11.2012 16:37:49 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.11.2012 16:37:49 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11014
Error - 30.11.2012 16:37:49 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11014
Error - 30.11.2012 16:37:50 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.11.2012 16:37:50 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12012
Error - 30.11.2012 16:37:50 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12012
Error - 30.11.2012 16:37:51 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.11.2012 16:37:51 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13011
Error - 30.11.2012 16:37:51 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13011
[ System Events ]
Error - 02.12.2012 10:43:17 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 10:43:20 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 10:43:23 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 10:43:25 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 10:43:28 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 10:43:31 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error - 02.12.2012 11:57:23 | Computer Name = *****sPC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 02.12.2012 12:00:08 | Computer Name = *****sPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 02.12.2012 12:02:01 | Computer Name = *****sPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 02.12.2012 12:02:28 | Computer Name = *****sPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
Falls noch Fragen offen sind, bitte bescheidgeben, danke. Viele Grüße, Weesel Geändert von Weesel (03.12.2012 um 00:55 Uhr) |
|
03.12.2012, 15:57
| #2 |
| /// Malware-holic   | Claro-Search Virus (?) hi
__________________download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
03.12.2012, 16:13
| #3 |
| | Claro-Search Virus (?) Hi markusg,
__________________danke für deine Antwort. Hier der Inhalt des tdsskiller-logs: Code:
ATTFilter 16:09:31.0839 4316 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:09:32.0011 4316 ============================================================
16:09:32.0011 4316 Current date / time: 2012/12/03 16:09:32.0011
16:09:32.0011 4316 SystemInfo:
16:09:32.0011 4316
16:09:32.0011 4316 OS Version: 6.1.7601 ServicePack: 1.0
16:09:32.0011 4316 Product type: Workstation
16:09:32.0011 4316 ComputerName: *****SPC
16:09:32.0011 4316 UserName: *****
16:09:32.0011 4316 Windows directory: C:\Windows
16:09:32.0011 4316 System windows directory: C:\Windows
16:09:32.0011 4316 Running under WOW64
16:09:32.0011 4316 Processor architecture: Intel x64
16:09:32.0011 4316 Number of processors: 8
16:09:32.0011 4316 Page size: 0x1000
16:09:32.0011 4316 Boot type: Normal boot
16:09:32.0011 4316 ============================================================
16:09:33.0461 4316 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:09:33.0461 4316 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:09:33.0461 4316 ============================================================
16:09:33.0461 4316 \Device\Harddisk0\DR0:
16:09:33.0461 4316 MBR partitions:
16:09:33.0461 4316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:09:33.0461 4316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7CE000
16:09:33.0461 4316 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x67F05000
16:09:33.0461 4316 \Device\Harddisk1\DR1:
16:09:33.0461 4316 MBR partitions:
16:09:33.0461 4316 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:09:33.0461 4316 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDD1DA800
16:09:33.0461 4316 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xDD20D000, BlocksNum 0xBBFA800
16:09:33.0461 4316 ============================================================
16:09:33.0477 4316 C: <-> \Device\Harddisk0\DR0\Partition2
16:09:33.0493 4316 D: <-> \Device\Harddisk0\DR0\Partition3
16:09:33.0524 4316 G: <-> \Device\Harddisk1\DR1\Partition2
16:09:33.0539 4316 E: <-> \Device\Harddisk1\DR1\Partition3
16:09:33.0539 4316 ============================================================
16:09:33.0539 4316 Initialize success
16:09:33.0539 4316 ============================================================
16:10:13.0631 4496 ============================================================
16:10:13.0631 4496 Scan started
16:10:13.0631 4496 Mode: Manual; SigCheck; TDLFS;
16:10:13.0631 4496 ============================================================
16:10:14.0443 4496 ================ Scan system memory ========================
16:10:14.0443 4496 System memory - ok
16:10:14.0443 4496 ================ Scan services =============================
16:10:14.0661 4496 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:10:14.0895 4496 1394ohci - ok
16:10:14.0911 4496 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:10:14.0926 4496 ACPI - ok
16:10:14.0957 4496 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:10:15.0035 4496 AcpiPmi - ok
16:10:15.0098 4496 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:10:15.0129 4496 AdobeARMservice - ok
16:10:15.0223 4496 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:10:15.0254 4496 AdobeFlashPlayerUpdateSvc - ok
16:10:15.0301 4496 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:10:15.0363 4496 adp94xx - ok
16:10:15.0363 4496 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:10:15.0379 4496 adpahci - ok
16:10:15.0379 4496 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:10:15.0394 4496 adpu320 - ok
16:10:15.0410 4496 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:10:15.0519 4496 AeLookupSvc - ok
16:10:15.0566 4496 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:10:15.0628 4496 AFD - ok
16:10:15.0644 4496 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:10:15.0675 4496 agp440 - ok
16:10:15.0675 4496 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:10:15.0737 4496 ALG - ok
16:10:15.0769 4496 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:10:15.0784 4496 aliide - ok
16:10:15.0800 4496 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:10:15.0878 4496 AMD External Events Utility - ok
16:10:15.0893 4496 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:10:15.0909 4496 amdide - ok
16:10:15.0925 4496 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:10:15.0971 4496 AmdK8 - ok
16:10:16.0112 4496 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:10:16.0346 4496 amdkmdag - ok
16:10:16.0361 4496 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:10:16.0377 4496 amdkmdap - ok
16:10:16.0408 4496 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:10:16.0439 4496 AmdPPM - ok
16:10:16.0455 4496 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:10:16.0486 4496 amdsata - ok
16:10:16.0486 4496 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:10:16.0517 4496 amdsbs - ok
16:10:16.0533 4496 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:10:16.0549 4496 amdxata - ok
16:10:16.0595 4496 [ 07194A09DC27C99A2474251DE27F6E17 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:10:16.0627 4496 AntiVirSchedulerService - ok
16:10:16.0642 4496 [ F0964ECD283591E7686AF912298B9F39 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:10:16.0658 4496 AntiVirService - ok
16:10:16.0705 4496 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:10:16.0923 4496 AppID - ok
16:10:16.0939 4496 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:10:17.0001 4496 AppIDSvc - ok
16:10:17.0032 4496 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:10:17.0110 4496 Appinfo - ok
16:10:17.0157 4496 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:10:17.0173 4496 Apple Mobile Device - ok
16:10:17.0219 4496 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:10:17.0251 4496 arc - ok
16:10:17.0251 4496 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:10:17.0266 4496 arcsas - ok
16:10:17.0313 4496 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
16:10:17.0344 4496 AsIO - ok
16:10:17.0360 4496 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:10:17.0407 4496 AsyncMac - ok
16:10:17.0422 4496 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:10:17.0438 4496 atapi - ok
16:10:17.0453 4496 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:10:17.0469 4496 AtiHDAudioService - ok
16:10:17.0516 4496 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:10:17.0625 4496 AudioEndpointBuilder - ok
16:10:17.0656 4496 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:10:17.0672 4496 AudioSrv - ok
16:10:17.0687 4496 [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:10:17.0687 4496 avgntflt - ok
16:10:17.0719 4496 [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:10:17.0750 4496 avipbb - ok
16:10:17.0765 4496 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:10:17.0781 4496 avkmgr - ok
16:10:17.0812 4496 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:10:17.0937 4496 AxInstSV - ok
16:10:17.0953 4496 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:10:17.0984 4496 b06bdrv - ok
16:10:18.0015 4496 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:10:18.0046 4496 b57nd60a - ok
16:10:18.0093 4496 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:10:18.0140 4496 BDESVC - ok
16:10:18.0155 4496 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:10:18.0218 4496 Beep - ok
16:10:18.0265 4496 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:10:18.0311 4496 BFE - ok
16:10:18.0327 4496 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:10:18.0374 4496 BITS - ok
16:10:18.0389 4496 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:10:18.0405 4496 blbdrive - ok
16:10:18.0467 4496 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:10:18.0483 4496 Bonjour Service - ok
16:10:18.0514 4496 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:10:18.0545 4496 bowser - ok
16:10:18.0561 4496 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:10:18.0623 4496 BrFiltLo - ok
16:10:18.0623 4496 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:10:18.0655 4496 BrFiltUp - ok
16:10:18.0655 4496 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:10:18.0701 4496 BridgeMP - ok
16:10:18.0717 4496 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:10:18.0748 4496 Browser - ok
16:10:18.0748 4496 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:10:18.0795 4496 Brserid - ok
16:10:18.0795 4496 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:10:18.0826 4496 BrSerWdm - ok
16:10:18.0826 4496 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:10:18.0842 4496 BrUsbMdm - ok
16:10:18.0842 4496 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:10:18.0857 4496 BrUsbSer - ok
16:10:18.0873 4496 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:10:18.0889 4496 BTHMODEM - ok
16:10:18.0904 4496 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:10:18.0935 4496 bthserv - ok
16:10:18.0951 4496 catchme - ok
16:10:18.0967 4496 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:10:18.0982 4496 cdfs - ok
16:10:19.0013 4496 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:10:19.0045 4496 cdrom - ok
16:10:19.0076 4496 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:10:19.0138 4496 CertPropSvc - ok
16:10:19.0138 4496 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:10:19.0201 4496 circlass - ok
16:10:19.0201 4496 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:10:19.0232 4496 CLFS - ok
16:10:19.0294 4496 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:19.0341 4496 clr_optimization_v2.0.50727_32 - ok
16:10:19.0372 4496 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:10:19.0403 4496 clr_optimization_v2.0.50727_64 - ok
16:10:19.0450 4496 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:10:19.0528 4496 clr_optimization_v4.0.30319_32 - ok
16:10:19.0559 4496 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:10:19.0575 4496 clr_optimization_v4.0.30319_64 - ok
16:10:19.0591 4496 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:10:19.0622 4496 CmBatt - ok
16:10:19.0653 4496 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:10:19.0669 4496 cmdide - ok
16:10:19.0700 4496 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:10:19.0747 4496 CNG - ok
16:10:19.0762 4496 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:10:19.0762 4496 Compbatt - ok
16:10:19.0793 4496 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:10:19.0840 4496 CompositeBus - ok
16:10:19.0856 4496 COMSysApp - ok
16:10:19.0871 4496 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:10:19.0887 4496 crcdisk - ok
16:10:19.0918 4496 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:10:19.0949 4496 CryptSvc - ok
16:10:19.0981 4496 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:10:20.0043 4496 DcomLaunch - ok
16:10:20.0074 4496 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:10:20.0105 4496 defragsvc - ok
16:10:20.0137 4496 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:10:20.0168 4496 DfsC - ok
16:10:20.0199 4496 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:10:20.0261 4496 Dhcp - ok
16:10:20.0277 4496 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:10:20.0324 4496 discache - ok
16:10:20.0339 4496 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:10:20.0355 4496 Disk - ok
16:10:20.0386 4496 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:10:20.0433 4496 Dnscache - ok
16:10:20.0464 4496 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:10:20.0527 4496 dot3svc - ok
16:10:20.0558 4496 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:10:20.0620 4496 DPS - ok
16:10:20.0667 4496 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:10:20.0683 4496 drmkaud - ok
16:10:20.0714 4496 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:10:20.0745 4496 DXGKrnl - ok
16:10:20.0761 4496 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:10:20.0792 4496 EapHost - ok
16:10:20.0823 4496 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:10:20.0917 4496 ebdrv - ok
16:10:20.0948 4496 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:10:20.0963 4496 EFS - ok
16:10:21.0010 4496 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:10:21.0073 4496 ehRecvr - ok
16:10:21.0104 4496 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:10:21.0151 4496 ehSched - ok
16:10:21.0166 4496 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:10:21.0197 4496 elxstor - ok
16:10:21.0229 4496 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:10:21.0260 4496 ErrDev - ok
16:10:21.0275 4496 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:10:21.0338 4496 EventSystem - ok
16:10:21.0338 4496 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:10:21.0369 4496 exfat - ok
16:10:21.0369 4496 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:10:21.0416 4496 fastfat - ok
16:10:21.0447 4496 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:10:21.0463 4496 Fax - ok
16:10:21.0463 4496 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:10:21.0478 4496 fdc - ok
16:10:21.0494 4496 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:10:21.0525 4496 fdPHost - ok
16:10:21.0525 4496 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:10:21.0556 4496 FDResPub - ok
16:10:21.0572 4496 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:10:21.0587 4496 FileInfo - ok
16:10:21.0603 4496 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:10:21.0681 4496 Filetrace - ok
16:10:21.0681 4496 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:10:21.0697 4496 flpydisk - ok
16:10:21.0728 4496 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:10:21.0775 4496 FltMgr - ok
16:10:22.0976 4496 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:10:23.0054 4496 FontCache - ok
16:10:23.0085 4496 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:10:23.0116 4496 FontCache3.0.0.0 - ok
16:10:23.0132 4496 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:10:23.0147 4496 FsDepends - ok
16:10:23.0179 4496 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:10:23.0194 4496 Fs_Rec - ok
16:10:23.0225 4496 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:10:23.0257 4496 fvevol - ok
16:10:23.0272 4496 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:10:23.0288 4496 gagp30kx - ok
16:10:23.0319 4496 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:10:23.0335 4496 GEARAspiWDM - ok
16:10:23.0366 4496 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:10:23.0444 4496 gpsvc - ok
16:10:23.0537 4496 [ CCEEE2B29DC6A6F6F702D282CA407033 ] HauppaugeTVServer D:\Programme\Hauppauge\WinTV\TVServer\HauppaugeTVServer.exe
16:10:23.0569 4496 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
16:10:23.0569 4496 HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1)
16:10:23.0584 4496 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:10:23.0631 4496 hcw85cir - ok
16:10:23.0678 4496 [ C4A20A7C685FE8EB60ED9564F25DE298 ] hcw95bda C:\Windows\system32\Drivers\hcw95bda.sys
16:10:23.0725 4496 hcw95bda - ok
16:10:23.0740 4496 [ F6EFDCF33CD1CB40F3F623CF9E077D1F ] hcw95rc C:\Windows\system32\DRIVERS\hcw95rc.sys
16:10:23.0771 4496 hcw95rc - ok
16:10:23.0803 4496 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:10:23.0849 4496 HdAudAddService - ok
16:10:23.0865 4496 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:10:23.0896 4496 HDAudBus - ok
16:10:23.0912 4496 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:10:23.0927 4496 HECIx64 - ok
16:10:23.0943 4496 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:10:23.0959 4496 HidBatt - ok
16:10:23.0974 4496 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:10:23.0990 4496 HidBth - ok
16:10:24.0005 4496 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:10:24.0037 4496 HidIr - ok
16:10:24.0068 4496 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:10:24.0115 4496 hidserv - ok
16:10:24.0115 4496 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:10:24.0130 4496 HidUsb - ok
16:10:24.0161 4496 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:10:24.0193 4496 hkmsvc - ok
16:10:24.0224 4496 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:10:24.0271 4496 HomeGroupListener - ok
16:10:24.0286 4496 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:10:24.0317 4496 HomeGroupProvider - ok
16:10:24.0333 4496 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:10:24.0349 4496 HpSAMD - ok
16:10:24.0364 4496 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:10:24.0442 4496 HTTP - ok
16:10:24.0458 4496 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:10:24.0473 4496 hwpolicy - ok
16:10:24.0489 4496 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:10:24.0505 4496 i8042prt - ok
16:10:24.0520 4496 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:10:24.0536 4496 iaStorV - ok
16:10:24.0551 4496 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:10:24.0614 4496 idsvc - ok
16:10:24.0614 4496 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:10:24.0629 4496 iirsp - ok
16:10:24.0645 4496 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:10:24.0707 4496 IKEEXT - ok
16:10:24.0707 4496 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:10:24.0723 4496 intelide - ok
16:10:24.0739 4496 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:10:24.0754 4496 intelppm - ok
16:10:24.0770 4496 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:10:24.0817 4496 IPBusEnum - ok
16:10:24.0848 4496 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:10:24.0910 4496 IpFilterDriver - ok
16:10:24.0926 4496 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:10:24.0988 4496 iphlpsvc - ok
16:10:25.0004 4496 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:10:25.0051 4496 IPMIDRV - ok
16:10:25.0066 4496 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:10:25.0129 4496 IPNAT - ok
16:10:25.0222 4496 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:10:25.0285 4496 iPod Service - ok
16:10:25.0300 4496 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:10:25.0394 4496 IRENUM - ok
16:10:25.0441 4496 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:10:25.0456 4496 isapnp - ok
16:10:25.0519 4496 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:10:25.0550 4496 iScsiPrt - ok
16:10:25.0581 4496 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:10:25.0597 4496 kbdclass - ok
16:10:25.0612 4496 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:10:25.0659 4496 kbdhid - ok
16:10:25.0659 4496 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:10:25.0690 4496 KeyIso - ok
16:10:25.0706 4496 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:10:25.0737 4496 KSecDD - ok
16:10:25.0753 4496 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:10:25.0768 4496 KSecPkg - ok
16:10:25.0784 4496 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:10:25.0831 4496 ksthunk - ok
16:10:25.0846 4496 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:10:25.0893 4496 KtmRm - ok
16:10:25.0924 4496 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:10:25.0955 4496 LanmanServer - ok
16:10:25.0987 4496 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:10:26.0018 4496 LanmanWorkstation - ok
16:10:26.0033 4496 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:10:26.0065 4496 lltdio - ok
16:10:26.0096 4496 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:10:26.0174 4496 lltdsvc - ok
16:10:26.0174 4496 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:10:26.0205 4496 lmhosts - ok
16:10:26.0221 4496 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:10:26.0236 4496 LSI_FC - ok
16:10:26.0236 4496 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:10:26.0252 4496 LSI_SAS - ok
16:10:26.0252 4496 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:10:26.0267 4496 LSI_SAS2 - ok
16:10:26.0267 4496 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:10:26.0283 4496 LSI_SCSI - ok
16:10:26.0283 4496 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:10:26.0314 4496 luafv - ok
16:10:26.0330 4496 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:10:26.0345 4496 MBAMProtector - ok
16:10:26.0392 4496 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:10:26.0423 4496 MBAMScheduler - ok
16:10:26.0455 4496 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
16:10:26.0470 4496 MBAMService - ok
16:10:26.0486 4496 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:10:26.0517 4496 Mcx2Svc - ok
16:10:26.0533 4496 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:10:26.0548 4496 megasas - ok
16:10:26.0564 4496 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:10:26.0579 4496 MegaSR - ok
16:10:26.0595 4496 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:10:26.0626 4496 MMCSS - ok
16:10:26.0626 4496 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:10:26.0657 4496 Modem - ok
16:10:26.0673 4496 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:10:26.0689 4496 monitor - ok
16:10:26.0720 4496 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
16:10:26.0735 4496 mouclass - ok
16:10:26.0735 4496 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:10:26.0751 4496 mouhid - ok
16:10:26.0782 4496 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:10:26.0813 4496 mountmgr - ok
16:10:26.0860 4496 [ 45A25F0152975F2181F12F56E81CF22D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:10:26.0891 4496 MozillaMaintenance - ok
16:10:26.0923 4496 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:10:26.0954 4496 mpio - ok
16:10:26.0969 4496 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:10:27.0032 4496 mpsdrv - ok
16:10:27.0047 4496 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:10:27.0110 4496 MpsSvc - ok
16:10:27.0141 4496 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:10:27.0188 4496 MRxDAV - ok
16:10:27.0203 4496 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:10:27.0235 4496 mrxsmb - ok
16:10:27.0266 4496 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:10:27.0281 4496 mrxsmb10 - ok
16:10:27.0313 4496 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:10:27.0328 4496 mrxsmb20 - ok
16:10:27.0344 4496 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:10:27.0359 4496 msahci - ok
16:10:27.0375 4496 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:10:27.0391 4496 msdsm - ok
16:10:27.0422 4496 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:10:27.0437 4496 MSDTC - ok
16:10:27.0453 4496 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:10:27.0500 4496 Msfs - ok
16:10:27.0500 4496 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:10:27.0547 4496 mshidkmdf - ok
16:10:27.0562 4496 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:10:27.0593 4496 msisadrv - ok
16:10:27.0656 4496 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:10:27.0718 4496 MSiSCSI - ok
16:10:27.0718 4496 msiserver - ok
16:10:27.0734 4496 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:10:27.0765 4496 MSKSSRV - ok
16:10:27.0796 4496 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:10:27.0859 4496 MSPCLOCK - ok
16:10:27.0859 4496 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:10:27.0890 4496 MSPQM - ok
16:10:27.0921 4496 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:10:27.0952 4496 MsRPC - ok
16:10:27.0968 4496 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:10:27.0983 4496 mssmbios - ok
16:10:27.0983 4496 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:10:28.0030 4496 MSTEE - ok
16:10:28.0030 4496 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:10:28.0046 4496 MTConfig - ok
16:10:28.0077 4496 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
16:10:28.0108 4496 MTsensor - ok
16:10:28.0108 4496 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:10:28.0139 4496 Mup - ok
16:10:28.0155 4496 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:10:28.0202 4496 napagent - ok
16:10:28.0233 4496 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:10:28.0249 4496 NativeWifiP - ok
16:10:28.0295 4496 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:10:28.0327 4496 NDIS - ok
16:10:28.0342 4496 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:10:28.0373 4496 NdisCap - ok
16:10:28.0405 4496 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:10:28.0451 4496 NdisTapi - ok
16:10:28.0467 4496 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:10:28.0514 4496 Ndisuio - ok
16:10:28.0529 4496 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:10:28.0561 4496 NdisWan - ok
16:10:28.0592 4496 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:10:28.0623 4496 NDProxy - ok
16:10:28.0623 4496 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:10:28.0654 4496 NetBIOS - ok
16:10:28.0685 4496 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:10:28.0717 4496 NetBT - ok
16:10:28.0717 4496 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:10:28.0732 4496 Netlogon - ok
16:10:28.0763 4496 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:10:28.0810 4496 Netman - ok
16:10:28.0826 4496 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:10:28.0857 4496 netprofm - ok
16:10:28.0873 4496 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:10:28.0888 4496 NetTcpPortSharing - ok
16:10:28.0919 4496 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:10:28.0919 4496 nfrd960 - ok
16:10:28.0951 4496 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:10:28.0997 4496 NlaSvc - ok
16:10:29.0013 4496 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:10:29.0060 4496 Npfs - ok
16:10:29.0075 4496 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:10:29.0122 4496 nsi - ok
16:10:29.0138 4496 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:10:29.0169 4496 nsiproxy - ok
16:10:29.0216 4496 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:10:29.0294 4496 Ntfs - ok
16:10:29.0294 4496 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:10:29.0325 4496 Null - ok
16:10:29.0372 4496 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:10:29.0372 4496 nvraid - ok
16:10:29.0387 4496 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:10:29.0403 4496 nvstor - ok
16:10:29.0419 4496 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:10:29.0434 4496 nv_agp - ok
16:10:29.0450 4496 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:10:29.0465 4496 ohci1394 - ok
16:10:29.0481 4496 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:10:29.0512 4496 p2pimsvc - ok
16:10:29.0528 4496 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:10:29.0528 4496 p2psvc - ok
16:10:29.0559 4496 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:10:29.0575 4496 Parport - ok
16:10:29.0606 4496 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:10:29.0621 4496 partmgr - ok
16:10:29.0621 4496 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:10:29.0653 4496 PcaSvc - ok
16:10:29.0653 4496 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:10:29.0668 4496 pci - ok
16:10:29.0684 4496 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:10:29.0699 4496 pciide - ok
16:10:29.0699 4496 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:10:29.0715 4496 pcmcia - ok
16:10:29.0731 4496 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:10:29.0731 4496 pcw - ok
16:10:29.0762 4496 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:10:29.0793 4496 PEAUTH - ok
16:10:29.0918 4496 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:10:29.0949 4496 PerfHost - ok
16:10:30.0043 4496 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:10:30.0121 4496 pla - ok
16:10:30.0152 4496 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:10:30.0230 4496 PlugPlay - ok
16:10:30.0245 4496 PnkBstrA - ok
16:10:30.0261 4496 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:10:30.0292 4496 PNRPAutoReg - ok
16:10:30.0323 4496 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:10:30.0339 4496 PNRPsvc - ok
16:10:30.0386 4496 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:10:30.0464 4496 PolicyAgent - ok
16:10:30.0479 4496 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:10:30.0511 4496 Power - ok
16:10:30.0542 4496 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:10:30.0573 4496 PptpMiniport - ok
16:10:30.0589 4496 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:10:30.0620 4496 Processor - ok
16:10:30.0620 4496 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:10:30.0667 4496 ProfSvc - ok
16:10:30.0667 4496 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:10:30.0682 4496 ProtectedStorage - ok
16:10:30.0713 4496 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:10:30.0760 4496 Psched - ok
16:10:30.0776 4496 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:10:30.0791 4496 PxHlpa64 - ok
16:10:30.0823 4496 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:10:30.0869 4496 ql2300 - ok
16:10:30.0885 4496 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:10:30.0885 4496 ql40xx - ok
16:10:30.0901 4496 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:10:30.0916 4496 QWAVE - ok
16:10:30.0932 4496 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:10:30.0947 4496 QWAVEdrv - ok
16:10:30.0947 4496 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:10:30.0979 4496 RasAcd - ok
16:10:31.0010 4496 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:10:31.0057 4496 RasAgileVpn - ok
16:10:31.0057 4496 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:10:31.0088 4496 RasAuto - ok
16:10:31.0103 4496 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:10:31.0135 4496 Rasl2tp - ok
16:10:31.0166 4496 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:10:31.0197 4496 RasMan - ok
16:10:31.0197 4496 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:10:31.0228 4496 RasPppoe - ok
16:10:31.0244 4496 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:10:31.0275 4496 RasSstp - ok
16:10:31.0291 4496 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:10:31.0337 4496 rdbss - ok
16:10:31.0353 4496 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:10:31.0369 4496 rdpbus - ok
16:10:31.0384 4496 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:10:31.0415 4496 RDPCDD - ok
16:10:31.0415 4496 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:10:31.0447 4496 RDPENCDD - ok
16:10:31.0462 4496 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:10:31.0493 4496 RDPREFMP - ok
16:10:31.0509 4496 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:10:31.0525 4496 RDPWD - ok
16:10:31.0556 4496 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:10:31.0603 4496 rdyboost - ok
16:10:31.0603 4496 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:10:31.0665 4496 RemoteAccess - ok
16:10:31.0665 4496 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:10:31.0696 4496 RemoteRegistry - ok
16:10:31.0712 4496 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:10:31.0774 4496 RpcEptMapper - ok
16:10:31.0790 4496 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:10:31.0805 4496 RpcLocator - ok
16:10:31.0821 4496 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:10:31.0852 4496 RpcSs - ok
16:10:31.0868 4496 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:10:31.0883 4496 rspndr - ok
16:10:31.0899 4496 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:10:31.0915 4496 RTL8167 - ok
16:10:31.0930 4496 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:10:31.0930 4496 SamSs - ok
16:10:31.0946 4496 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:10:31.0961 4496 sbp2port - ok
16:10:31.0977 4496 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:10:32.0008 4496 SCardSvr - ok
16:10:32.0024 4496 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:10:32.0055 4496 scfilter - ok
16:10:32.0086 4496 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:10:32.0149 4496 Schedule - ok
16:10:32.0164 4496 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:10:32.0195 4496 SCPolicySvc - ok
16:10:32.0211 4496 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:10:32.0258 4496 SDRSVC - ok
16:10:32.0273 4496 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:10:32.0336 4496 secdrv - ok
16:10:32.0367 4496 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:10:32.0429 4496 seclogon - ok
16:10:32.0445 4496 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:10:32.0461 4496 SENS - ok
16:10:32.0476 4496 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:10:32.0507 4496 SensrSvc - ok
16:10:32.0539 4496 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:10:32.0570 4496 Serenum - ok
16:10:32.0585 4496 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:10:32.0617 4496 Serial - ok
16:10:32.0663 4496 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:10:32.0695 4496 sermouse - ok
16:10:32.0726 4496 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:10:32.0804 4496 SessionEnv - ok
16:10:32.0819 4496 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:10:32.0851 4496 sffdisk - ok
16:10:32.0882 4496 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:10:32.0897 4496 sffp_mmc - ok
16:10:32.0913 4496 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:10:32.0944 4496 sffp_sd - ok
16:10:32.0944 4496 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:10:32.0975 4496 sfloppy - ok
16:10:32.0991 4496 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:10:33.0069 4496 SharedAccess - ok
16:10:33.0085 4496 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:10:33.0194 4496 ShellHWDetection - ok
16:10:33.0225 4496 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:10:33.0225 4496 SiSRaid2 - ok
16:10:33.0241 4496 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:10:33.0256 4496 SiSRaid4 - ok
16:10:33.0272 4496 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:10:33.0303 4496 Smb - ok
16:10:33.0334 4496 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:10:33.0365 4496 SNMPTRAP - ok
16:10:33.0365 4496 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:10:33.0381 4496 spldr - ok
16:10:33.0412 4496 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:10:33.0521 4496 Spooler - ok
16:10:33.0599 4496 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:10:33.0677 4496 sppsvc - ok
16:10:33.0677 4496 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:10:33.0724 4496 sppuinotify - ok
16:10:33.0740 4496 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:10:33.0755 4496 srv - ok
16:10:33.0787 4496 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:10:33.0818 4496 srv2 - ok
16:10:33.0818 4496 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:10:33.0833 4496 srvnet - ok
16:10:33.0865 4496 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:10:33.0880 4496 SSDPSRV - ok
16:10:33.0896 4496 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:10:33.0911 4496 SstpSvc - ok
16:10:33.0943 4496 Steam Client Service - ok
16:10:33.0958 4496 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:10:33.0974 4496 stexstor - ok
16:10:34.0021 4496 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:10:34.0067 4496 stisvc - ok
16:10:34.0099 4496 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:10:34.0114 4496 swenum - ok
16:10:34.0145 4496 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:10:34.0192 4496 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:10:34.0192 4496 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:10:34.0208 4496 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:10:34.0270 4496 swprv - ok
16:10:34.0317 4496 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:10:34.0379 4496 SysMain - ok
16:10:34.0411 4496 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:10:34.0442 4496 TabletInputService - ok
16:10:34.0473 4496 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:10:34.0551 4496 TapiSrv - ok
16:10:34.0551 4496 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:10:34.0582 4496 TBS - ok
16:10:34.0645 4496 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:10:34.0754 4496 Tcpip - ok
16:10:34.0785 4496 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:10:34.0801 4496 TCPIP6 - ok
16:10:34.0832 4496 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:10:34.0847 4496 tcpipreg - ok
16:10:34.0847 4496 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:10:34.0863 4496 TDPIPE - ok
16:10:34.0879 4496 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:10:34.0910 4496 TDTCP - ok
16:10:34.0925 4496 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:10:34.0957 4496 tdx - ok
16:10:34.0972 4496 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:10:34.0972 4496 TermDD - ok
16:10:35.0003 4496 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:10:35.0081 4496 TermService - ok
16:10:35.0081 4496 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:10:35.0113 4496 Themes - ok
16:10:35.0128 4496 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:10:35.0144 4496 THREADORDER - ok
16:10:35.0175 4496 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:10:35.0206 4496 TrkWks - ok
16:10:35.0237 4496 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:10:35.0300 4496 TrustedInstaller - ok
16:10:35.0315 4496 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:10:35.0347 4496 tssecsrv - ok
16:10:35.0347 4496 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:10:35.0393 4496 TsUsbFlt - ok
16:10:35.0425 4496 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:10:35.0487 4496 tunnel - ok
16:10:35.0503 4496 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:10:35.0503 4496 uagp35 - ok
16:10:35.0518 4496 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:10:35.0581 4496 udfs - ok
16:10:35.0596 4496 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:10:35.0612 4496 UI0Detect - ok
16:10:35.0627 4496 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:10:35.0643 4496 uliagpkx - ok
16:10:35.0659 4496 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:10:35.0674 4496 umbus - ok
16:10:35.0705 4496 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:10:35.0705 4496 UmPass - ok
16:10:35.0721 4496 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:10:35.0752 4496 upnphost - ok
16:10:35.0783 4496 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:10:35.0799 4496 usbaudio - ok
16:10:35.0799 4496 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:10:35.0815 4496 usbccgp - ok
16:10:35.0846 4496 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:10:35.0893 4496 usbcir - ok
16:10:35.0893 4496 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:10:35.0924 4496 usbehci - ok
16:10:35.0939 4496 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:10:35.0971 4496 usbhub - ok
16:10:35.0986 4496 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:10:36.0017 4496 usbohci - ok
16:10:36.0017 4496 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:10:36.0033 4496 usbprint - ok
16:10:36.0049 4496 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:10:36.0064 4496 USBSTOR - ok
16:10:36.0080 4496 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:10:36.0127 4496 usbuhci - ok
16:10:36.0127 4496 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:10:36.0189 4496 UxSms - ok
16:10:36.0205 4496 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:10:36.0205 4496 VaultSvc - ok
16:10:36.0220 4496 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:10:36.0236 4496 vdrvroot - ok
16:10:36.0329 4496 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:10:36.0376 4496 vds - ok
16:10:36.0423 4496 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:10:36.0439 4496 vga - ok
16:10:36.0454 4496 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:10:36.0517 4496 VgaSave - ok
16:10:36.0548 4496 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:10:36.0563 4496 vhdmp - ok
16:10:36.0579 4496 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:10:36.0579 4496 viaide - ok
16:10:36.0595 4496 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:10:36.0610 4496 volmgr - ok
16:10:36.0626 4496 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:10:36.0657 4496 volmgrx - ok
16:10:36.0673 4496 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:10:36.0688 4496 volsnap - ok
16:10:36.0704 4496 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:10:36.0719 4496 vsmraid - ok
16:10:36.0766 4496 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:10:36.0860 4496 VSS - ok
16:10:36.0875 4496 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:10:36.0907 4496 vwifibus - ok
16:10:36.0922 4496 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:10:37.0016 4496 W32Time - ok
16:10:37.0031 4496 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:10:37.0047 4496 WacomPen - ok
16:10:37.0078 4496 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:10:37.0125 4496 WANARP - ok
16:10:37.0125 4496 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:10:37.0156 4496 Wanarpv6 - ok
16:10:37.0187 4496 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:10:37.0250 4496 wbengine - ok
16:10:37.0265 4496 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:10:37.0281 4496 WbioSrvc - ok
16:10:37.0297 4496 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:10:37.0328 4496 wcncsvc - ok
16:10:37.0328 4496 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:10:37.0359 4496 WcsPlugInService - ok
16:10:37.0359 4496 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:10:37.0375 4496 Wd - ok
16:10:37.0406 4496 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:10:37.0453 4496 Wdf01000 - ok
16:10:37.0453 4496 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:10:37.0515 4496 WdiServiceHost - ok
16:10:37.0515 4496 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:10:37.0515 4496 WdiSystemHost - ok
16:10:37.0546 4496 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:10:37.0562 4496 WebClient - ok
16:10:37.0577 4496 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:10:37.0624 4496 Wecsvc - ok
16:10:37.0624 4496 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:10:37.0640 4496 wercplsupport - ok
16:10:37.0655 4496 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:10:37.0687 4496 WerSvc - ok
16:10:37.0687 4496 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:10:37.0718 4496 WfpLwf - ok
16:10:37.0718 4496 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:10:37.0733 4496 WIMMount - ok
16:10:37.0733 4496 WinDefend - ok
16:10:37.0733 4496 WinHttpAutoProxySvc - ok
16:10:37.0796 4496 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:10:37.0858 4496 Winmgmt - ok
16:10:37.0905 4496 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:10:38.0014 4496 WinRM - ok
16:10:38.0030 4496 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:10:38.0077 4496 Wlansvc - ok
16:10:38.0186 4496 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:10:38.0264 4496 wlidsvc - ok
16:10:38.0279 4496 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:10:38.0311 4496 WmiAcpi - ok
16:10:38.0326 4496 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:10:38.0373 4496 wmiApSrv - ok
16:10:38.0373 4496 WMPNetworkSvc - ok
16:10:38.0389 4496 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:10:38.0420 4496 WPCSvc - ok
16:10:38.0435 4496 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:10:38.0467 4496 WPDBusEnum - ok
16:10:38.0467 4496 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:10:38.0513 4496 ws2ifsl - ok
16:10:38.0529 4496 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:10:38.0545 4496 wscsvc - ok
16:10:38.0545 4496 WSearch - ok
16:10:38.0638 4496 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:10:38.0685 4496 wuauserv - ok
16:10:38.0701 4496 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:10:38.0732 4496 WudfPf - ok
16:10:38.0763 4496 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:10:38.0794 4496 WUDFRd - ok
16:10:38.0810 4496 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:10:38.0841 4496 wudfsvc - ok
16:10:38.0857 4496 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:10:38.0888 4496 WwanSvc - ok
16:10:38.0903 4496 ================ Scan global ===============================
16:10:38.0919 4496 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:10:38.0950 4496 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:10:38.0966 4496 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:10:38.0997 4496 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:10:39.0028 4496 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:10:39.0044 4496 [Global] - ok
16:10:39.0044 4496 ================ Scan MBR ==================================
16:10:39.0059 4496 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:10:39.0309 4496 \Device\Harddisk0\DR0 - ok
16:10:39.0309 4496 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:10:39.0637 4496 \Device\Harddisk1\DR1 - ok
16:10:39.0637 4496 ================ Scan VBR ==================================
16:10:39.0637 4496 [ 842A5C9346BFD0DAD4F6D8CD15EFB879 ] \Device\Harddisk0\DR0\Partition1
16:10:39.0637 4496 \Device\Harddisk0\DR0\Partition1 - ok
16:10:39.0652 4496 [ 8BC898FE452071C4B2A282532460B6AE ] \Device\Harddisk0\DR0\Partition2
16:10:39.0652 4496 \Device\Harddisk0\DR0\Partition2 - ok
16:10:39.0668 4496 [ 7EFE5AB21F44A76A26FDC4EB29CAC58F ] \Device\Harddisk0\DR0\Partition3
16:10:39.0668 4496 \Device\Harddisk0\DR0\Partition3 - ok
16:10:39.0668 4496 [ 7A77CAD574E1A8067F730D459818E44E ] \Device\Harddisk1\DR1\Partition1
16:10:39.0683 4496 \Device\Harddisk1\DR1\Partition1 - ok
16:10:39.0683 4496 [ A32D7B2E7BA0D340935D21D2924C4AD8 ] \Device\Harddisk1\DR1\Partition2
16:10:39.0683 4496 \Device\Harddisk1\DR1\Partition2 - ok
16:10:39.0683 4496 [ A601477977E48000405642CD63D1240B ] \Device\Harddisk1\DR1\Partition3
16:10:39.0683 4496 \Device\Harddisk1\DR1\Partition3 - ok
16:10:39.0683 4496 ============================================================
16:10:39.0683 4496 Scan finished
16:10:39.0683 4496 ============================================================
16:10:39.0699 4648 Detected object count: 2
16:10:39.0699 4648 Actual detected object count: 2
16:10:53.0411 4648 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user
16:10:53.0411 4648 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:10:53.0411 4648 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
16:10:53.0411 4648 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:11:16.0918 4252 Deinitialize success
Weesel |
|
03.12.2012, 16:43
| #4 |
| /// Malware-holic | Claro-Search Virus (?) hi lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.12.2012, 19:18
| #5 |
| | Claro-Search Virus (?) Hi als "benötigt" habe ich jetzt mal alle markiert, die ich irgendwie brauche, nutze und haben möchte. Code:
ATTFilter Adobe Acrobat XI Pro Adobe Systems 14.11.2012 1,99GB 11.0.00 -notwendig Adobe Acrobat XI Pro Adobe Systems Incorporated 14.11.2012 1,33MB 11.0 -notwendig Adobe After Effects CS6 Adobe Systems Incorporated 14.11.2012 2,25GB 11 -notwendig Adobe AIR Adobe Systems Incorporated 15.11.2012 3.5.0.600 -notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.11.2012 6,00MB 11.5.502.110 -notwendig Adobe Help Manager Adobe Systems Incorporated 14.11.2012 4.0.244 -notwendig Adobe Illustrator CS6 Adobe Systems Incorporated 14.11.2012 2,74GB 16.0 -notwendig Adobe InDesign CS6 Adobe Systems Incorporated 15.11.2012 2,33GB 8.0 -notwendig Adobe Photoshop CS6 Adobe Systems Incorporated 14.11.2012 2,85GB 13.0 -notwendig Adobe Premiere Pro CS6 Adobe Systems Incorporated 14.11.2012 2,67GB 6.0 -notwendig Adobe® Content Viewer Adobe Systems Incorporated 20.11.2012 2.9.0 -notwendig Amazon MP3-Downloader 1.0.17 Amazon Services LLC 24.11.2012 1.0.17 -unnötig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 06.10.2012 26,3MB 8.0.881.0 -notwendig Apple Application Support Apple Inc. 15.11.2012 65,0MB 2.3 -notwendig Apple Mobile Device Support Apple Inc. 09.10.2012 23,7MB 6.0.0.59 -notwendig Apple Software Update Apple Inc. 09.10.2012 2,38MB 2.1.3.127 -notwendig AutoIt v3.3.8.1 AutoIt Team 07.10.2012 -unnötig (bzw. nur gaaanz selten gebraucht) Avira Free Antivirus Avira 27.11.2012 122MB 13.0.0.2832 -notwendig Battlefield 3™ Electronic Arts 06.10.2012 1.4.0.0 -unnötig Battlelog Web Plugins EA Digital Illusions CE AB 06.10.2012 1.138.0 -unnötig Bonjour Apple Inc. 09.10.2012 2,00MB 3.0.0.10 -notwendig CCleaner Piriform 25.11.2012 3.25 -notwendig Dropbox Dropbox, Inc. 06.10.2012 1.4.17 -notwendig ESN Sonar ESN Social Software AB 06.10.2012 0.70.4 -unnötig FileZilla Client 3.6.0 FileZilla Project 16.11.2012 17,0MB 3.6.0 -notwendig Fraps (remove only) 06.10.2012 -unnötig Grand Theft Auto IV Rockstar Games 06.10.2012 1.00.0000 -notwendig (:P) Hauppauge WinTV 7 Hauppauge Computer Works 07.10.2012 v7.0.30237 (CD 2.6) -notwendig iTunes Apple Inc. 09.10.2012 182MB 10.7.0.21 -notwendig LibreOffice 3.6 The Document Foundation 21.11.2012 379MB 3.6.3.2 -notwendig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 02.12.2012 19,4MB 1.65.1.1000 -notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.10.2012 38,8MB 4.0.30319 -notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.10.2012 2,93MB 4.0.30319 -notwendig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 06.10.2012 31,3MB 3.5.92.0 -notwendig Microsoft Silverlight Microsoft Corporation 08.10.2012 50,6MB 5.1.10411.0 -unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.10.2012 300KB 8.0.61001 -unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 14.11.2012 572KB 8.0.61000 -unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 14.11.2012 788KB 9.0.30729.4148 -unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.11.2012 788KB 9.0.30729.6161 -unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.10.2012 596KB 9.0.30729 -unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14.11.2012 232KB 9.0.30729.4148 -unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 06.10.2012 600KB 9.0.30729.6161 -unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 16.11.2012 13,8MB 10.0.40219 -unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.10.2012 12,2MB 10.0.40219 -unbekannt Mozilla Firefox 18.0 (x86 de) Mozilla 02.12.2012 43,7MB 18.0 -notwendig Mozilla Maintenance Service Mozilla 02.12.2012 329KB 18.0 -notwendig Mozilla Thunderbird 18.0 (x86 de) Mozilla 02.12.2012 44,1MB 18.0 -notwendig Nettalk 6.7 Nicolas Kruse 06.10.2012 5,70MB -notwendig Notepad++ 16.11.2012 6.2.1 -notwendig Origin Electronic Arts, Inc. 05.10.2012 9.0.13.2142 -unnötig PuTTY version 0.62 Simon Tatham 10.10.2012 3,43MB 0.62 -notwendig QuickTime Apple Inc. 15.11.2012 73,1MB 7.73.80.64 -notwendig Steam Valve Corporation 05.10.2012 35,4MB 1.0.0.0 -notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 23.11.2012 3.0.6 -notwendig Windows Live ID Sign-in Assistant Microsoft Corporation 06.10.2012 10,0MB 6.500.3165.0 -notwendig XAMPP 1.8.1 16.11.2012 -notwendig µTorrent BitTorrent Inc. 09.10.2012 3.2.1.28086 -notwendig |
|
03.12.2012, 20:04
| #6 |
| /// Malware-holic | Claro-Search Virus (?) Hi, es währe ja auch komisch, hättest du nicht benötigte als nötig markiert :-) deinstaliere: Amazon Battlefield Battlelog ESN Fraps Origin Öffne CCleaner, analysieren, starten, Pc neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Claro-Search Virus (?) |
|
03.12.2012, 21:22
| #7 |
| | Claro-Search Virus (?) Hallöchen Hier die Logdatei von AdwCleaner Code:
ATTFilter # AdwCleaner v2.011 - Datei am 03/12/2012 um 21:20:48 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****SPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\bprotector_prefs.js
Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\searchplugins\mngr.xml
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKU\S-1-5-21-328837541-1024666478-1337621746-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0 (de)
Profilname : default
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hcw1svum.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : Standard-Benutzer [Profil par défaut]
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "Claro Search");
Gefunden : user_pref("browser.search.order.1", "Claro Search");
Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117452&tt=481[...]
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "30a5974a00000000000020cf30bbab81");
Gefunden : user_pref("extensions.claro.instlDay", "15675");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "irhnew");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1020:14:19");
Gefunden : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117452&tt=4812_5&babsrc=KW_ss&mntrId=30[...]
*************************
AdwCleaner[R1].txt - [3691 octets] - [03/12/2012 21:20:48]
########## EOF - C:\AdwCleaner[R1].txt - [3751 octets] ##########
|
|
03.12.2012, 21:25
| #8 |
| /// Malware-holic | Claro-Search Virus (?) hi
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.12.2012, 21:48
| #9 |
| | Claro-Search Virus (?) Moin Code:
ATTFilter # AdwCleaner v2.011 - Datei am 03/12/2012 um 21:44:37 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****SPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\searchplugins\mngr.xml
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0 (de)
Profilname : default
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hcw1svum.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : Standard-Benutzer [Profil par défaut]
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\prefs.js
C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultenginename", "Claro Search");
Gelöscht : user_pref("browser.search.order.1", "Claro Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117452&tt=481[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "30a5974a00000000000020cf30bbab81");
Gelöscht : user_pref("extensions.claro.instlDay", "15675");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "irhnew");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1020:14:19");
Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117452&tt=4812_5&babsrc=KW_ss&mntrId=30[...]
*************************
AdwCleaner[S1].txt - [3633 octets] - [03/12/2012 21:44:37]
########## EOF - C:\AdwCleaner[S1].txt - [3693 octets] ##########
|
|
04.12.2012, 00:21
| #10 |
| /// Malware-holic | Claro-Search Virus (?) hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}affID=117452tt=4812_5babsrc=SP_ssmntrId=30a5974a00000000000020cf30bbab81
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 00:31
| #11 |
| | Claro-Search Virus (?) Guten Morgen :P Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 58264 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: *****
->Flash cache emptied: 59853 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: *****
->Temp folder emptied: 2030851 bytes
->Temporary Internet Files folder emptied: 377302 bytes
->FireFox cache emptied: 256343498 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 247,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12042012_002749
Files\Folders moved on Reboot...
C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\JET5ACC.tmp moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
04.12.2012, 00:49
| #12 |
| /// Malware-holic | Claro-Search Virus (?) Hi, Browser testen. Teile mir mit, ob sie wieder funktionieren. Wenn dem so ist: lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 01:01
| #13 |
| | Claro-Search Virus (?) Hi Die Browser funktionieren einwandfrei. Hier die Liste der Programme: Hinter die Programme, hinter denen nichts steht, kann man sich ein "notwendig" denken :P Code:
ATTFilter Adobe Acrobat XI Pro Adobe Systems 14.11.2012 1,99GB 11.0.00 Adobe Acrobat XI Pro Adobe Systems Incorporated 14.11.2012 1,33MB 11.0 Adobe After Effects CS6 Adobe Systems Incorporated 14.11.2012 2,25GB 11 Adobe AIR Adobe Systems Incorporated 15.11.2012 3.5.0.600 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.11.2012 6,00MB 11.5.502.110 Adobe Help Manager Adobe Systems Incorporated 14.11.2012 4.0.244 Adobe Illustrator CS6 Adobe Systems Incorporated 14.11.2012 2,74GB 16.0 Adobe InDesign CS6 Adobe Systems Incorporated 15.11.2012 2,33GB 8.0 Adobe Photoshop CS6 Adobe Systems Incorporated 14.11.2012 2,85GB 13.0 Adobe Premiere Pro CS6 Adobe Systems Incorporated 14.11.2012 2,67GB 6.0 Adobe® Content Viewer Adobe Systems Incorporated 20.11.2012 2.9.0 AMD Catalyst Install Manager Advanced Micro Devices, Inc. 06.10.2012 26,3MB 8.0.881.0 Apple Application Support Apple Inc. 15.11.2012 65,0MB 2.3 Apple Mobile Device Support Apple Inc. 09.10.2012 23,7MB 6.0.0.59 Apple Software Update Apple Inc. 09.10.2012 2,38MB 2.1.3.127 AutoIt v3.3.8.1 AutoIt Team 07.10.2012 Avira Free Antivirus Avira 27.11.2012 122MB 13.0.0.2832 Bonjour Apple Inc. 09.10.2012 2,00MB 3.0.0.10 CCleaner Piriform 25.11.2012 3.25 Dropbox Dropbox, Inc. 06.10.2012 1.4.17 FileZilla Client 3.6.0 FileZilla Project 16.11.2012 17,0MB 3.6.0 Grand Theft Auto IV Rockstar Games 06.10.2012 1.00.0000 Hauppauge WinTV 7 Hauppauge Computer Works 07.10.2012 v7.0.30237 (CD 2.6) iTunes Apple Inc. 09.10.2012 182MB 10.7.0.21 LibreOffice 3.6 The Document Foundation 21.11.2012 379MB 3.6.3.2 Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 02.12.2012 19,4MB 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.10.2012 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.10.2012 2,93MB 4.0.30319 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 06.10.2012 31,3MB 3.5.92.0 Microsoft Silverlight Microsoft Corporation 08.10.2012 50,6MB 5.1.10411.0 -unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.10.2012 300KB 8.0.61001 -unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 14.11.2012 572KB 8.0.61000 -unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 14.11.2012 788KB 9.0.30729.4148 -unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.11.2012 788KB 9.0.30729.6161 -unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.10.2012 596KB 9.0.30729 -unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14.11.2012 232KB 9.0.30729.4148 -unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 06.10.2012 600KB 9.0.30729.6161 -unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 16.11.2012 13,8MB 10.0.40219 -unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.10.2012 12,2MB 10.0.40219 -unbekannt Mozilla Firefox 18.0 (x86 de) Mozilla 02.12.2012 43,7MB 18.0 Mozilla Maintenance Service Mozilla 02.12.2012 329KB 18.0 Mozilla Thunderbird 18.0 (x86 de) Mozilla 02.12.2012 44,1MB 18.0 Nettalk 6.7 Nicolas Kruse 06.10.2012 5,70MB Notepad++ 16.11.2012 6.2.1 PuTTY version 0.62 Simon Tatham 10.10.2012 3,43MB 0.62 QuickTime Apple Inc. 15.11.2012 73,1MB 7.73.80.64 Steam Valve Corporation 05.10.2012 35,4MB 1.0.0.0 TeamSpeak 3 Client TeamSpeak Systems GmbH 23.11.2012 3.0.6 Windows Live ID Sign-in Assistant Microsoft Corporation 06.10.2012 10,0MB 6.500.3165.0 XAMPP 1.8.1 16.11.2012 µTorrent BitTorrent Inc. 09.10.2012 3.2.1.28086 |
|
04.12.2012, 01:03
| #14 |
| /// Malware-holic | Claro-Search Virus (?) Sorry, den hatten wir schon, hatte die falsche Anleitung verwendet. Öffne otl, bereinigen, pc startet neu, löscht remover. Wenn alles läuft, wie gewünscht, Gerät absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.74 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 01:13
| #15 |
| | Claro-Search Virus (?) Hi uiuiui, das nenne ich mal eine umfassende anleitung! :O Die werde ich mir "morgen" mal versuchen, abzuarbeiten. Falls ich dann Fragen habe, melde ich mich. Bis dahin, ein großes Danke für die Hilfe!  Grüße, Weesel |
|
| Themen zu Claro-Search Virus (?) |
| adobe after effects, antivir, bho, bonjour, browser, browser manager, claro-search, combofix, error, firefox, flash player, frage, google, grand theft auto, helper, home, iexplore.exe, install.exe, launch, logfile, nodrives, popup, programm, realtek, registry, scan, security, software, svchost.exe, teamspeak, virus, windows |
Linear-Darstellung
