| |
| |||||||
Log-Analyse und Auswertung: Email von Telekom-Abuse-Team | Log-File anbeiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.02.2013, 00:14
| #1 |
 |  Email von Telekom-Abuse-Team | Log-File anbei Hallo zusammen, ich habe mich nun mal durch etliche Seiten gelesen und hoffe, dass ich nun alles korrekt mache. Ich hatte eine Email von der Telekom bekommen mit folgenden Inhalt (gekürzt): Code:
ATTFilter wir schreiben Ihnen heute aus einem unerfreulichen Grund, denn wir haben Hinweise erhalten, dass von Ihrem Anschluss unerwünschte Zugriffe auf fremde Rechner erfolgt sind ("Hacking"). Das bedeutet konkret:
Unbekannte Personen nutzen möglicherweise Ihren Internet-Zugang missbräuchlich. Eventuell sind diesen auch bereits Passwörter, Kreditkarten-, Bank- und sonstige Daten bekannt!
.....
Zur Präzisierung, was passiert ist: An Ihrem Internetzugang wurde ein sogenannter "Open Resolver" festgestellt. Hierbei handelt es sich um einen auf einem Ihrer Geräte betriebenen Nameserver.
Ich stehe auch aktuell im Kontakt zu denen per Email. Ich hoffe jedoch, von hier auch Hilfe zu bekommen. So, hier nun die nötigen Log-Files: DeFogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:20 on 08/02/2013 (GG)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 08.02.2013 23:35:00 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Eigene Dateien\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 74,65% Memory free 7,99 Gb Paging File | 6,93 Gb Available in Paging File | 86,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 60,95 Gb Free Space | 51,16% Space Free | Partition Type: NTFS Drive D: | 65,33 Gb Total Space | 21,14 Gb Free Space | 32,36% Space Free | Partition Type: NTFS Drive E: | 400,33 Gb Total Space | 55,54 Gb Free Space | 13,87% Space Free | Partition Type: NTFS Drive F: | 298,09 Gb Total Space | 104,95 Gb Free Space | 35,21% Space Free | Partition Type: NTFS Computer Name: GG-PC | User Name: GG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe () PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Windows\vVX1000.exe (Microsoft Corporation) PRC - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll () MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll () MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll () MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll () MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll () MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll () MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll () MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll () MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe () MOD - C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (OKI OPHJ DCS Loader) -- C:\Windows\SysNative\spool\drivers\x64\3\OPHJLDCS.EXE (Oki Data Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe () SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (OKI OPHJ DCS Loader) -- C:\Windows\system32\spool\DRIVERS\x64\3\OPHJLDCS.EXE (Oki Data Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation) DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 15 16 22 5C 04 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GG\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GG\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.01.15 22:41:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.08 19:39:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.08 19:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GG\AppData\Roaming\mozilla\Extensions [2013.01.08 19:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: https://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: https://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - Extension: Google Translate = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\ CHR - Extension: Google Drive = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: WOT = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.8_1\ CHR - Extension: YouTube = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\ CHR - Extension: SearchPreview = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\2.8_0\ CHR - Extension: LastPass = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.20_0\ CHR - Extension: TabJump - Intelligenter Tab-Navigator = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf\0.7.9_0\ CHR - Extension: Downloads = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\ CHR - Extension: Bubble Translate = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhlebbhengjlhmcjebbkambaekglhkf\1.5_0\ CHR - Extension: Google Dictionary (by Google) = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\ CHR - Extension: FastestChrome \u2013 Schneller browsen = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.3_0\ CHR - Extension: dict-cc = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh\1.6.87_0\ CHR - Extension: Google Plus News, Blogs, Tips & Updates = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifkacmmanhigddiffpdffnfnmjdiho\3_0\ CHR - Extension: Robot Theme, inspired by Android\u2122 = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj\0.2.2_0\ CHR - Extension: Checker Plus for Gmail\u2122 = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\11.1_0\ CHR - Extension: Google Mail = C:\Users\GG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [StrokeIt] C:\Users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\StrokeIt.exe () O4 - Startup: C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\GG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{857752D2-D8AB-416B-80CC-BF532662B4BE}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.08 23:08:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe [2013.02.07 12:41:29 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Malwarebytes [2013.02.07 12:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.07 12:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.07 12:41:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.07 12:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.06 11:40:27 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- E:\Eigene Dateien\Desktop\HijackThis.exe [2013.02.06 11:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote [2013.02.06 11:39:19 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9} [2013.02.05 21:22:06 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Splashtop Whiteboard [2013.02.05 21:22:06 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Splashtop Presenter [2013.02.05 18:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune [2013.02.05 09:09:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.02.04 20:33:23 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\HD_Speed_ENG [2013.02.04 20:33:20 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\h2testw_1.4 [2013.02.04 15:08:48 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Tools&More [2013.01.29 10:29:32 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys [2013.01.29 10:29:32 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll [2013.01.29 10:29:32 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll [2013.01.29 10:29:30 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys [2013.01.29 10:29:30 | 000,031,384 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMparport.sys [2013.01.29 10:29:09 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe [2013.01.29 10:29:08 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe [2013.01.29 10:29:08 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys [2013.01.29 10:29:04 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll [2013.01.29 10:29:03 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys [2013.01.29 10:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2013.01.29 10:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware [2013.01.29 10:28:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines [2013.01.29 10:09:04 | 000,000,000 | ---D | C] -- C:\Virtualisation [2013.01.29 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\VMware [2013.01.29 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\VMware [2013.01.29 09:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2013.01.29 09:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware [2013.01.29 09:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.01.28 13:36:18 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Nero [2013.01.28 12:50:35 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Nero [2013.01.28 12:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2013.01.28 12:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2013.01.28 12:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.01.28 12:19:38 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.01.25 23:56:31 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Programs [2013.01.25 23:48:56 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Mp3tag [2013.01.25 23:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2013.01.21 15:57:03 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Eigene Dokumente\Steuer-Sparbuch [2013.01.21 15:39:16 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Buhl Data Service [2013.01.21 15:39:14 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Buhl Data Service [2013.01.21 15:37:57 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Buhl [2013.01.21 15:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WISO [2013.01.21 15:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2013.01.21 15:12:56 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\Neuer Ordner [2013.01.17 21:04:32 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\vlc [2013.01.17 21:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.01.16 20:40:35 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Skype [2013.01.16 20:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.16 20:40:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.01.16 20:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.01.15 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Splashtop [2013.01.15 23:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop [2013.01.15 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop [2013.01.15 23:41:44 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\{43C1E69E-6361-4F0D-B3B6-2659FC8E2853} [2013.01.15 23:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tools&More [2013.01.15 23:29:35 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2013.01.15 22:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2013.01.14 22:48:06 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\FreeFileSync [2013.01.14 22:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync [2013.01.14 22:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\SyncToy 2.1 [2013.01.14 21:39:23 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\ElevatedDiagnostics [2013.01.13 14:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2 [2013.01.13 14:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres [2013.01.13 00:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung SSD Magician [2013.01.13 00:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2013.01.13 00:23:58 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media [2013.01.13 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System [2013.01.13 00:23:45 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online [2013.01.13 00:22:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media [2013.01.13 00:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System [2013.01.13 00:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online [2013.01.12 23:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.01.12 23:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.01.12 23:52:08 | 000,000,000 | -H-D | C] -- C:\CanoScan [2013.01.12 23:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2013.01.12 23:45:55 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Adobe [2013.01.12 23:45:53 | 000,000,000 | R--D | C] -- C:\Users\GG\Documents [2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.01.12 23:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.01.12 18:16:24 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\TeamViewer [2013.01.12 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Local\Okidata [2013.01.12 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Okidata [2013.01.12 17:37:05 | 000,158,208 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\OPDMN075.DLL [2013.01.11 00:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.01.11 00:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.01.10 21:47:07 | 000,000,000 | ---D | C] -- C:\Users\GG\AppData\Roaming\Dropbox ========== Files - Modified Within 30 Days ========== [2013.02.08 23:33:43 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.08 23:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.08 23:33:32 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys [2013.02.08 23:23:42 | 000,365,568 | ---- | M] () -- E:\Eigene Dateien\Desktop\gmer_2.0.18454.exe [2013.02.08 23:19:09 | 000,000,000 | ---- | M] () -- C:\Users\GG\defogger_reenable [2013.02.08 23:15:18 | 000,050,477 | ---- | M] () -- E:\Eigene Dateien\Desktop\Defogger.exe [2013.02.08 23:08:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe [2013.02.08 23:06:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001UA.job [2013.02.08 22:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.08 22:41:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.08 22:18:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.08 22:18:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.08 21:54:50 | 001,506,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.08 21:54:50 | 000,656,612 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.08 21:54:50 | 000,618,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.08 21:54:50 | 000,131,010 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.08 21:54:50 | 000,107,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.08 11:06:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001Core.job [2013.02.07 12:41:21 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.06 11:40:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- E:\Eigene Dateien\Desktop\HijackThis.exe [2013.01.29 10:29:00 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.29 09:57:44 | 000,001,024 | ---- | M] () -- C:\.rnd [2013.01.25 21:23:31 | 000,001,059 | ---- | M] () -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.23 19:21:42 | 000,000,026 | ---- | M] () -- C:\Users\GG\AppData\Roaming\Opusbext.dat [2013.01.21 15:48:55 | 000,000,547 | ---- | M] () -- C:\Windows\wiso.ini [2013.01.21 15:37:55 | 000,002,146 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2013.01.15 23:29:52 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\DirComp.lnk [2013.01.15 23:20:23 | 000,415,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.14 22:47:55 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk [2013.01.14 16:14:13 | 000,001,763 | ---- | M] () -- E:\Eigene Dateien\Desktop\Kostenaufstellung - Verknüpfung.lnk [2013.01.12 23:06:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.01.11 00:51:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2013.01.11 00:51:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf ========== Files Created - No Company Name ========== [2013.02.08 23:23:41 | 000,365,568 | ---- | C] () -- E:\Eigene Dateien\Desktop\gmer_2.0.18454.exe [2013.02.08 23:19:09 | 000,000,000 | ---- | C] () -- C:\Users\GG\defogger_reenable [2013.02.08 23:15:17 | 000,050,477 | ---- | C] () -- E:\Eigene Dateien\Desktop\Defogger.exe [2013.02.07 12:41:21 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.29 09:57:44 | 000,001,024 | ---- | C] () -- C:\.rnd [2013.01.29 09:57:42 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.25 23:56:19 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001UA.job [2013.01.25 23:56:19 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001Core.job [2013.01.21 15:37:57 | 000,000,547 | ---- | C] () -- C:\Windows\wiso.ini [2013.01.21 15:37:55 | 000,002,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2013.01.21 15:12:56 | 000,001,763 | ---- | C] () -- E:\Eigene Dateien\Desktop\Kostenaufstellung - Verknüpfung.lnk [2013.01.15 23:29:52 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\DirComp.lnk [2013.01.15 22:52:53 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013.01.15 22:42:09 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk [2013.01.14 22:47:55 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\FreeFileSync.lnk [2013.01.14 22:41:44 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1(x64).lnk [2013.01.13 14:58:22 | 000,002,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.01.13 14:58:22 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk [2013.01.12 23:06:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.01.12 17:44:39 | 000,000,026 | ---- | C] () -- C:\Users\GG\AppData\Roaming\Opusbext.dat [2013.01.11 00:51:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2013.01.11 00:51:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2013.01.10 21:47:52 | 000,001,059 | ---- | C] () -- C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.08 18:33:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.21 15:39:16 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Buhl Data Service [2013.02.08 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Dropbox [2013.01.15 22:23:23 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\FreeFileSync [2013.01.25 23:54:12 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Mp3tag [2013.01.13 14:05:13 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Rainmeter [2013.01.08 23:02:46 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\TCB Networks [2013.01.12 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-08 23:51:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_SSD_830_Series rev.CXM03B1Q 119,24GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\GG\AppData\Local\Temp\pxddqpoc.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c71401 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c71419 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c71431 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c7144a 2 bytes [C7, 74]
.text ... * 9
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c714dd 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c714f5 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c7150d 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c71525 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c7153d 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c71555 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c7156d 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c71585 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c7159d 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c715b5 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c715cd 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c716b2 2 bytes [C7, 74]
.text C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c716bd 2 bytes [C7, 74]
.text C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 0000000071d413b0 2 bytes [D4, 71]
.text C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 0000000071d413c0 2 bytes [D4, 71]
.text ... * 20
.text C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 0000000071d4153e 2 bytes [D4, 71]
.text C:\Windows\SysWOW64\vmnat.exe[2132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000071d41553 2 bytes [D4, 71]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c71401 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c71419 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c71431 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c7144a 2 bytes [C7, 74]
.text ... * 9
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c714dd 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c714f5 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c7150d 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c71525 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c7153d 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c71555 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c7156d 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c71585 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c7159d 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c715b5 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c715cd 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c716b2 2 bytes [C7, 74]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c716bd 2 bytes [C7, 74]
---- EOF - GMER 2.0 ----
Mit Microsoft Security Essentials habe ich auch einen Scan durchlaufen lassen mit folgendem Ergebnis: Code:
ATTFilter Exploit:JS/Blacole.HI
D:\Users\GG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8IRFR94W\main[1].htm)
Exploit:Java/Blacole.GL
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiub.class
Exploit:Java/CVE-2012-1723
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiua.class
Exploit:Java/Bacole.GM
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiud.class
Exploit:Java/CVE-2012-1723.gen!A
containerfile:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d
file:D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiuc.class
Hierzu muss ich sagen, dass alle Funde auf der D Festplatte liegen, welche ich nicht als Windows Partition verwende. Die Windows Partition ist C. Dort wurde auch nichts verdächtiges gefunden. Zwar ist auf der D auch ein Betriebssystem vorhanden (auch Bootbar), jedoch verwende ich diese aktuell nicht. Weiterhin handelt es sich beim Speicherort der gefundenen Exploits um Cache bzw. Temporarly-Internet-Files Verzeichnisse. Malwarebytes hat nichts verdächtiges gefunden. Ich bin jetzt nämlich etwas verwirrt. Ist nun was mit meinem PC? Hab ich was drauf? Ich meine, die T-Com schickt ja nicht aus Spaß solche Mails. Da muss ja dann konkret was vorgefallen sein. Sie gaben mir sogar ein Datum mit Uhrzeit wann das war. Zu der Zeit war ich nicht am Rechner (zumindest würde ich das mit 80%-iger Sicherheit sagen). Rechner neu aufsetzen? Oder ist er nun clean? Schwierig schwierig. Ich hoffe, ich habe alle Infos entsprechend den Vorgaben gemacht und nichts vergessen. Ich bedanke mich schon mal recht herzlich für die Mühe und die Hilfe. Viele Grüße |
|
09.02.2013, 00:16
| #2 |
| /// Malware-holic   | Email von Telekom-Abuse-Team | Log-File anbei i
__________________1. sind das alle pcs im haushalt? 2. während du hier arbeitest, keine anderen schritte durchführen, nur das, was ich poste, danke für dein Verständniss. 3. malwarebytes Logs mit Funden posten: http://www.trojaner-board.de/125889-...en-posten.html 4. microsoft funde posten
__________________ |
|
10.02.2013, 14:00
| #3 | |
| | Email von Telekom-Abuse-Team | Log-File anbei Hallo Markus,
__________________Zitat:
Fund 1: Code:
ATTFilter Protokollname: System
Quelle: Microsoft Antimalware
Datum: 06.02.2013 17:50:02
Ereignis-ID: 1116
Aufgabenkategorie:Keine
Ebene: Warnung
Schlüsselwörter:Klassisch
Benutzer: Nicht zutreffend
Computer: GG-PC
Beschreibung:
Microsoft Antimalware has detected malware or other potentially unwanted software.
For more information please see the following:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/Blacole.GL&threatid=2147663917
Name: Exploit:Java/Blacole.GL
ID: 2147663917
Severity: Severe
Category: Exploit
Path: containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiub.class
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
User: GG-PC\GG
Process Name: Unknown
Signature Version: AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0
Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft Antimalware" />
<EventID Qualifiers="0">1116</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-02-06T16:50:02.000000000Z" />
<EventRecordID>22421</EventRecordID>
<Channel>System</Channel>
<Computer>GG-PC</Computer>
<Security />
</System>
<EventData>
<Data>%%860</Data>
<Data>4.1.0522.0</Data>
<Data>{D103C3B5-BA22-43C8-BF9B-A3FC50CEA63A}</Data>
<Data>2013-02-06T16:49:19.657Z</Data>
<Data>
</Data>
<Data>
</Data>
<Data>2147663917</Data>
<Data>Exploit:Java/Blacole.GL</Data>
<Data>5</Data>
<Data>Severe</Data>
<Data>30</Data>
<Data>Exploit</Data>
<Data>hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/Blacole.GL&threatid=2147663917</Data>
<Data>1</Data>
<Data>
</Data>
<Data>1</Data>
<Data>1</Data>
<Data>%%815</Data>
<Data>Unknown</Data>
<Data>GG-PC\GG</Data>
<Data>
</Data>
<Data>containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiub.class</Data>
<Data>1</Data>
<Data>%%845</Data>
<Data>0</Data>
<Data>%%812</Data>
<Data>0</Data>
<Data>%%822</Data>
<Data>0</Data>
<Data>9</Data>
<Data>%%887</Data>
<Data>
</Data>
<Data>0x00000000</Data>
<Data>Der Vorgang wurde erfolgreich beendet. </Data>
<Data>
</Data>
<Data>0</Data>
<Data>0</Data>
<Data>No additional actions required</Data>
<Data>
</Data>
<Data>
</Data>
<Data>AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0</Data>
<Data>AM: 1.1.9103.0, NIS: 2.1.8904.0</Data>
</EventData>
</Event>
Code:
ATTFilter Protokollname: System
Quelle: Microsoft Antimalware
Datum: 06.02.2013 17:50:02
Ereignis-ID: 1116
Aufgabenkategorie:Keine
Ebene: Warnung
Schlüsselwörter:Klassisch
Benutzer: Nicht zutreffend
Computer: GG-PC
Beschreibung:
Microsoft Antimalware has detected malware or other potentially unwanted software.
For more information please see the following:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2012-1723&threatid=2147659851
Name: Exploit:Java/CVE-2012-1723
ID: 2147659851
Severity: Severe
Category: Exploit
Path: containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiua.class
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
User: GG-PC\GG
Process Name: Unknown
Signature Version: AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0
Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft Antimalware" />
<EventID Qualifiers="0">1116</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-02-06T16:50:02.000000000Z" />
<EventRecordID>22420</EventRecordID>
<Channel>System</Channel>
<Computer>GG-PC</Computer>
<Security />
</System>
<EventData>
<Data>%%860</Data>
<Data>4.1.0522.0</Data>
<Data>{4C459897-2F79-4322-A515-112BFA227E62}</Data>
<Data>2013-02-06T16:49:19.657Z</Data>
<Data>
</Data>
<Data>
</Data>
<Data>2147659851</Data>
<Data>Exploit:Java/CVE-2012-1723</Data>
<Data>5</Data>
<Data>Severe</Data>
<Data>30</Data>
<Data>Exploit</Data>
<Data>hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2012-1723&threatid=2147659851</Data>
<Data>1</Data>
<Data>
</Data>
<Data>1</Data>
<Data>1</Data>
<Data>%%815</Data>
<Data>Unknown</Data>
<Data>GG-PC\GG</Data>
<Data>
</Data>
<Data>containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiua.class</Data>
<Data>1</Data>
<Data>%%845</Data>
<Data>0</Data>
<Data>%%812</Data>
<Data>0</Data>
<Data>%%822</Data>
<Data>0</Data>
<Data>9</Data>
<Data>%%887</Data>
<Data>
</Data>
<Data>0x00000000</Data>
<Data>Der Vorgang wurde erfolgreich beendet. </Data>
<Data>
</Data>
<Data>0</Data>
<Data>0</Data>
<Data>No additional actions required</Data>
<Data>
</Data>
<Data>
</Data>
<Data>AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0</Data>
<Data>AM: 1.1.9103.0, NIS: 2.1.8904.0</Data>
</EventData>
</Event>
Code:
ATTFilter Protokollname: System
Quelle: Microsoft Antimalware
Datum: 06.02.2013 17:50:02
Ereignis-ID: 1116
Aufgabenkategorie:Keine
Ebene: Warnung
Schlüsselwörter:Klassisch
Benutzer: Nicht zutreffend
Computer: GG-PC
Beschreibung:
Microsoft Antimalware has detected malware or other potentially unwanted software.
For more information please see the following:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2012-1723.gen!A&threatid=2147679014
Name: Exploit:Java/CVE-2012-1723.gen!A
ID: 2147679014
Severity: Severe
Category: Exploit
Path: containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiuc.class
Detection Origin: Local machine
Detection Type: Generic
Detection Source: User
User: GG-PC\GG
Process Name: Unknown
Signature Version: AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0
Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft Antimalware" />
<EventID Qualifiers="0">1116</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-02-06T16:50:02.000000000Z" />
<EventRecordID>22418</EventRecordID>
<Channel>System</Channel>
<Computer>GG-PC</Computer>
<Security />
</System>
<EventData>
<Data>%%860</Data>
<Data>4.1.0522.0</Data>
<Data>{44FA6FFE-6BFB-4F46-8B68-E8839F313D58}</Data>
<Data>2013-02-06T16:49:19.657Z</Data>
<Data>
</Data>
<Data>
</Data>
<Data>2147679014</Data>
<Data>Exploit:Java/CVE-2012-1723.gen!A</Data>
<Data>5</Data>
<Data>Severe</Data>
<Data>30</Data>
<Data>Exploit</Data>
<Data>hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2012-1723.gen!A&threatid=2147679014</Data>
<Data>1</Data>
<Data>
</Data>
<Data>1</Data>
<Data>1</Data>
<Data>%%815</Data>
<Data>Unknown</Data>
<Data>GG-PC\GG</Data>
<Data>
</Data>
<Data>containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiuc.class</Data>
<Data>1</Data>
<Data>%%845</Data>
<Data>0</Data>
<Data>%%812</Data>
<Data>2</Data>
<Data>%%823</Data>
<Data>0</Data>
<Data>9</Data>
<Data>%%887</Data>
<Data>
</Data>
<Data>0x00000000</Data>
<Data>Der Vorgang wurde erfolgreich beendet. </Data>
<Data>
</Data>
<Data>0</Data>
<Data>0</Data>
<Data>No additional actions required</Data>
<Data>
</Data>
<Data>
</Data>
<Data>AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0</Data>
<Data>AM: 1.1.9103.0, NIS: 2.1.8904.0</Data>
</EventData>
</Event>
Code:
ATTFilter Protokollname: System
Quelle: Microsoft Antimalware
Datum: 06.02.2013 18:30:21
Ereignis-ID: 1117
Aufgabenkategorie:Keine
Ebene: Informationen
Schlüsselwörter:Klassisch
Benutzer: Nicht zutreffend
Computer: GG-PC
Beschreibung:
Microsoft Antimalware has taken action to protect this machine from malware or other potentially unwanted software.
For more information please see the following:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:JS/Blacole.HI&threatid=2147658482
Name: Exploit:JS/Blacole.HI
ID: 2147658482
Severity: Severe
Category: Exploit
Path: file:_D:\Users\GG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8IRFR94W\main[1].htm
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
User: GG-PC\GG
Process Name: Unknown
Action: Remove
Action Status: No additional actions required
Error Code: 0x00000000
Error description: Der Vorgang wurde erfolgreich beendet.
Signature Version: AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0
Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft Antimalware" />
<EventID Qualifiers="0">1117</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-02-06T17:30:21.000000000Z" />
<EventRecordID>22432</EventRecordID>
<Channel>System</Channel>
<Computer>GG-PC</Computer>
<Security />
</System>
<EventData>
<Data>%%860</Data>
<Data>4.1.0522.0</Data>
<Data>{1A08FFB1-F54D-4084-83F6-316A1C10783B}</Data>
<Data>2013-02-06T16:49:19.657Z</Data>
<Data>
</Data>
<Data>
</Data>
<Data>2147658482</Data>
<Data>Exploit:JS/Blacole.HI</Data>
<Data>5</Data>
<Data>Severe</Data>
<Data>30</Data>
<Data>Exploit</Data>
<Data>hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:JS/Blacole.HI&threatid=2147658482</Data>
<Data>4</Data>
<Data>
</Data>
<Data>2</Data>
<Data>1</Data>
<Data>%%815</Data>
<Data>Unknown</Data>
<Data>GG-PC\GG</Data>
<Data>
</Data>
<Data>file:_D:\Users\GG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8IRFR94W\main[1].htm</Data>
<Data>1</Data>
<Data>%%845</Data>
<Data>0</Data>
<Data>%%812</Data>
<Data>0</Data>
<Data>%%822</Data>
<Data>0</Data>
<Data>3</Data>
<Data>%%808</Data>
<Data>
</Data>
<Data>0x00000000</Data>
<Data>Der Vorgang wurde erfolgreich beendet. </Data>
<Data>
</Data>
<Data>0</Data>
<Data>0</Data>
<Data>No additional actions required</Data>
<Data>GG-PC\GG</Data>
<Data>
</Data>
<Data>AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0</Data>
<Data>AM: 1.1.9103.0, NIS: 2.1.8904.0</Data>
</EventData>
</Event>
Code:
ATTFilter Protokollname: System
Quelle: Microsoft Antimalware
Datum: 06.02.2013 18:30:21
Ereignis-ID: 1117
Aufgabenkategorie:Keine
Ebene: Informationen
Schlüsselwörter:Klassisch
Benutzer: Nicht zutreffend
Computer: GG-PC
Beschreibung:
Microsoft Antimalware has taken action to protect this machine from malware or other potentially unwanted software.
For more information please see the following:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/Blacole.GM&threatid=2147663918
Name: Exploit:Java/Blacole.GM
ID: 2147663918
Severity: Severe
Category: Exploit
Path: containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiud.class
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
User: GG-PC\GG
Process Name: Unknown
Action: Remove
Action Status: No additional actions required
Error Code: 0x00000000
Error description: Der Vorgang wurde erfolgreich beendet.
Signature Version: AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0
Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft Antimalware" />
<EventID Qualifiers="0">1117</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-02-06T17:30:21.000000000Z" />
<EventRecordID>22429</EventRecordID>
<Channel>System</Channel>
<Computer>GG-PC</Computer>
<Security />
</System>
<EventData>
<Data>%%860</Data>
<Data>4.1.0522.0</Data>
<Data>{A779CFBF-D6C6-4DBF-8D9E-B04D0053179B}</Data>
<Data>2013-02-06T16:49:19.657Z</Data>
<Data>
</Data>
<Data>
</Data>
<Data>2147663918</Data>
<Data>Exploit:Java/Blacole.GM</Data>
<Data>5</Data>
<Data>Severe</Data>
<Data>30</Data>
<Data>Exploit</Data>
<Data>hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/Blacole.GM&threatid=2147663918</Data>
<Data>4</Data>
<Data>
</Data>
<Data>2</Data>
<Data>1</Data>
<Data>%%815</Data>
<Data>Unknown</Data>
<Data>GG-PC\GG</Data>
<Data>
</Data>
<Data>containerfile:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d;file:_D:\Users\GG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2ac0763f-74351f2d->joiua/joiud.class</Data>
<Data>1</Data>
<Data>%%845</Data>
<Data>0</Data>
<Data>%%812</Data>
<Data>0</Data>
<Data>%%822</Data>
<Data>0</Data>
<Data>3</Data>
<Data>%%808</Data>
<Data>
</Data>
<Data>0x00000000</Data>
<Data>Der Vorgang wurde erfolgreich beendet. </Data>
<Data>
</Data>
<Data>0</Data>
<Data>0</Data>
<Data>No additional actions required</Data>
<Data>GG-PC\GG</Data>
<Data>
</Data>
<Data>AV: 1.143.1680.0, AS: 1.143.1680.0, NIS: 18.36.0.0</Data>
<Data>AM: 1.1.9103.0, NIS: 2.1.8904.0</Data>
</EventData>
</Event>
Danke nochmal für Deine Mühe. Gruß |
|
11.02.2013, 13:07
| #4 |
| /// Malware-holic | Email von Telekom-Abuse-Team | Log-File anbei download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.02.2013, 15:51
| #5 |
| | Email von Telekom-Abuse-Team | Log-File anbei Erledigt. TDSSKiller Log-File: Code:
ATTFilter 15:35:03.0897 2376 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:35:04.0847 2376 ============================================================
15:35:04.0847 2376 Current date / time: 2013/02/11 15:35:04.0847
15:35:04.0847 2376 SystemInfo:
15:35:04.0847 2376
15:35:04.0847 2376 OS Version: 6.1.7601 ServicePack: 1.0
15:35:04.0847 2376 Product type: Workstation
15:35:04.0847 2376 ComputerName: GG-PC
15:35:04.0847 2376 UserName: GG
15:35:04.0847 2376 Windows directory: C:\Windows
15:35:04.0847 2376 System windows directory: C:\Windows
15:35:04.0847 2376 Running under WOW64
15:35:04.0847 2376 Processor architecture: Intel x64
15:35:04.0847 2376 Number of processors: 3
15:35:04.0847 2376 Page size: 0x1000
15:35:04.0847 2376 Boot type: Normal boot
15:35:04.0847 2376 ============================================================
15:35:05.0357 2376 Drive \Device\Harddisk2\DR2 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3C915, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
15:35:05.0367 2376 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
15:35:05.0382 2376 Drive \Device\Harddisk1\DR1 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97692, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
15:35:05.0387 2376 ============================================================
15:35:05.0387 2376 \Device\Harddisk2\DR2:
15:35:05.0387 2376 MBR partitions:
15:35:05.0387 2376 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:35:05.0387 2376 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
15:35:05.0387 2376 \Device\Harddisk0\DR0:
15:35:05.0387 2376 MBR partitions:
15:35:05.0387 2376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:35:05.0387 2376 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x82AA000
15:35:05.0387 2376 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x82DC800, BlocksNum 0x320A7800
15:35:05.0387 2376 \Device\Harddisk1\DR1:
15:35:05.0387 2376 MBR partitions:
15:35:05.0387 2376 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D000
15:35:05.0387 2376 ============================================================
15:35:05.0392 2376 C: <-> \Device\Harddisk2\DR2\Partition2
15:35:05.0417 2376 D: <-> \Device\Harddisk0\DR0\Partition2
15:35:05.0452 2376 E: <-> \Device\Harddisk0\DR0\Partition3
15:35:05.0472 2376 F: <-> \Device\Harddisk1\DR1\Partition1
15:35:05.0472 2376 ============================================================
15:35:05.0472 2376 Initialize success
15:35:05.0472 2376 ============================================================
15:35:35.0372 4556 ============================================================
15:35:35.0372 4556 Scan started
15:35:35.0372 4556 Mode: Manual; SigCheck; TDLFS;
15:35:35.0372 4556 ============================================================
15:35:35.0512 4556 ================ Scan system memory ========================
15:35:35.0512 4556 System memory - ok
15:35:35.0517 4556 ================ Scan services =============================
15:35:35.0552 4556 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:35:35.0587 4556 1394ohci - ok
15:35:35.0597 4556 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:35:35.0612 4556 ACPI - ok
15:35:35.0617 4556 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:35:35.0637 4556 AcpiPmi - ok
15:35:35.0642 4556 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:35:35.0652 4556 AdobeARMservice - ok
15:35:35.0672 4556 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:35:35.0682 4556 AdobeFlashPlayerUpdateSvc - ok
15:35:35.0692 4556 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:35:35.0712 4556 adp94xx - ok
15:35:35.0717 4556 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:35:35.0732 4556 adpahci - ok
15:35:35.0737 4556 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:35:35.0752 4556 adpu320 - ok
15:35:35.0757 4556 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:35:35.0787 4556 AeLookupSvc - ok
15:35:35.0797 4556 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:35:35.0812 4556 AFD - ok
15:35:35.0817 4556 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:35:35.0827 4556 agp440 - ok
15:35:35.0832 4556 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:35:35.0842 4556 ALG - ok
15:35:35.0847 4556 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:35:35.0857 4556 aliide - ok
15:35:35.0862 4556 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:35:35.0882 4556 AMD External Events Utility - ok
15:35:35.0887 4556 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:35:35.0892 4556 amdide - ok
15:35:35.0897 4556 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:35:35.0912 4556 AmdK8 - ok
15:35:35.0917 4556 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:35:35.0927 4556 AmdPPM - ok
15:35:35.0932 4556 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:35:35.0942 4556 amdsata - ok
15:35:35.0947 4556 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:35:35.0962 4556 amdsbs - ok
15:35:35.0967 4556 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:35:35.0972 4556 amdxata - ok
15:35:35.0977 4556 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:35:36.0007 4556 AppID - ok
15:35:36.0012 4556 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:35:36.0037 4556 AppIDSvc - ok
15:35:36.0042 4556 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:35:36.0072 4556 Appinfo - ok
15:35:36.0077 4556 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:35:36.0087 4556 AppMgmt - ok
15:35:36.0092 4556 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:35:36.0102 4556 arc - ok
15:35:36.0107 4556 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:35:36.0117 4556 arcsas - ok
15:35:36.0122 4556 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:35:36.0152 4556 AsyncMac - ok
15:35:36.0152 4556 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:35:36.0162 4556 atapi - ok
15:35:36.0222 4556 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:35:36.0312 4556 atikmdag - ok
15:35:36.0327 4556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:35:36.0362 4556 AudioEndpointBuilder - ok
15:35:36.0372 4556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:35:36.0402 4556 AudioSrv - ok
15:35:36.0407 4556 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:35:36.0422 4556 AxInstSV - ok
15:35:36.0432 4556 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:35:36.0447 4556 b06bdrv - ok
15:35:36.0457 4556 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:35:36.0467 4556 b57nd60a - ok
15:35:36.0477 4556 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:35:36.0487 4556 BDESVC - ok
15:35:36.0487 4556 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:35:36.0517 4556 Beep - ok
15:35:36.0532 4556 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:35:36.0567 4556 BFE - ok
15:35:36.0582 4556 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:35:36.0622 4556 BITS - ok
15:35:36.0627 4556 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:35:36.0637 4556 blbdrive - ok
15:35:36.0642 4556 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:35:36.0652 4556 bowser - ok
15:35:36.0652 4556 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:35:36.0672 4556 BrFiltLo - ok
15:35:36.0677 4556 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:35:36.0687 4556 BrFiltUp - ok
15:35:36.0692 4556 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:35:36.0702 4556 Browser - ok
15:35:36.0712 4556 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:35:36.0727 4556 Brserid - ok
15:35:36.0732 4556 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:35:36.0742 4556 BrSerWdm - ok
15:35:36.0747 4556 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:35:36.0757 4556 BrUsbMdm - ok
15:35:36.0762 4556 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:35:36.0772 4556 BrUsbSer - ok
15:35:36.0777 4556 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:35:36.0787 4556 BTHMODEM - ok
15:35:36.0792 4556 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:35:36.0822 4556 bthserv - ok
15:35:36.0827 4556 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:35:36.0857 4556 cdfs - ok
15:35:36.0862 4556 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:35:36.0872 4556 cdrom - ok
15:35:36.0877 4556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:35:36.0907 4556 CertPropSvc - ok
15:35:36.0912 4556 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:35:36.0922 4556 circlass - ok
15:35:36.0932 4556 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:35:36.0947 4556 CLFS - ok
15:35:36.0957 4556 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:35:36.0967 4556 clr_optimization_v2.0.50727_32 - ok
15:35:36.0972 4556 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:35:36.0982 4556 clr_optimization_v2.0.50727_64 - ok
15:35:36.0992 4556 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:35:37.0002 4556 clr_optimization_v4.0.30319_32 - ok
15:35:37.0007 4556 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:35:37.0017 4556 clr_optimization_v4.0.30319_64 - ok
15:35:37.0022 4556 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:35:37.0032 4556 CmBatt - ok
15:35:37.0037 4556 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:35:37.0042 4556 cmdide - ok
15:35:37.0052 4556 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:35:37.0077 4556 CNG - ok
15:35:37.0077 4556 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:35:37.0087 4556 Compbatt - ok
15:35:37.0092 4556 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:35:37.0107 4556 CompositeBus - ok
15:35:37.0107 4556 COMSysApp - ok
15:35:37.0112 4556 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:35:37.0122 4556 crcdisk - ok
15:35:37.0137 4556 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:35:37.0147 4556 CryptSvc - ok
15:35:37.0157 4556 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:35:37.0172 4556 CSC - ok
15:35:37.0182 4556 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:35:37.0202 4556 CscService - ok
15:35:37.0207 4556 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
15:35:37.0217 4556 dc3d - ok
15:35:37.0227 4556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:35:37.0262 4556 DcomLaunch - ok
15:35:37.0267 4556 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:35:37.0302 4556 defragsvc - ok
15:35:37.0307 4556 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:35:37.0337 4556 DfsC - ok
15:35:37.0342 4556 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:35:37.0357 4556 Dhcp - ok
15:35:37.0362 4556 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:35:37.0387 4556 discache - ok
15:35:37.0392 4556 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:35:37.0402 4556 Disk - ok
15:35:37.0407 4556 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:35:37.0422 4556 Dnscache - ok
15:35:37.0427 4556 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:35:37.0457 4556 dot3svc - ok
15:35:37.0462 4556 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:35:37.0492 4556 DPS - ok
15:35:37.0497 4556 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:35:37.0507 4556 drmkaud - ok
15:35:37.0522 4556 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:35:37.0547 4556 DXGKrnl - ok
15:35:37.0552 4556 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:35:37.0582 4556 EapHost - ok
15:35:37.0617 4556 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:35:37.0672 4556 ebdrv - ok
15:35:37.0677 4556 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:35:37.0687 4556 EFS - ok
15:35:37.0702 4556 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:35:37.0717 4556 ehRecvr - ok
15:35:37.0722 4556 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:35:37.0732 4556 ehSched - ok
15:35:37.0752 4556 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:35:37.0767 4556 elxstor - ok
15:35:37.0772 4556 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:35:37.0782 4556 ErrDev - ok
15:35:37.0792 4556 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:35:37.0827 4556 EventSystem - ok
15:35:37.0832 4556 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:35:37.0862 4556 exfat - ok
15:35:37.0867 4556 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:35:37.0897 4556 fastfat - ok
15:35:37.0912 4556 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:35:37.0927 4556 Fax - ok
15:35:37.0932 4556 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:35:37.0942 4556 fdc - ok
15:35:37.0957 4556 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:35:37.0982 4556 fdPHost - ok
15:35:37.0987 4556 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:35:38.0017 4556 FDResPub - ok
15:35:38.0022 4556 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:35:38.0032 4556 FileInfo - ok
15:35:38.0037 4556 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:35:38.0062 4556 Filetrace - ok
15:35:38.0067 4556 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:35:38.0077 4556 flpydisk - ok
15:35:38.0082 4556 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:35:38.0097 4556 FltMgr - ok
15:35:38.0112 4556 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:35:38.0137 4556 FontCache - ok
15:35:38.0152 4556 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:35:38.0157 4556 FontCache3.0.0.0 - ok
15:35:38.0162 4556 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:35:38.0172 4556 FsDepends - ok
15:35:38.0177 4556 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:35:38.0187 4556 Fs_Rec - ok
15:35:38.0192 4556 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:35:38.0207 4556 fvevol - ok
15:35:38.0212 4556 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:35:38.0222 4556 gagp30kx - ok
15:35:38.0232 4556 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:35:38.0272 4556 gpsvc - ok
15:35:38.0277 4556 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:35:38.0287 4556 gupdate - ok
15:35:38.0287 4556 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:35:38.0297 4556 gupdatem - ok
15:35:38.0302 4556 [ 3CC07DAD48FA53193AE2F85DD8200B5E ] hcmon C:\Windows\system32\drivers\hcmon.sys
15:35:38.0312 4556 hcmon - ok
15:35:38.0317 4556 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:35:38.0327 4556 hcw85cir - ok
15:35:38.0337 4556 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:35:38.0357 4556 HdAudAddService - ok
15:35:38.0362 4556 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:35:38.0372 4556 HDAudBus - ok
15:35:38.0377 4556 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:35:38.0387 4556 HidBatt - ok
15:35:38.0392 4556 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:35:38.0407 4556 HidBth - ok
15:35:38.0407 4556 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:35:38.0422 4556 HidIr - ok
15:35:38.0427 4556 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:35:38.0452 4556 hidserv - ok
15:35:38.0457 4556 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:35:38.0467 4556 HidUsb - ok
15:35:38.0472 4556 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:35:38.0502 4556 hkmsvc - ok
15:35:38.0507 4556 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:35:38.0517 4556 HomeGroupListener - ok
15:35:38.0527 4556 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:35:38.0537 4556 HomeGroupProvider - ok
15:35:38.0542 4556 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:35:38.0552 4556 HpSAMD - ok
15:35:38.0562 4556 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:35:38.0602 4556 HTTP - ok
15:35:38.0607 4556 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:35:38.0617 4556 hwpolicy - ok
15:35:38.0622 4556 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:35:38.0632 4556 i8042prt - ok
15:35:38.0637 4556 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:35:38.0657 4556 iaStorV - ok
15:35:38.0667 4556 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:35:38.0692 4556 idsvc - ok
15:35:38.0697 4556 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:35:38.0707 4556 iirsp - ok
15:35:38.0717 4556 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:35:38.0762 4556 IKEEXT - ok
15:35:38.0767 4556 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:35:38.0777 4556 intelide - ok
15:35:38.0782 4556 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:35:38.0792 4556 intelppm - ok
15:35:38.0797 4556 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:35:38.0822 4556 IPBusEnum - ok
15:35:38.0827 4556 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:35:38.0857 4556 IpFilterDriver - ok
15:35:38.0867 4556 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:35:38.0887 4556 iphlpsvc - ok
15:35:38.0892 4556 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:35:38.0902 4556 IPMIDRV - ok
15:35:38.0907 4556 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:35:38.0937 4556 IPNAT - ok
15:35:38.0937 4556 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:35:38.0952 4556 IRENUM - ok
15:35:38.0962 4556 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:35:38.0972 4556 isapnp - ok
15:35:38.0982 4556 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:35:38.0992 4556 iScsiPrt - ok
15:35:38.0997 4556 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:35:39.0007 4556 kbdclass - ok
15:35:39.0012 4556 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:35:39.0022 4556 kbdhid - ok
15:35:39.0027 4556 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:35:39.0037 4556 KeyIso - ok
15:35:39.0042 4556 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:35:39.0052 4556 KSecDD - ok
15:35:39.0057 4556 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:35:39.0067 4556 KSecPkg - ok
15:35:39.0072 4556 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:35:39.0102 4556 ksthunk - ok
15:35:39.0112 4556 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:35:39.0142 4556 KtmRm - ok
15:35:39.0152 4556 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:35:39.0182 4556 LanmanServer - ok
15:35:39.0187 4556 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:35:39.0217 4556 LanmanWorkstation - ok
15:35:39.0222 4556 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:35:39.0252 4556 lltdio - ok
15:35:39.0257 4556 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:35:39.0292 4556 lltdsvc - ok
15:35:39.0292 4556 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:35:39.0322 4556 lmhosts - ok
15:35:39.0327 4556 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:35:39.0337 4556 LSI_FC - ok
15:35:39.0342 4556 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:35:39.0352 4556 LSI_SAS - ok
15:35:39.0367 4556 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:35:39.0377 4556 LSI_SAS2 - ok
15:35:39.0382 4556 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:35:39.0392 4556 LSI_SCSI - ok
15:35:39.0397 4556 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:35:39.0427 4556 luafv - ok
15:35:39.0432 4556 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:35:39.0442 4556 Mcx2Svc - ok
15:35:39.0447 4556 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:35:39.0452 4556 megasas - ok
15:35:39.0462 4556 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:35:39.0477 4556 MegaSR - ok
15:35:39.0482 4556 Microsoft SharePoint Workspace Audit Service - ok
15:35:39.0487 4556 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:35:39.0517 4556 MMCSS - ok
15:35:39.0522 4556 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:35:39.0552 4556 Modem - ok
15:35:39.0552 4556 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:35:39.0567 4556 monitor - ok
15:35:39.0572 4556 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:35:39.0582 4556 mouclass - ok
15:35:39.0587 4556 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:35:39.0607 4556 mouhid - ok
15:35:39.0612 4556 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:35:39.0622 4556 mountmgr - ok
15:35:39.0627 4556 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:35:39.0637 4556 MozillaMaintenance - ok
15:35:39.0642 4556 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:35:39.0657 4556 MpFilter - ok
15:35:39.0667 4556 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:35:39.0677 4556 mpio - ok
15:35:39.0682 4556 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:35:39.0712 4556 mpsdrv - ok
15:35:39.0722 4556 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:35:39.0762 4556 MpsSvc - ok
15:35:39.0772 4556 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:35:39.0787 4556 MRxDAV - ok
15:35:39.0792 4556 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:35:39.0802 4556 mrxsmb - ok
15:35:39.0812 4556 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:35:39.0822 4556 mrxsmb10 - ok
15:35:39.0827 4556 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:35:39.0842 4556 mrxsmb20 - ok
15:35:39.0847 4556 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:35:39.0852 4556 msahci - ok
15:35:39.0857 4556 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
15:35:39.0867 4556 MSCamSvc - ok
15:35:39.0872 4556 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:35:39.0887 4556 msdsm - ok
15:35:39.0892 4556 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:35:39.0902 4556 MSDTC - ok
15:35:39.0912 4556 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:35:39.0937 4556 Msfs - ok
15:35:39.0942 4556 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:35:39.0972 4556 mshidkmdf - ok
15:35:39.0977 4556 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:35:39.0987 4556 msisadrv - ok
15:35:39.0992 4556 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:35:40.0022 4556 MSiSCSI - ok
15:35:40.0027 4556 msiserver - ok
15:35:40.0032 4556 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:35:40.0057 4556 MSKSSRV - ok
15:35:40.0062 4556 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:35:40.0072 4556 MsMpSvc - ok
15:35:40.0077 4556 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:35:40.0107 4556 MSPCLOCK - ok
15:35:40.0112 4556 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:35:40.0137 4556 MSPQM - ok
15:35:40.0147 4556 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:35:40.0162 4556 MsRPC - ok
15:35:40.0172 4556 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:35:40.0182 4556 mssmbios - ok
15:35:40.0187 4556 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:35:40.0217 4556 MSTEE - ok
15:35:40.0217 4556 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:35:40.0227 4556 MTConfig - ok
15:35:40.0232 4556 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:35:40.0242 4556 Mup - ok
15:35:40.0252 4556 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:35:40.0287 4556 napagent - ok
15:35:40.0292 4556 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:35:40.0312 4556 NativeWifiP - ok
15:35:40.0322 4556 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
15:35:40.0342 4556 NAUpdate - ok
15:35:40.0357 4556 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:35:40.0382 4556 NDIS - ok
15:35:40.0387 4556 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:35:40.0417 4556 NdisCap - ok
15:35:40.0417 4556 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:35:40.0447 4556 NdisTapi - ok
15:35:40.0452 4556 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:35:40.0477 4556 Ndisuio - ok
15:35:40.0487 4556 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:35:40.0512 4556 NdisWan - ok
15:35:40.0517 4556 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:35:40.0542 4556 NDProxy - ok
15:35:40.0547 4556 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:35:40.0577 4556 NetBIOS - ok
15:35:40.0587 4556 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:35:40.0617 4556 NetBT - ok
15:35:40.0622 4556 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:35:40.0632 4556 Netlogon - ok
15:35:40.0637 4556 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:35:40.0672 4556 Netman - ok
15:35:40.0677 4556 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:35:40.0712 4556 netprofm - ok
15:35:40.0717 4556 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:35:40.0727 4556 NetTcpPortSharing - ok
15:35:40.0732 4556 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:35:40.0742 4556 nfrd960 - ok
15:35:40.0747 4556 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:35:40.0757 4556 NisDrv - ok
15:35:40.0767 4556 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:35:40.0787 4556 NisSrv - ok
15:35:40.0792 4556 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:35:40.0807 4556 NlaSvc - ok
15:35:40.0812 4556 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:35:40.0842 4556 Npfs - ok
15:35:40.0847 4556 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:35:40.0877 4556 nsi - ok
15:35:40.0882 4556 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:35:40.0907 4556 nsiproxy - ok
15:35:40.0932 4556 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:35:40.0967 4556 Ntfs - ok
15:35:40.0972 4556 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:35:41.0002 4556 Null - ok
15:35:41.0007 4556 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:35:41.0017 4556 nvraid - ok
15:35:41.0022 4556 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:35:41.0037 4556 nvstor - ok
15:35:41.0042 4556 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:35:41.0052 4556 nv_agp - ok
15:35:41.0057 4556 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:35:41.0067 4556 ohci1394 - ok
15:35:41.0072 4556 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:35:41.0082 4556 ose64 - ok
15:35:41.0132 4556 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:35:41.0227 4556 osppsvc - ok
15:35:41.0237 4556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:35:41.0252 4556 p2pimsvc - ok
15:35:41.0262 4556 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:35:41.0277 4556 p2psvc - ok
15:35:41.0282 4556 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:35:41.0292 4556 Parport - ok
15:35:41.0292 4556 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:35:41.0302 4556 partmgr - ok
15:35:41.0312 4556 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:35:41.0327 4556 PcaSvc - ok
15:35:41.0332 4556 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:35:41.0342 4556 pci - ok
15:35:41.0347 4556 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:35:41.0357 4556 pciide - ok
15:35:41.0362 4556 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:35:41.0377 4556 pcmcia - ok
15:35:41.0377 4556 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:35:41.0392 4556 pcw - ok
15:35:41.0402 4556 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:35:41.0442 4556 PEAUTH - ok
15:35:41.0457 4556 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:35:41.0487 4556 PeerDistSvc - ok
15:35:41.0507 4556 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:35:41.0517 4556 PerfHost - ok
15:35:41.0537 4556 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:35:41.0582 4556 pla - ok
15:35:41.0602 4556 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:35:41.0617 4556 PlugPlay - ok
15:35:41.0622 4556 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:35:41.0632 4556 PNRPAutoReg - ok
15:35:41.0637 4556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:35:41.0647 4556 PNRPsvc - ok
15:35:41.0652 4556 [ 6F5DDC52A9103CC8E1ED5892C1D15613 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
15:35:41.0662 4556 Point64 - ok
15:35:41.0672 4556 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:35:41.0707 4556 PolicyAgent - ok
15:35:41.0712 4556 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:35:41.0742 4556 Power - ok
15:35:41.0747 4556 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:35:41.0777 4556 PptpMiniport - ok
15:35:41.0782 4556 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:35:41.0797 4556 Processor - ok
15:35:41.0802 4556 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:35:41.0817 4556 ProfSvc - ok
15:35:41.0822 4556 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:35:41.0827 4556 ProtectedStorage - ok
15:35:41.0832 4556 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:35:41.0862 4556 Psched - ok
15:35:41.0882 4556 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:35:41.0917 4556 ql2300 - ok
15:35:41.0922 4556 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:35:41.0932 4556 ql40xx - ok
15:35:41.0937 4556 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:35:41.0957 4556 QWAVE - ok
15:35:41.0962 4556 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:35:41.0972 4556 QWAVEdrv - ok
15:35:41.0977 4556 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:35:42.0007 4556 RasAcd - ok
15:35:42.0012 4556 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:35:42.0042 4556 RasAgileVpn - ok
15:35:42.0047 4556 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:35:42.0077 4556 RasAuto - ok
15:35:42.0082 4556 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:35:42.0107 4556 Rasl2tp - ok
15:35:42.0117 4556 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:35:42.0152 4556 RasMan - ok
15:35:42.0157 4556 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:35:42.0182 4556 RasPppoe - ok
15:35:42.0187 4556 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:35:42.0222 4556 RasSstp - ok
15:35:42.0227 4556 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:35:42.0257 4556 rdbss - ok
15:35:42.0262 4556 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:35:42.0277 4556 rdpbus - ok
15:35:42.0282 4556 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:35:42.0307 4556 RDPCDD - ok
15:35:42.0317 4556 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:35:42.0327 4556 RDPDR - ok
15:35:42.0332 4556 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:35:42.0357 4556 RDPENCDD - ok
15:35:42.0362 4556 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:35:42.0392 4556 RDPREFMP - ok
15:35:42.0397 4556 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:35:42.0407 4556 RdpVideoMiniport - ok
15:35:42.0417 4556 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:35:42.0427 4556 RDPWD - ok
15:35:42.0432 4556 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:35:42.0447 4556 rdyboost - ok
15:35:42.0452 4556 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:35:42.0482 4556 RemoteAccess - ok
15:35:42.0487 4556 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:35:42.0517 4556 RemoteRegistry - ok
15:35:42.0522 4556 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:35:42.0552 4556 RpcEptMapper - ok
15:35:42.0552 4556 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:35:42.0562 4556 RpcLocator - ok
15:35:42.0572 4556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:35:42.0607 4556 RpcSs - ok
15:35:42.0612 4556 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:35:42.0642 4556 rspndr - ok
15:35:42.0652 4556 [ 60EB8A87357CA5B088B422D1E55A2405 ] rt61x64 C:\Windows\system32\DRIVERS\netr6164.sys
15:35:42.0667 4556 rt61x64 - ok
15:35:42.0672 4556 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:35:42.0692 4556 RTL8167 - ok
15:35:42.0697 4556 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:35:42.0707 4556 s3cap - ok
15:35:42.0712 4556 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:35:42.0717 4556 SamSs - ok
15:35:42.0722 4556 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:35:42.0732 4556 sbp2port - ok
15:35:42.0742 4556 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:35:42.0772 4556 SCardSvr - ok
15:35:42.0777 4556 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:35:42.0802 4556 scfilter - ok
15:35:42.0827 4556 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:35:42.0867 4556 Schedule - ok
15:35:42.0872 4556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:35:42.0897 4556 SCPolicySvc - ok
15:35:42.0907 4556 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:35:42.0917 4556 SDRSVC - ok
15:35:42.0922 4556 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:35:42.0947 4556 secdrv - ok
15:35:42.0952 4556 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:35:42.0982 4556 seclogon - ok
15:35:42.0982 4556 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:35:43.0017 4556 SENS - ok
15:35:43.0022 4556 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:35:43.0032 4556 SensrSvc - ok
15:35:43.0032 4556 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:35:43.0042 4556 Serenum - ok
15:35:43.0052 4556 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:35:43.0062 4556 Serial - ok
15:35:43.0062 4556 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:35:43.0072 4556 sermouse - ok
15:35:43.0082 4556 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:35:43.0112 4556 SessionEnv - ok
15:35:43.0117 4556 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:35:43.0127 4556 sffdisk - ok
15:35:43.0132 4556 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:35:43.0137 4556 sffp_mmc - ok
15:35:43.0142 4556 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:35:43.0157 4556 sffp_sd - ok
15:35:43.0157 4556 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:35:43.0167 4556 sfloppy - ok
15:35:43.0177 4556 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:35:43.0207 4556 SharedAccess - ok
15:35:43.0227 4556 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:35:43.0257 4556 ShellHWDetection - ok
15:35:43.0262 4556 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:35:43.0272 4556 SiSRaid2 - ok
15:35:43.0277 4556 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:35:43.0287 4556 SiSRaid4 - ok
15:35:43.0292 4556 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:35:43.0302 4556 SkypeUpdate - ok
15:35:43.0307 4556 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:35:43.0337 4556 Smb - ok
15:35:43.0347 4556 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:35:43.0357 4556 SNMPTRAP - ok
15:35:43.0367 4556 [ 777B4A39A65854C39C581DD129F946B3 ] SplashtopRemoteService C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
15:35:43.0382 4556 SplashtopRemoteService - ok
15:35:43.0387 4556 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:35:43.0397 4556 spldr - ok
15:35:43.0407 4556 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:35:43.0427 4556 Spooler - ok
15:35:43.0462 4556 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:35:43.0537 4556 sppsvc - ok
15:35:43.0542 4556 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:35:43.0572 4556 sppuinotify - ok
15:35:43.0582 4556 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:35:43.0597 4556 srv - ok
15:35:43.0607 4556 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:35:43.0622 4556 srv2 - ok
15:35:43.0632 4556 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:35:43.0642 4556 srvnet - ok
15:35:43.0647 4556 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:35:43.0677 4556 SSDPSRV - ok
15:35:43.0682 4556 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:35:43.0712 4556 SstpSvc - ok
15:35:43.0722 4556 [ F9AEDD871E1CD759B95728C9B935D203 ] SSUService C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
15:35:43.0742 4556 SSUService - ok
15:35:43.0752 4556 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
15:35:43.0767 4556 StarMoney 8.0 OnlineUpdate - ok
15:35:43.0772 4556 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:35:43.0782 4556 stexstor - ok
15:35:43.0792 4556 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:35:43.0817 4556 stisvc - ok
15:35:43.0827 4556 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:35:43.0837 4556 storflt - ok
15:35:43.0842 4556 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:35:43.0852 4556 storvsc - ok
15:35:43.0857 4556 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:35:43.0862 4556 swenum - ok
15:35:43.0872 4556 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:35:43.0907 4556 swprv - ok
15:35:43.0912 4556 Synth3dVsc - ok
15:35:43.0932 4556 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:35:43.0972 4556 SysMain - ok
15:35:43.0977 4556 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:35:43.0992 4556 TabletInputService - ok
15:35:43.0997 4556 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:35:44.0027 4556 TapiSrv - ok
15:35:44.0042 4556 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:35:44.0072 4556 TBS - ok
15:35:44.0097 4556 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:35:44.0137 4556 Tcpip - ok
15:35:44.0157 4556 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:35:44.0187 4556 TCPIP6 - ok
15:35:44.0197 4556 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:35:44.0207 4556 tcpipreg - ok
15:35:44.0212 4556 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:35:44.0222 4556 TDPIPE - ok
15:35:44.0232 4556 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:35:44.0242 4556 TDTCP - ok
15:35:44.0247 4556 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:35:44.0277 4556 tdx - ok
15:35:44.0322 4556 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
15:35:44.0372 4556 TeamViewer8 - ok
15:35:44.0382 4556 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:35:44.0392 4556 TermDD - ok
15:35:44.0402 4556 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:35:44.0442 4556 TermService - ok
15:35:44.0442 4556 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:35:44.0457 4556 Themes - ok
15:35:44.0462 4556 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:35:44.0492 4556 THREADORDER - ok
15:35:44.0497 4556 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:35:44.0527 4556 TrkWks - ok
15:35:44.0532 4556 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:35:44.0562 4556 TrustedInstaller - ok
15:35:44.0567 4556 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:35:44.0592 4556 tssecsrv - ok
15:35:44.0597 4556 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:35:44.0607 4556 TsUsbFlt - ok
15:35:44.0612 4556 tsusbhub - ok
15:35:44.0617 4556 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:35:44.0647 4556 tunnel - ok
15:35:44.0652 4556 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:35:44.0662 4556 uagp35 - ok
15:35:44.0672 4556 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:35:44.0702 4556 udfs - ok
15:35:44.0707 4556 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:35:44.0722 4556 UI0Detect - ok
15:35:44.0727 4556 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:35:44.0737 4556 uliagpkx - ok
15:35:44.0737 4556 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:35:44.0747 4556 umbus - ok
15:35:44.0752 4556 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:35:44.0762 4556 UmPass - ok
15:35:44.0767 4556 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:35:44.0782 4556 UmRdpService - ok
15:35:44.0787 4556 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:35:44.0822 4556 upnphost - ok
15:35:44.0827 4556 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:35:44.0842 4556 usbaudio - ok
15:35:44.0847 4556 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:35:44.0857 4556 usbccgp - ok
15:35:44.0862 4556 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:35:44.0877 4556 usbcir - ok
15:35:44.0882 4556 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:35:44.0887 4556 usbehci - ok
15:35:44.0897 4556 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:35:44.0912 4556 usbhub - ok
15:35:44.0917 4556 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:35:44.0922 4556 usbohci - ok
15:35:44.0927 4556 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:35:44.0947 4556 usbprint - ok
15:35:44.0952 4556 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:35:44.0972 4556 USBSTOR - ok
15:35:44.0977 4556 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:35:44.0987 4556 usbuhci - ok
15:35:44.0992 4556 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:35:45.0022 4556 UxSms - ok
15:35:45.0022 4556 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:35:45.0032 4556 VaultSvc - ok
15:35:45.0037 4556 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:35:45.0047 4556 vdrvroot - ok
15:35:45.0062 4556 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:35:45.0097 4556 vds - ok
15:35:45.0102 4556 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:35:45.0117 4556 vga - ok
15:35:45.0117 4556 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:35:45.0147 4556 VgaSave - ok
15:35:45.0152 4556 VGPU - ok
15:35:45.0157 4556 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:35:45.0167 4556 vhdmp - ok
15:35:45.0172 4556 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:35:45.0182 4556 viaide - ok
15:35:45.0187 4556 [ A942813405C51998DD2C2B86A08394D5 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
15:35:45.0192 4556 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
15:35:45.0192 4556 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
15:35:45.0202 4556 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:35:45.0212 4556 vmbus - ok
15:35:45.0217 4556 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:35:45.0227 4556 VMBusHID - ok
15:35:45.0232 4556 [ 6203C901DEFF10631AAD919B3BD1489B ] vmci C:\Windows\system32\DRIVERS\vmci.sys
15:35:45.0242 4556 vmci - ok
15:35:45.0247 4556 [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:35:45.0252 4556 VMnetAdapter - ok
15:35:45.0257 4556 [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:35:45.0267 4556 VMnetBridge - ok
15:35:45.0272 4556 VMnetDHCP - ok
15:35:45.0272 4556 [ 36EDBFE2C2405081620ADEF7B691ED89 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
15:35:45.0282 4556 VMnetuserif - ok
15:35:45.0287 4556 [ 55D5AFEB5FE5F3B111317A421E5F3666 ] VMparport C:\Windows\system32\drivers\VMparport.sys
15:35:45.0292 4556 VMparport - ok
15:35:45.0297 4556 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
15:35:45.0307 4556 vmusb - ok
15:35:45.0322 4556 [ B55A8DADA1D825B73C811101B06E012F ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
15:35:45.0342 4556 VMUSBArbService - ok
15:35:45.0347 4556 VMware NAT Service - ok
15:35:45.0487 4556 [ 5661E99CC628C53530B7A500930DF984 ] VMwareHostd C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
15:35:45.0687 4556 VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
15:35:45.0687 4556 VMwareHostd - detected UnsignedFile.Multi.Generic (1)
15:35:45.0697 4556 [ 0E6ACC0257C6EFBB41E9FF4CD2A88B7F ] vmx86 C:\Windows\system32\drivers\vmx86.sys
15:35:45.0707 4556 vmx86 - ok
15:35:45.0712 4556 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:35:45.0722 4556 volmgr - ok
15:35:45.0732 4556 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:35:45.0747 4556 volmgrx - ok
15:35:45.0752 4556 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:35:45.0767 4556 volsnap - ok
15:35:45.0772 4556 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:35:45.0782 4556 vsmraid - ok
15:35:45.0787 4556 [ EF1E48D431223F670CFFD6169B1A136F ] vsock C:\Windows\system32\drivers\vsock.sys
15:35:45.0797 4556 vsock - ok
15:35:45.0817 4556 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:35:45.0867 4556 VSS - ok
15:35:45.0872 4556 [ 65EFAEC68FA234F36880533A79D7B1C1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
15:35:45.0877 4556 vstor2-mntapi10-shared - ok
15:35:45.0882 4556 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:35:45.0892 4556 vwifibus - ok
15:35:45.0897 4556 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:35:45.0912 4556 vwififlt - ok
15:35:45.0917 4556 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:35:45.0927 4556 vwifimp - ok
15:35:45.0952 4556 [ CE6C085771812D5EE863CC7EF93CAEF2 ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys
15:35:45.0992 4556 VX1000 - ok
15:35:46.0002 4556 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:35:46.0032 4556 W32Time - ok
15:35:46.0037 4556 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:35:46.0052 4556 WacomPen - ok
15:35:46.0057 4556 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:35:46.0087 4556 WANARP - ok
15:35:46.0087 4556 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:35:46.0117 4556 Wanarpv6 - ok
15:35:46.0137 4556 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:35:46.0167 4556 wbengine - ok
15:35:46.0172 4556 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:35:46.0187 4556 WbioSrvc - ok
15:35:46.0197 4556 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:35:46.0217 4556 wcncsvc - ok
15:35:46.0217 4556 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:35:46.0227 4556 WcsPlugInService - ok
15:35:46.0232 4556 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:35:46.0242 4556 Wd - ok
15:35:46.0257 4556 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:35:46.0282 4556 Wdf01000 - ok
15:35:46.0287 4556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:35:46.0302 4556 WdiServiceHost - ok
15:35:46.0302 4556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:35:46.0317 4556 WdiSystemHost - ok
15:35:46.0327 4556 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:35:46.0342 4556 WebClient - ok
15:35:46.0347 4556 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:35:46.0382 4556 Wecsvc - ok
15:35:46.0387 4556 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:35:46.0417 4556 wercplsupport - ok
15:35:46.0422 4556 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:35:46.0447 4556 WerSvc - ok
15:35:46.0452 4556 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:35:46.0482 4556 WfpLwf - ok
15:35:46.0487 4556 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:35:46.0497 4556 WIMMount - ok
15:35:46.0502 4556 WinDefend - ok
15:35:46.0507 4556 WinHttpAutoProxySvc - ok
15:35:46.0517 4556 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:35:46.0552 4556 Winmgmt - ok
15:35:46.0572 4556 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:35:46.0627 4556 WinRM - ok
15:35:46.0637 4556 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:35:46.0657 4556 WinUsb - ok
15:35:46.0672 4556 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:35:46.0697 4556 Wlansvc - ok
15:35:46.0702 4556 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:35:46.0712 4556 WmiAcpi - ok
15:35:46.0722 4556 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:35:46.0732 4556 wmiApSrv - ok
15:35:46.0737 4556 WMPNetworkSvc - ok
15:35:46.0742 4556 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:35:46.0752 4556 WPCSvc - ok
15:35:46.0757 4556 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:35:46.0767 4556 WPDBusEnum - ok
15:35:46.0772 4556 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:35:46.0802 4556 ws2ifsl - ok
15:35:46.0807 4556 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:35:46.0822 4556 wscsvc - ok
15:35:46.0822 4556 WSearch - ok
15:35:46.0852 4556 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:35:46.0907 4556 wuauserv - ok
15:35:46.0912 4556 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:35:46.0922 4556 WudfPf - ok
15:35:46.0927 4556 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:35:46.0937 4556 WUDFRd - ok
15:35:46.0942 4556 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:35:46.0957 4556 wudfsvc - ok
15:35:46.0962 4556 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:35:46.0977 4556 WwanSvc - ok
15:35:46.0992 4556 ================ Scan global ===============================
15:35:46.0992 4556 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:35:46.0997 4556 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:35:47.0007 4556 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:35:47.0012 4556 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:35:47.0017 4556 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:35:47.0022 4556 [Global] - ok
15:35:47.0022 4556 ================ Scan MBR ==================================
15:35:47.0027 4556 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
15:35:47.0122 4556 \Device\Harddisk2\DR2 - ok
15:35:47.0127 4556 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:35:47.0312 4556 \Device\Harddisk0\DR0 - ok
15:35:47.0322 4556 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:35:47.0392 4556 \Device\Harddisk1\DR1 - ok
15:35:47.0392 4556 ================ Scan VBR ==================================
15:35:47.0397 4556 [ 225857737DAE7129A310B5473D35A5B0 ] \Device\Harddisk2\DR2\Partition1
15:35:47.0397 4556 \Device\Harddisk2\DR2\Partition1 - ok
15:35:47.0402 4556 [ 94732A1CDC4FF0DA75DA1ED2055EFCFC ] \Device\Harddisk2\DR2\Partition2
15:35:47.0402 4556 \Device\Harddisk2\DR2\Partition2 - ok
15:35:47.0407 4556 [ 5EB4BBD0680303052DBD7558983F875C ] \Device\Harddisk0\DR0\Partition1
15:35:47.0407 4556 \Device\Harddisk0\DR0\Partition1 - ok
15:35:47.0412 4556 [ 383644D0305D1B1AC5E85C39F2608190 ] \Device\Harddisk0\DR0\Partition2
15:35:47.0417 4556 \Device\Harddisk0\DR0\Partition2 - ok
15:35:47.0417 4556 [ 24E8CDC26CB9C00786ECCABB66ABE73B ] \Device\Harddisk0\DR0\Partition3
15:35:47.0422 4556 \Device\Harddisk0\DR0\Partition3 - ok
15:35:47.0422 4556 [ C7FDC9549F9B2FF93AFDE71864A8EB34 ] \Device\Harddisk1\DR1\Partition1
15:35:47.0427 4556 \Device\Harddisk1\DR1\Partition1 - ok
15:35:47.0427 4556 ============================================================
15:35:47.0427 4556 Scan finished
15:35:47.0427 4556 ============================================================
15:35:47.0432 4168 Detected object count: 2
15:35:47.0432 4168 Actual detected object count: 2
15:36:05.0977 4168 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:05.0977 4168 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:05.0982 4168 VMwareHostd ( UnsignedFile.Multi.Generic ) - skipped by user
15:36:05.0982 4168 VMwareHostd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:36:11.0002 4312 Deinitialize success
Gruß |
|
13.02.2013, 11:30
| #6 |
| /// Malware-holic | Email von Telekom-Abuse-Team | Log-File anbei frage: ist das der einzige PC im Haus? bzw war zum infektionszeitpunkt evtl. n Bekannter mit Rechner bei dir? Scan mit Combofix
__________________ --> Email von Telekom-Abuse-Team | Log-File anbei |
|
14.02.2013, 18:57
| #7 | |
| | Email von Telekom-Abuse-Team | Log-File anbeiZitat:
Kannst Du mir ein kurzes Feedback geben, wo wir gerade stehen? Ich führe ja deine Anweisungen gerne durch aber würde gerne auch wissen, ob es irgendwelche Erkenntnisse aus den Logfiles gibt. Nur so als Info für mich. Gefühlt läuft der Rechner ohne Probleme. Combofix habe ich nun ausgeführt (was genau hab ich damit nun gemacht?): Code:
ATTFilter ComboFix 13-02-13.02 - GG 14.02.2013 18:40:36.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4092.2570 [GMT 1:00]
ausgeführt von:: e:\eigene dateien\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\StrokeIt.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-14 bis 2013-02-14 ))))))))))))))))))))))))))))))
.
.
2013-02-14 17:43 . 2013-02-14 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-14 11:34 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:34 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 10:18 . 2013-02-14 10:18 -------- d-----w- c:\users\GG\AppData\Roaming\Babylon
2013-02-14 10:18 . 2013-02-14 10:18 -------- d-----w- c:\programdata\Babylon
2013-02-14 10:16 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17BF10E-56CB-45A3-8D7D-ECD57C677E58}\mpengine.dll
2013-02-14 08:45 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 08:45 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 08:45 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 08:45 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 08:45 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 08:45 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-14 08:45 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-14 08:45 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-14 08:45 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-14 08:45 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-14 08:45 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 08:45 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 21:48 . 2013-02-12 21:48 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-12 21:48 . 2013-02-12 21:48 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-12 21:48 . 2013-02-12 21:48 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-12 21:48 . 2013-02-12 21:48 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-12 21:48 . 2013-02-12 21:48 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-12 21:48 . 2013-02-12 21:48 188320 ----a-w- c:\windows\system32\java.exe
2013-02-12 21:47 . 2013-02-12 21:48 -------- d-----w- c:\program files\Java
2013-02-12 20:50 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-07 11:41 . 2013-02-07 11:41 -------- d-----w- c:\users\GG\AppData\Roaming\Malwarebytes
2013-02-07 11:41 . 2013-02-07 11:41 -------- d-----w- c:\programdata\Malwarebytes
2013-02-07 11:41 . 2013-02-07 11:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-07 11:41 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-06 10:39 . 2013-02-06 10:39 -------- d-----w- c:\users\GG\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}
2013-02-05 17:16 . 2013-02-05 17:16 -------- d-----w- c:\program files (x86)\HD Tune
2013-02-05 08:09 . 2013-02-14 10:22 -------- d-----w- c:\windows\system32\appmgmt
2013-02-04 14:18 . 2012-03-09 21:23 132096 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Media\File Renamer\Rename32.dll
2013-02-04 14:18 . 2012-03-09 21:23 132096 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programme\Media\File Renamer\Rename32.dll
2013-02-04 14:18 . 2012-02-19 14:17 247808 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Media\File Renamer\Rename.exe
2013-02-04 14:18 . 2012-02-19 14:17 247808 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programme\Media\File Renamer\Rename.exe
2013-02-04 14:18 . 2012-02-18 11:26 680050 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Media\File Renamer\Rename64.dll
2013-02-04 14:18 . 2012-02-18 11:26 680050 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programme\Media\File Renamer\Rename64.dll
2013-02-04 14:08 . 2013-02-04 14:08 -------- d-----w- c:\users\GG\AppData\Local\Tools&More
2013-01-29 09:29 . 2012-10-24 13:17 67224 ----a-w- c:\windows\system32\vsocklib.dll
2013-01-29 09:29 . 2012-10-24 13:17 70296 ----a-w- c:\windows\system32\drivers\vsock.sys
2013-01-29 09:29 . 2012-10-24 13:17 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2013-01-29 09:29 . 2012-11-01 01:34 31384 ----a-w- c:\windows\system32\drivers\VMparport.sys
2013-01-29 09:29 . 2012-11-01 01:34 67224 ----a-w- c:\windows\system32\drivers\vmx86.sys
2013-01-29 09:29 . 2012-11-01 01:35 357016 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2013-01-29 09:29 . 2012-11-01 01:34 435864 ----a-w- c:\windows\SysWow64\vmnat.exe
2013-01-29 09:29 . 2012-11-01 01:34 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2013-01-29 09:29 . 2012-11-01 01:35 933528 ----a-w- c:\windows\system32\vnetlib64.dll
2013-01-29 09:29 . 2012-10-11 16:15 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2013-01-29 09:28 . 2013-01-29 09:28 -------- d-----w- c:\program files\Common Files\VMware
2013-01-29 09:28 . 2013-01-29 09:28 -------- d-----w- c:\program files (x86)\Common Files\VMware
2013-01-29 09:09 . 2013-01-29 10:09 -------- d-----w- C:\Virtualisation
2013-01-29 09:03 . 2013-02-04 13:13 -------- d-----w- c:\users\GG\AppData\Roaming\VMware
2013-01-29 09:03 . 2013-02-04 13:13 -------- d-----w- c:\users\GG\AppData\Local\VMware
2013-01-29 08:57 . 2013-02-14 17:44 -------- d-----w- c:\programdata\VMware
2013-01-29 08:57 . 2013-01-29 09:28 -------- d-----w- c:\program files (x86)\VMware
2013-01-29 08:29 . 2013-01-29 08:29 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-01-28 12:39 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-01-28 12:39 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2013-01-28 12:39 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2013-01-28 12:39 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2013-01-28 12:38 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-01-28 11:50 . 2013-01-28 11:50 -------- d-----w- c:\users\GG\AppData\Roaming\Nero
2013-01-28 11:47 . 2013-01-28 12:42 -------- d-----w- c:\program files (x86)\Common Files\Nero
2013-01-28 11:47 . 2013-01-28 12:42 -------- d-----w- c:\program files (x86)\Nero
2013-01-28 11:47 . 2013-01-28 11:48 -------- d-----w- c:\programdata\Nero
2013-01-25 22:56 . 2013-02-07 11:41 -------- d-----w- c:\users\GG\AppData\Local\Programs
2013-01-25 22:48 . 2013-01-25 22:54 -------- d-----w- c:\users\GG\AppData\Roaming\Mp3tag
2013-01-25 22:48 . 2013-01-25 22:48 -------- d-----w- c:\program files (x86)\Mp3tag
2013-01-21 14:39 . 2013-01-21 14:39 -------- d-----w- c:\users\GG\AppData\Roaming\Buhl Data Service
2013-01-21 14:39 . 2013-01-21 14:39 -------- d-----w- c:\users\GG\AppData\Local\Buhl Data Service
2013-01-21 14:37 . 2013-01-21 14:38 -------- d-----w- c:\users\GG\AppData\Local\Buhl
2013-01-21 14:37 . 2013-01-21 14:37 -------- d-----w- c:\program files (x86)\WISO
2013-01-21 14:36 . 2013-01-21 14:49 -------- d-----w- c:\programdata\Buhl Data Service GmbH
2013-01-17 20:04 . 2013-02-14 10:14 -------- d-----w- c:\users\GG\AppData\Roaming\vlc
2013-01-17 20:04 . 2013-01-17 20:04 -------- d-----w- c:\program files\VideoLAN
2013-01-16 19:40 . 2013-01-16 19:53 -------- d-----w- c:\users\GG\AppData\Roaming\Skype
2013-01-16 19:40 . 2013-01-16 19:40 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-16 19:40 . 2013-01-16 19:40 -------- d-----r- c:\program files (x86)\Skype
2013-01-16 19:40 . 2013-01-16 19:40 -------- d-----w- c:\programdata\Skype
2013-01-15 22:45 . 2013-01-15 22:45 -------- d-----w- c:\users\GG\AppData\Local\Splashtop
2013-01-15 22:42 . 2013-01-15 22:42 -------- d-----w- c:\programdata\Splashtop
2013-01-15 22:41 . 2013-01-15 22:42 -------- d-----w- c:\program files (x86)\Splashtop
2013-01-15 22:41 . 2013-01-15 22:41 -------- d-----w- c:\users\GG\AppData\Local\{43C1E69E-6361-4F0D-B3B6-2659FC8E2853}
2013-01-15 22:29 . 2013-01-15 22:30 -------- d-----w- c:\program files (x86)\Tools&More
2013-01-15 22:29 . 2013-01-15 22:30 -------- d-----w- c:\windows\Downloaded Installations
2013-01-15 21:42 . 2013-01-15 21:42 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 11:36 . 2013-01-09 10:07 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-08 13:47 . 2013-01-08 18:37 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 13:47 . 2013-01-08 18:37 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53 . 2013-01-08 18:18 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 10:03 . 2013-01-09 10:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-01-09 10:03 . 2013-01-09 10:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-01-09 10:03 . 2013-01-09 10:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-01-09 10:03 . 2013-01-09 10:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-01-09 10:03 . 2013-01-09 10:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-01-09 10:03 . 2013-01-09 10:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-01-09 10:03 . 2013-01-09 10:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-01-09 10:03 . 2013-01-09 10:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-01-09 10:03 . 2013-01-09 10:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-01-09 10:03 . 2013-01-09 10:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-01-09 10:03 . 2013-01-09 10:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-01-09 10:03 . 2013-01-09 10:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-01-09 10:03 . 2013-01-09 10:03 222208 ----a-w- c:\windows\system32\msls31.dll
2013-01-09 10:03 . 2013-01-09 10:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-01-09 10:03 . 2013-01-09 10:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-01-09 10:03 . 2013-01-09 10:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-01-09 10:03 . 2013-01-09 10:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-01-09 10:03 . 2013-01-09 10:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-01-09 10:03 . 2013-01-09 10:03 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-01-09 10:03 . 2013-01-09 10:03 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-01-09 10:03 . 2013-01-09 10:03 82432 ----a-w- c:\windows\system32\icardie.dll
2013-01-09 10:03 . 2013-01-09 10:03 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-01-09 10:03 . 2013-01-09 10:03 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-01-09 10:03 . 2013-01-09 10:03 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-01-09 10:03 . 2013-01-09 10:03 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-01-09 10:03 . 2013-01-09 10:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-01-09 10:03 . 2013-01-09 10:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-01-09 10:03 . 2013-01-09 10:03 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-01-09 10:03 . 2013-01-09 10:03 448512 ----a-w- c:\windows\system32\html.iec
2013-01-09 10:03 . 2013-01-09 10:03 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-01-09 10:03 . 2013-01-09 10:03 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-01-09 10:03 . 2013-01-09 10:03 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-01-09 10:03 . 2013-01-09 10:03 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-01-09 10:03 . 2013-01-09 10:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-01-09 10:03 . 2013-01-09 10:03 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-01-09 10:03 . 2013-01-09 10:03 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-01-09 10:03 . 2013-01-09 10:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-01-09 10:03 . 2013-01-09 10:03 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-01-09 10:03 . 2013-01-09 10:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-01-09 10:03 . 2013-01-09 10:03 12288 ----a-w- c:\windows\system32\mshta.exe
2013-01-09 10:03 . 2013-01-09 10:03 114176 ----a-w- c:\windows\system32\admparse.dll
2013-01-09 10:03 . 2013-01-09 10:03 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-01-09 10:03 . 2013-01-09 10:03 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-01-09 10:03 . 2013-01-09 10:03 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-01-09 10:03 . 2013-01-09 10:03 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-01-09 10:03 . 2013-01-09 10:03 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-01-09 10:03 . 2013-01-09 10:03 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-01-09 10:03 . 2013-01-09 10:03 160256 ----a-w- c:\windows\system32\wextract.exe
2013-01-09 10:03 . 2013-01-09 10:03 103936 ----a-w- c:\windows\system32\inseng.dll
2013-01-09 09:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-01-09 09:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-01-08 19:12 . 2013-01-08 19:12 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{196C04E3-1A66-4F20-B516-75FAEE94491C}\gapaengine.dll
2013-01-05 10:22 . 2013-01-05 10:22 50800 ----a-w- c:\windows\system32\drivers\point64.sys
2013-01-04 04:43 . 2013-02-14 08:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-18 12:14 . 2013-01-12 23:16 114368 ----a-w- c:\windows\SysWow64\acaptuser32.dll
2012-12-16 17:11 . 2013-01-08 18:48 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-08 18:48 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-08 18:48 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-08 18:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-08 18:43 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-08 18:43 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-08 18:43 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-08 18:43 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-08 18:43 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-08 18:43 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-08 18:43 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-08 18:43 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-08 18:43 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-08 18:43 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-08 18:43 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-08 18:43 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-08 18:43 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-08 18:43 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-08 18:43 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-08 18:43 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-08 18:43 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-08 18:43 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-08 18:43 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-08 18:43 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-08 18:43 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-08 18:43 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-08 18:43 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-08 18:43 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-08 18:43 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-08 18:43 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-08 18:43 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-08 18:43 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-08 18:43 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-08 18:43 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-08 18:43 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-08 18:43 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-08 18:43 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-08 18:43 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-08 18:43 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-08 18:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-08 18:43 424448 ----a-w- c:\windows\system32\KernelBase.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-11-01 104088]
.
c:\users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\GG\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-4 41160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-1-21 1397480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2010-04-07 446304]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 70296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-01-28 551264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-01-25 583456]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-06-28 692432]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-11-01 13234176]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-05 50800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 18:41 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 13:47]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 18:36]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 18:36]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001Core.job
- c:\users\GG\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-25 22:56]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922560276-2939133576-3368807774-1001UA.job
- c:\users\GG\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-25 22:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\GG\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=dce0422000000000000000241d867d72
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{857752D2-D8AB-416B-80CC-BF532662B4BE}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\GG\AppData\Roaming\Mozilla\Firefox\Profiles\ota3u26w.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=dce0422000000000000000241d867d72
FF - ExtSQL: 2013-01-15 22:56; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - dce0422000000000000000241d867d72
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15750
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:18
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-StrokeIt - c:\users\GG\AppData\Local\TCB Networks\StrokeIt\Bin\StrokeIt.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-14 18:45:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-14 17:45
.
Vor Suchlauf: 8 Verzeichnis(se), 60.680.097.792 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 60.455.141.376 Bytes frei
.
- - End Of File - - 736B6B0F988AA30A9BECE359B1484252
|
|
14.02.2013, 22:14
| #8 |
| /// Malware-holic | Email von Telekom-Abuse-Team | Log-File anbei Also, bisher sieht alles gut aus. noch 2 Fragen: 1. was hast du mit dem Telekom Mitarbeiter mit welchem Ergebniss gemacht? 2. ich sehe vmware, nutzt du diese, evtl. wurde auch dort Malware instaliert.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.02.2013, 22:44
| #9 |
| | Email von Telekom-Abuse-Team | Log-File anbei Na dann bin ich erst mal beruhigt... VMWare nutze ich. Hatte ich aber schon länger nicht mehr aktiv. Zur Sicherheit werde ich mal das Testsystem dort löschen und neu installieren. War eh nur Win 7 zu Testzwecken drauf. Der T-Com Mitarbeiter hat mich einen DNS Test machen lassen: hxxp://www.thinkbroadband.com/tools/dnscheck.html Dort kam erst eine Alarmmeldung. Nachdem ich nun (Tipp vom T-Com Mitarbeiter) den UDP Port 53 weitergeleitet hab auf eine interne IP bringt der oben genannte Test auch eine "alles in Ordnung" Meldung. Er meinte auch, dass die Meldung von der T-Com auch eben was mit diesem UDP 53 Port zu tun hätte (jedenfalls glaube ich mich an diese Aussage erinnern zu können). Ansonsten waren die Tipps halt alle Antiviren- und Malwareapps durchlaufen zu lassen, was ich ja ohnehin schon gemacht hatte. Jetzt hab ich aber bemerkt, dass die letzte Aktion mit Combofix mir mein strokeit irgendwie gelöscht oder zerschossen hat. Geht nicht mehr. Stroke it ist dafür da, Mausgesten zu erkennen. Startete immer mit win 7 - nun ist es ganz verschwunden. Kann man das, was mit combofix verändert wurde wieder rückgängig machen. Denn ich denke, so weit war ja nichts auffälliges. Jedoch hatte combofix dennoch einige Sachen wohl gelöscht (soweit ich das aus der LOG interpretieren kann). |
|
14.02.2013, 22:54
| #10 |
| /// Malware-holic | Email von Telekom-Abuse-Team | Log-File anbei Hi, Stroke i: StrokeIt - Mouse Gestures for Windows reinstalieren. Wir müssten trotzdem noch einiges löschen, an Adware. Wenn das Programm läuft: lade den CCleaner standard: http://filepony.de/download-ccleaner/ falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.02.2013, 23:08
| #11 |
| | Email von Telekom-Abuse-Team | Log-File anbei Hi Markus, also, anbei die Liste. Ich habe aber jetzt nicht hinter jedes Programm was geschrieben, denn ich kenne und benötige ausnahmslos alle von denen: Code:
ATTFilter Adobe Acrobat 9 Pro Extended 64-bit Add-On Adobe Systems Incorporated 12.01.2013 38,0KB 9.0.0 Adobe Acrobat XI Pro Adobe Systems 15.01.2013 2,80GB 11.0.01 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.02.2013 6,00MB 11.5.502.149 CanoScan Toolbox Ver4.9 12.01.2013 CCleaner Piriform 23.01.2013 3.27 DirComp Wirth IT Design 15.01.2013 1,37MB 2.08.0000 Dropbox Dropbox, Inc. 25.01.2013 1.6.16 FreeFileSync 5.11 Zenju 14.01.2013 5.11 Google Chrome Google Inc. 08.01.2013 24.0.1312.57 HD Tune 2.55 EFD Software 05.02.2013 Java 7 Update 13 (64-bit) Oracle 12.02.2013 128MB 7.0.130 Java SE Development Kit 7 Update 13 (64-bit) Oracle 12.02.2013 189MB 1.7.0.130 JDownloader 2 AppWork GmbH 13.01.2013 2 Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 07.02.2013 18,4MB 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.01.2013 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 09.01.2013 2,93MB 4.0.30319 Microsoft LifeCam Microsoft Corporation 08.01.2013 60,5MB 3.22.270.0 Microsoft Office Professional Plus 2010 Microsoft Corporation 09.01.2013 14.0.6029.1000 Microsoft Security Essentials Microsoft Corporation 08.01.2013 4.1.522.0 Microsoft Silverlight Microsoft Corporation 08.01.2013 50,6MB 5.1.10411.0 Microsoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Corporation 14.01.2013 1,33MB 2.0.1578.0 Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Corporation 14.01.2013 3,20MB 2.0.1578.0 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 29.01.2013 780KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 30.01.2013 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21.01.2013 594KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.01.2013 224KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 22.01.2013 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 09.01.2013 15,2MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 22.01.2013 15,0MB 10.0.40219 Microsoft-Maus- und Tastatur-Center Microsoft Corporation 11.01.2013 2.0.162.0 Mozilla Firefox 18.0 (x86 de) Mozilla 08.01.2013 43,2MB 18.0 Mozilla Maintenance Service Mozilla 08.01.2013 217KB 18.0 Mp3tag v2.54 Florian Heidenreich 25.01.2013 v2.54 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 29.01.2013 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 29.01.2013 1,33MB 4.20.9876.0 Music Manager Google, Inc. 25.01.2013 Nero 12 Nero AG 28.01.2013 1,33GB 12.0.02900 Nero BurningROM 12 Nero AG 28.01.2013 253MB 12.0.00300 Nero CoverDesigner Nero AG 28.01.2013 142MB 12.0.00900 Rainmeter 08.01.2013 2.4 r1678 Samsung SSD Magician Samsung Electronics 13.01.2013 45,8MB 3.2 Skype™ 6.1 Skype Technologies S.A. 16.01.2013 21,1MB 6.1.129 Splashtop Software Updater Splashtop Inc. 06.02.2013 1.5.6.10 Splashtop Streamer Splashtop Inc. 06.02.2013 25,3MB 2.2.5.1 StarMoney 8.0 Star Finanz GmbH 09.01.2013 8.0 StrokeIt 08.01.2013 StrokeIt (Deutsch) 08.01.2013 SyncToy 2.1 (x64) Microsoft 14.01.2013 1,45MB 2.1.0 TeamViewer 8 TeamViewer 09.01.2013 8.0.16642 VLC media player 2.0.5 VideoLAN 17.01.2013 2.0.5 VMware Workstation VMware, Inc 29.01.2013 3,25GB 9.0.1 WinRAR 4.20 (64-Bit) win.rar GmbH 08.01.2013 4.20.0 WISO Steuer-Sparbuch 2013 Buhl Data Service GmbH 21.01.2013 20.00.8137 |
|
14.02.2013, 23:30
| #12 |
| /// Malware-holic | Email von Telekom-Abuse-Team | Log-File anbei TeamViewer würd ich nur bei Bedarf instalieren. Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Email von Telekom-Abuse-Team | Log-File anbei |
| adblock, antivirus, autorun, bho, browser, email, exploit:java/blacole.gl, exploit:js/blacole.hi, festplatte, flash player, format, helper, hijack, homepage, hängen, jdownloader, karte, kreditkarte, neu aufsetzen, object, realtek, registry, robot, security, sicherheit, software, starmoney, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
