Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte (https://www.trojaner-board.de/120845-yahoo-mail-acc-verschickt-spam-mails-persoenliche-kontakte.html)

cosinus 08.08.2012 11:54
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

KurosakiIchi 08.08.2012 18:37
hier der report zum TDSS-killer:

Code:
19:28:23.0692 3576        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:28:23.0739 3576        ============================================================
19:28:23.0739 3576        Current date / time: 2012/08/08 19:28:23.0739
19:28:23.0739 3576        SystemInfo:
19:28:23.0739 3576       
19:28:23.0739 3576        OS Version: 6.0.6002 ServicePack: 2.0
19:28:23.0739 3576        Product type: Workstation
19:28:23.0739 3576        ComputerName: THOMAS-PC
19:28:23.0739 3576        UserName: Thomas
19:28:23.0739 3576        Windows directory: C:\Windows
19:28:23.0739 3576        System windows directory: C:\Windows
19:28:23.0739 3576        Running under WOW64
19:28:23.0739 3576        Processor architecture: Intel x64
19:28:23.0739 3576        Number of processors: 2
19:28:23.0739 3576        Page size: 0x1000
19:28:23.0739 3576        Boot type: Normal boot
19:28:23.0739 3576        ============================================================
19:28:24.0239 3576        Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:28:24.0254 3576        ============================================================
19:28:24.0254 3576        \Device\Harddisk0\DR0:
19:28:24.0254 3576        MBR partitions:
19:28:24.0254 3576        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8EBF64
19:28:24.0270 3576        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE8EBFE2, BlocksNum 0xE108121
19:28:24.0285 3576        \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x1C9F4142, BlocksNum 0x7D043F
19:28:24.0285 3576        ============================================================
19:28:24.0317 3576        C: <-> \Device\Harddisk0\DR0\Partition0
19:28:24.0395 3576        D: <-> \Device\Harddisk0\DR0\Partition1
19:28:24.0410 3576        E: <-> \Device\Harddisk0\DR0\Partition2
19:28:24.0410 3576        ============================================================
19:28:24.0410 3576        Initialize success
19:28:24.0410 3576        ============================================================
19:29:54.0780 1664        ============================================================
19:29:54.0780 1664        Scan started
19:29:54.0780 1664        Mode: Manual; SigCheck; TDLFS;
19:29:54.0780 1664        ============================================================
19:29:55.0108 1664        ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:29:55.0217 1664        ACPI - ok
19:29:55.0358 1664        AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:29:55.0358 1664        AdobeFlashPlayerUpdateSvc - ok
19:29:55.0436 1664        adp94xx        (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:29:55.0467 1664        adp94xx - ok
19:29:55.0514 1664        adpahci        (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:29:55.0545 1664        adpahci - ok
19:29:55.0577 1664        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:29:55.0592 1664        adpu160m - ok
19:29:55.0639 1664        adpu320        (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:29:55.0663 1664        adpu320 - ok
19:29:55.0726 1664        AeLookupSvc    (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
19:29:55.0898 1664        AeLookupSvc - ok
19:29:55.0976 1664        AFD            (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
19:29:56.0056 1664        AFD - ok
19:29:56.0087 1664        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:29:56.0103 1664        agp440 - ok
19:29:56.0134 1664        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:29:56.0150 1664        aic78xx - ok
19:29:56.0181 1664        ALG            (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
19:29:56.0353 1664        ALG - ok
19:29:56.0384 1664        aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:29:56.0400 1664        aliide - ok
19:29:56.0431 1664        AMD External Events Utility (dceee24e57e8176115207312f827c130) C:\Windows\system32\atiesrxx.exe
19:29:56.0525 1664        AMD External Events Utility - ok
19:29:56.0541 1664        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:29:56.0556 1664        amdide - ok
19:29:56.0572 1664        AmdK8          (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:29:56.0619 1664        AmdK8 - ok
19:29:56.0978 1664        amdkmdag        (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
19:29:57.0322 1664        amdkmdag - ok
19:29:57.0462 1664        amdkmdap        (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
19:29:57.0509 1664        amdkmdap - ok
19:29:57.0572 1664        AnyDVD          (ace1f390f0398e7b3fe36c98fba67575) C:\Windows\system32\Drivers\AnyDVD.sys
19:29:57.0619 1664        AnyDVD - ok
19:29:57.0650 1664        Appinfo        (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
19:29:57.0681 1664        Appinfo - ok
19:29:58.0056 1664        Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:29:58.0072 1664        Apple Mobile Device - ok
19:29:58.0119 1664        AppMgmt        (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll
19:29:58.0181 1664        AppMgmt - ok
19:29:58.0212 1664        arc            (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:29:58.0228 1664        arc - ok
19:29:58.0259 1664        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:29:58.0275 1664        arcsas - ok
19:29:58.0306 1664        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:29:58.0369 1664        AsyncMac - ok
19:29:58.0416 1664        atapi          (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:29:58.0416 1664        atapi - ok
19:29:58.0462 1664        AtiHDAudioService (5d6566d19fccaf8a10d46b6c479227a9) C:\Windows\system32\drivers\AtihdLH6.sys
19:29:58.0478 1664        AtiHDAudioService - ok
19:29:58.0775 1664        AtiHdmiService  (1251677c31ca7d08795a6ee939f2e605) C:\Windows\system32\drivers\AtiHdmi.sys
19:29:58.0791 1664        AtiHdmiService - ok
19:30:04.0896 1664        atikmdag        (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
19:30:05.0131 1664        atikmdag - ok
19:30:06.0545 1664        atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
19:30:06.0561 1664        atksgt - ok
19:30:06.0624 1664        AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:30:06.0670 1664        AudioEndpointBuilder - ok
19:30:06.0686 1664        AudioSrv        (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:30:06.0717 1664        AudioSrv - ok
19:30:06.0811 1664        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:30:06.0858 1664        blbdrive - ok
19:30:07.0046 1664        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:30:07.0078 1664        Bonjour Service - ok
19:30:07.0141 1664        bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:30:07.0188 1664        bowser - ok
19:30:07.0204 1664        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:30:07.0251 1664        BrFiltLo - ok
19:30:07.0282 1664        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:30:07.0329 1664        BrFiltUp - ok
19:30:07.0360 1664        Browser        (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
19:30:07.0407 1664        Browser - ok
19:30:07.0438 1664        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:30:07.0642 1664        Brserid - ok
19:30:07.0658 1664        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:30:07.0736 1664        BrSerWdm - ok
19:30:07.0783 1664        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:30:07.0892 1664        BrUsbMdm - ok
19:30:07.0908 1664        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:30:07.0986 1664        BrUsbSer - ok
19:30:08.0017 1664        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:30:08.0143 1664        BTHMODEM - ok
19:30:08.0190 1664        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:30:08.0252 1664        cdfs - ok
19:30:08.0284 1664        cdrom          (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:30:08.0315 1664        cdrom - ok
19:30:08.0362 1664        CertPropSvc    (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:30:08.0409 1664        CertPropSvc - ok
19:30:08.0550 1664        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:30:08.0597 1664        circlass - ok
19:30:08.0644 1664        CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:30:08.0675 1664        CLFS - ok
19:30:08.0770 1664        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:08.0786 1664        clr_optimization_v2.0.50727_32 - ok
19:30:08.0833 1664        clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:30:08.0848 1664        clr_optimization_v2.0.50727_64 - ok
19:30:08.0911 1664        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:30:08.0942 1664        clr_optimization_v4.0.30319_32 - ok
19:30:08.0958 1664        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:30:08.0973 1664        clr_optimization_v4.0.30319_64 - ok
19:30:08.0989 1664        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:30:09.0004 1664        cmdide - ok
19:30:09.0020 1664        Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
19:30:09.0036 1664        Compbatt - ok
19:30:09.0051 1664        COMSysApp - ok
19:30:09.0067 1664        crcdisk        (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:30:09.0083 1664        crcdisk - ok
19:30:09.0145 1664        CryptSvc        (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
19:30:09.0194 1664        CryptSvc - ok
19:30:09.0241 1664        CSC            (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
19:30:09.0319 1664        CSC - ok
19:30:09.0366 1664        CscService      (1b5f256d31836ed2ba60b3a6c800200c) C:\Windows\System32\cscsvc.dll
19:30:09.0428 1664        CscService - ok
19:30:09.0491 1664        DcomLaunch      (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:30:09.0553 1664        DcomLaunch - ok
19:30:09.0819 1664        DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:30:09.0866 1664        DfsC - ok
19:30:14.0827 1664        DFSR            (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
19:30:15.0014 1664        DFSR - ok
19:30:15.0124 1664        Dhcp            (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
19:30:15.0186 1664        Dhcp - ok
19:30:15.0592 1664        disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:30:15.0624 1664        disk - ok
19:30:15.0702 1664        Dnscache        (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
19:30:15.0764 1664        Dnscache - ok
19:30:15.0795 1664        dot3svc        (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
19:30:15.0842 1664        dot3svc - ok
19:30:15.0874 1664        DPS            (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
19:30:15.0936 1664        DPS - ok
19:30:15.0983 1664        drmkaud        (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:30:16.0280 1664        drmkaud - ok
19:30:16.0366 1664        DXGKrnl        (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:30:16.0445 1664        DXGKrnl - ok
19:30:16.0507 1664        E1G60          (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:30:16.0882 1664        E1G60 - ok
19:30:16.0921 1664        EapHost        (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
19:30:17.0314 1664        EapHost - ok
19:30:17.0361 1664        Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:30:17.0376 1664        Ecache - ok
19:30:17.0423 1664        ehRecvr        (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
19:30:17.0611 1664        ehRecvr - ok
19:30:17.0626 1664        ehSched        (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
19:30:17.0751 1664        ehSched - ok
19:30:17.0783 1664        ehstart        (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
19:30:17.0955 1664        ehstart - ok
19:30:18.0001 1664        ElbyCDIO        (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
19:30:18.0017 1664        ElbyCDIO - ok
19:30:18.0064 1664        elxstor        (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:30:18.0126 1664        elxstor - ok
19:30:18.0173 1664        EMDMgmt        (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
19:30:18.0236 1664        EMDMgmt - ok
19:30:18.0267 1664        ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:30:18.0314 1664        ErrDev - ok
19:30:18.0376 1664        EventSystem    (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
19:30:18.0439 1664        EventSystem - ok
19:30:18.0736 1664        exfat          (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:30:18.0798 1664        exfat - ok
19:30:18.0830 1664        fastfat        (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:30:18.0892 1664        fastfat - ok
19:30:18.0939 1664        Fax            (989a776a2ff32a148fcf15c44058b129) C:\Windows\system32\fxssvc.exe
19:30:19.0001 1664        Fax - ok
19:30:19.0017 1664        fdc            (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:30:19.0080 1664        fdc - ok
19:30:19.0142 1664        fdPHost        (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
19:30:19.0189 1664        fdPHost - ok
19:30:19.0205 1664        FDResPub        (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
19:30:19.0267 1664        FDResPub - ok
19:30:19.0298 1664        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:30:19.0314 1664        FileInfo - ok
19:30:19.0330 1664        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:30:19.0376 1664        Filetrace - ok
19:30:19.0431 1664        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:30:19.0462 1664        flpydisk - ok
19:30:19.0478 1664        FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:30:19.0541 1664        FltMgr - ok
19:30:19.0791 1664        FontCache      (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
19:30:19.0900 1664        FontCache - ok
19:30:20.0056 1664        FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:30:20.0072 1664        FontCache3.0.0.0 - ok
19:30:20.0119 1664        Fs_Rec          (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
19:30:20.0166 1664        Fs_Rec - ok
19:30:20.0181 1664        fvevol          (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
19:30:20.0197 1664        fvevol - ok
19:30:20.0213 1664        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:30:20.0229 1664        gagp30kx - ok
19:30:20.0276 1664        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:30:20.0276 1664        GEARAspiWDM - ok
19:30:20.0621 1664        gpsvc          (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
19:30:20.0746 1664        gpsvc - ok
19:30:20.0839 1664        HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
19:30:20.0871 1664        HdAudAddService - ok
19:30:23.0511 1664        HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:30:23.0589 1664        HDAudBus - ok
19:30:23.0761 1664        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:30:23.0824 1664        HidBth - ok
19:30:23.0933 1664        HidIr          (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:30:23.0996 1664        HidIr - ok
19:30:24.0027 1664        hidserv        (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
19:30:24.0058 1664        hidserv - ok
19:30:24.0152 1664        HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:30:24.0214 1664        HidUsb - ok
19:30:24.0230 1664        hkmsvc          (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
19:30:24.0292 1664        hkmsvc - ok
19:30:24.0339 1664        HpCISSs        (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:30:24.0355 1664        HpCISSs - ok
19:30:24.0886 1664        HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:30:24.0964 1664        HTTP - ok
19:30:24.0980 1664        hwdatacard - ok
19:30:25.0011 1664        i2omp          (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:30:25.0011 1664        i2omp - ok
19:30:25.0042 1664        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:30:25.0089 1664        i8042prt - ok
19:30:25.0199 1664        iaStorV        (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:30:25.0246 1664        iaStorV - ok
19:30:25.0964 1664        idsvc          (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:30:26.0011 1664        idsvc - ok
19:30:26.0042 1664        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:30:26.0058 1664        iirsp - ok
19:30:26.0246 1664        IKEEXT          (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
19:30:26.0309 1664        IKEEXT - ok
19:30:28.0918 1664        IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
19:30:29.0137 1664        IntcAzAudAddService - ok
19:30:29.0887 1664        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:30:29.0903 1664        intelide - ok
19:30:29.0918 1664        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:30:29.0965 1664        intelppm - ok
19:30:30.0372 1664        IPBusEnum      (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
19:30:30.0434 1664        IPBusEnum - ok
19:30:30.0559 1664        IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:30:30.0606 1664        IpFilterDriver - ok
19:30:30.0622 1664        IpInIp - ok
19:30:30.0747 1664        IPMIDRV        (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:30:30.0793 1664        IPMIDRV - ok
19:30:31.0177 1664        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:30:31.0227 1664        IPNAT - ok
19:30:33.0545 1664        iPod Service    (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
19:30:33.0829 1664        iPod Service - ok
19:30:33.0948 1664        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:30:33.0987 1664        IRENUM - ok
19:30:34.0014 1664        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:30:34.0027 1664        isapnp - ok
19:30:34.0075 1664        iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:30:34.0101 1664        iScsiPrt - ok
19:30:34.0123 1664        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:30:34.0134 1664        iteatapi - ok
19:30:34.0195 1664        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:30:34.0227 1664        iteraid - ok
19:30:34.0333 1664        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:30:34.0365 1664        kbdclass - ok
19:30:34.0380 1664        kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:30:34.0427 1664        kbdhid - ok
19:30:34.0458 1664        KeyIso          (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:30:34.0505 1664        KeyIso - ok
19:30:34.0583 1664        KSecDD          (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
19:30:34.0615 1664        KSecDD - ok
19:30:34.0646 1664        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:30:34.0693 1664        ksthunk - ok
19:30:34.0740 1664        KtmRm          (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
19:30:34.0818 1664        KtmRm - ok
19:30:34.0912 1664        L8042Kbd        (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
19:30:34.0912 1664        L8042Kbd - ok
19:30:34.0958 1664        LanmanServer    (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
19:30:35.0005 1664        LanmanServer - ok
19:30:35.0053 1664        LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
19:30:35.0116 1664        LanmanWorkstation - ok
19:30:35.0772 1664        LBTServ        (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
19:30:35.0803 1664        LBTServ - ok
19:30:35.0866 1664        LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:30:35.0881 1664        LHidFilt - ok
19:30:35.0928 1664        lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
19:30:35.0944 1664        lirsgt - ok
19:30:35.0944 1664        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:30:36.0006 1664        lltdio - ok
19:30:36.0913 1664        lltdsvc        (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
19:30:36.0975 1664        lltdsvc - ok
19:30:37.0030 1664        lmhosts        (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
19:30:37.0100 1664        lmhosts - ok
19:30:37.0147 1664        LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:30:37.0163 1664        LMouFilt - ok
19:30:37.0209 1664        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:30:37.0225 1664        LSI_FC - ok
19:30:37.0303 1664        LSI_SAS        (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:30:37.0336 1664        LSI_SAS - ok
19:30:37.0352 1664        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:30:37.0368 1664        LSI_SCSI - ok
19:30:37.0430 1664        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:30:37.0493 1664        luafv - ok
19:30:37.0555 1664        MBAMProtector  (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:30:37.0571 1664        MBAMProtector - ok
19:30:37.0946 1664        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:30:38.0164 1664        MBAMService - ok
19:30:38.0196 1664        Mcx2Svc        (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
19:30:38.0289 1664        Mcx2Svc - ok
19:30:38.0414 1664        megasas        (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:30:38.0446 1664        megasas - ok
19:30:39.0321 1664        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:30:39.0539 1664        MegaSR - ok
19:30:39.0680 1664        MEMSWEEP2      (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\9C32.tmp
19:30:39.0696 1664        MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning
19:30:39.0696 1664        MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)
19:30:39.0930 1664        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:30:39.0930 1664        Microsoft Office Groove Audit Service - ok
19:30:39.0961 1664        MMCSS          (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:30:40.0024 1664        MMCSS - ok
19:30:40.0039 1664        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:30:40.0086 1664        Modem - ok
19:30:40.0133 1664        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:30:40.0180 1664        monitor - ok
19:30:40.0196 1664        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:30:40.0211 1664        mouclass - ok
19:30:40.0227 1664        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:30:40.0289 1664        mouhid - ok
19:30:40.0540 1664        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:30:40.0556 1664        MountMgr - ok
19:30:40.0619 1664        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:30:40.0634 1664        MozillaMaintenance - ok
19:30:40.0681 1664        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:30:40.0697 1664        mpio - ok
19:30:40.0712 1664        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:30:40.0744 1664        mpsdrv - ok
19:30:40.0744 1664        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:30:40.0759 1664        Mraid35x - ok
19:30:40.0790 1664        MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:30:40.0822 1664        MRxDAV - ok
19:30:40.0869 1664        mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:30:40.0900 1664        mrxsmb - ok
19:30:41.0119 1664        mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:30:41.0165 1664        mrxsmb10 - ok
19:30:41.0181 1664        mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:30:41.0212 1664        mrxsmb20 - ok
19:30:41.0244 1664        msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:30:41.0259 1664        msahci - ok
19:30:41.0556 1664        msdsm          (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:30:41.0603 1664        msdsm - ok
19:30:42.0009 1664        MSDTC          (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
19:30:42.0056 1664        MSDTC - ok
19:30:42.0087 1664        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:30:42.0134 1664        Msfs - ok
19:30:42.0165 1664        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:30:42.0181 1664        msisadrv - ok
19:30:42.0212 1664        MSiSCSI        (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
19:30:42.0244 1664        MSiSCSI - ok
19:30:42.0244 1664        msiserver - ok
19:30:42.0290 1664        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:30:42.0337 1664        MSKSSRV - ok
19:30:42.0369 1664        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:30:42.0415 1664        MSPCLOCK - ok
19:30:42.0431 1664        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:30:42.0462 1664        MSPQM - ok
19:30:42.0947 1664        MsRPC          (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:30:42.0978 1664        MsRPC - ok
19:30:43.0150 1664        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:30:43.0181 1664        mssmbios - ok
19:30:43.0212 1664        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:30:43.0259 1664        MSTEE - ok
19:30:43.0495 1664        Mup            (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:30:43.0541 1664        Mup - ok
19:30:43.0916 1664        napagent        (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
19:30:43.0979 1664        napagent - ok
19:30:44.0026 1664        NativeWifiP    (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:30:44.0104 1664        NativeWifiP - ok
19:30:44.0323 1664        NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:30:44.0370 1664        NDIS - ok
19:30:44.0416 1664        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:30:44.0463 1664        NdisTapi - ok
19:30:44.0557 1664        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:30:44.0620 1664        Ndisuio - ok
19:30:45.0073 1664        NdisWan        (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:30:45.0120 1664        NdisWan - ok
19:30:45.0323 1664        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:30:45.0354 1664        NDProxy - ok
19:30:45.0385 1664        Netaapl - ok
19:30:45.0416 1664        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:30:45.0463 1664        NetBIOS - ok
19:30:46.0402 1664        netbt          (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:30:46.0449 1664        netbt - ok
19:30:46.0480 1664        Netlogon        (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:30:46.0496 1664        Netlogon - ok
19:30:46.0667 1664        Netman          (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
19:30:46.0746 1664        Netman - ok
19:30:47.0841 1664        netprofm        (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
19:30:47.0888 1664        netprofm - ok
19:30:49.0453 1664        netr28ux        (c553716f6f7bca3444cee52dfb7c9016) C:\Windows\system32\DRIVERS\netr28ux.sys
19:30:49.0499 1664        netr28ux - ok
19:30:49.0945 1664        NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:30:49.0960 1664        NetTcpPortSharing - ok
19:30:50.0039 1664        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:30:50.0054 1664        nfrd960 - ok
19:30:50.0093 1664        NlaSvc          (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
19:30:50.0156 1664        NlaSvc - ok
19:30:50.0374 1664        Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:30:50.0445 1664        Npfs - ok
19:30:50.0551 1664        nsi            (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
19:30:50.0604 1664        nsi - ok
19:30:50.0634 1664        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:30:50.0689 1664        nsiproxy - ok
19:30:51.0420 1664        Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:30:51.0518 1664        Ntfs - ok
19:30:54.0110 1664        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:30:54.0157 1664        Null - ok
19:30:54.0453 1664        nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:30:54.0477 1664        nvraid - ok
19:30:54.0500 1664        nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:30:54.0514 1664        nvstor - ok
19:30:54.0567 1664        nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:30:54.0594 1664        nv_agp - ok
19:30:54.0594 1664        NwlnkFlt - ok
19:30:54.0610 1664        NwlnkFwd - ok
19:30:55.0862 1664        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:30:55.0909 1664        odserv - ok
19:30:55.0940 1664        ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
19:30:55.0994 1664        ohci1394 - ok
19:30:56.0073 1664        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:30:56.0088 1664        ose - ok
19:30:56.0987 1664        p2pimsvc        (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:30:57.0073 1664        p2pimsvc - ok
19:30:57.0088 1664        p2psvc          (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:30:57.0112 1664        p2psvc - ok
19:30:57.0174 1664        Parport        (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
19:30:57.0229 1664        Parport - ok
19:30:57.0570 1664        partmgr        (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
19:30:57.0588 1664        partmgr - ok
19:30:57.0636 1664        PcaSvc          (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
19:30:57.0683 1664        PcaSvc - ok
19:30:57.0730 1664        pci            (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:30:57.0745 1664        pci - ok
19:30:57.0808 1664        pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
19:30:57.0839 1664        pciide - ok
19:30:57.0863 1664        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:30:57.0886 1664        pcmcia - ok
19:30:57.0972 1664        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:30:58.0074 1664        PEAUTH - ok
19:30:59.0575 1664        PerfHost        (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
19:30:59.0632 1664        PerfHost - ok
19:31:00.0008 1664        pla            (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
19:31:00.0110 1664        pla - ok
19:31:01.0379 1664        PlugPlay        (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
19:31:01.0447 1664        PlugPlay - ok
19:31:03.0877 1664        PNRPAutoReg    (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:31:03.0908 1664        PNRPAutoReg - ok
19:31:03.0924 1664        PNRPsvc        (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:31:03.0963 1664        PNRPsvc - ok
19:31:04.0010 1664        PolicyAgent    (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
19:31:04.0072 1664        PolicyAgent - ok
19:31:04.0119 1664        PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:31:04.0166 1664        PptpMiniport - ok
19:31:04.0197 1664        Processor      (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:31:04.0244 1664        Processor - ok
19:31:04.0260 1664        ProfSvc        (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
19:31:04.0307 1664        ProfSvc - ok
19:31:04.0354 1664        ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:31:04.0354 1664        ProtectedStorage - ok
19:31:04.0729 1664        PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:31:04.0776 1664        PSched - ok
19:31:05.0182 1664        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:31:05.0244 1664        ql2300 - ok
19:31:05.0635 1664        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:31:05.0651 1664        ql40xx - ok
19:31:06.0541 1664        QWAVE          (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
19:31:06.0604 1664        QWAVE - ok
19:31:06.0619 1664        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:31:06.0651 1664        QWAVEdrv - ok
19:31:06.0682 1664        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:31:06.0729 1664        RasAcd - ok
19:31:06.0744 1664        RasAuto        (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
19:31:06.0807 1664        RasAuto - ok
19:31:07.0198 1664        Rasl2tp        (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:31:07.0245 1664        Rasl2tp - ok
19:31:07.0292 1664        RasMan          (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
19:31:07.0339 1664        RasMan - ok
19:31:07.0558 1664        RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:31:07.0643 1664        RasPppoe - ok
19:31:07.0924 1664        RasSstp        (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:31:07.0971 1664        RasSstp - ok
19:31:08.0018 1664        rdbss          (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:31:08.0065 1664        rdbss - ok
19:31:08.0096 1664        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:31:08.0143 1664        RDPCDD - ok
19:31:08.0894 1664        rdpdr          (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
19:31:08.0925 1664        rdpdr - ok
19:31:09.0003 1664        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:31:09.0066 1664        RDPENCDD - ok
19:31:09.0785 1664        RDPWD          (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
19:31:09.0832 1664        RDPWD - ok
19:31:09.0895 1664        RemoteAccess    (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
19:31:09.0957 1664        RemoteAccess - ok
19:31:10.0725 1664        RemoteRegistry  (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
19:31:10.0803 1664        RemoteRegistry - ok
19:31:10.0897 1664        RpcLocator      (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
19:31:10.0912 1664        RpcLocator - ok
19:31:11.0069 1664        RpcSs          (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:31:11.0115 1664        RpcSs - ok
19:31:11.0256 1664        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:31:11.0287 1664        rspndr - ok
19:31:11.0365 1664        RTL8169        (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
19:31:11.0412 1664        RTL8169 - ok
19:31:11.0459 1664        SamSs          (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:31:11.0475 1664        SamSs - ok
19:31:11.0506 1664        SAVRKBootTasks - ok
19:31:11.0537 1664        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:31:11.0553 1664        sbp2port - ok
19:31:11.0615 1664        SCardSvr        (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
19:31:11.0662 1664        SCardSvr - ok
19:31:13.0055 1664        Schedule        (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
19:31:13.0117 1664        Schedule - ok
19:31:13.0149 1664        SCPolicySvc    (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:31:13.0180 1664        SCPolicySvc - ok
19:31:13.0664 1664        SDRSVC          (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
19:31:13.0711 1664        SDRSVC - ok
19:31:13.0727 1664        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:31:13.0804 1664        secdrv - ok
19:31:13.0929 1664        seclogon        (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
19:31:13.0984 1664        seclogon - ok
19:31:14.0249 1664        SENS            (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
19:31:14.0296 1664        SENS - ok
19:31:14.0390 1664        Serenum        (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
19:31:14.0452 1664        Serenum - ok
19:31:14.0491 1664        Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
19:31:14.0546 1664        Serial - ok
19:31:14.0648 1664        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:31:14.0695 1664        sermouse - ok
19:31:14.0991 1664        SessionEnv      (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
19:31:15.0077 1664        SessionEnv - ok
19:31:15.0124 1664        sffdisk        (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:31:15.0179 1664        sffdisk - ok
19:31:15.0195 1664        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:31:15.0249 1664        sffp_mmc - ok
19:31:15.0312 1664        sffp_sd        (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:31:15.0366 1664        sffp_sd - ok
19:31:15.0374 1664        sfloppy        (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:31:15.0445 1664        sfloppy - ok
19:31:16.0539 1664        ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
19:31:16.0602 1664        ShellHWDetection - ok
19:31:16.0633 1664        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:31:16.0633 1664        SiSRaid2 - ok
19:31:16.0664 1664        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:31:16.0680 1664        SiSRaid4 - ok
19:31:17.0289 1664        SkypeUpdate    (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:31:17.0305 1664        SkypeUpdate - ok
19:31:19.0305 1664        slsvc          (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
19:31:19.0492 1664        slsvc - ok
19:31:22.0024 1664        SLUINotify      (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
19:31:22.0055 1664        SLUINotify - ok
19:31:22.0461 1664        Smb            (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:31:22.0539 1664        Smb - ok
19:31:22.0586 1664        SNMPTRAP        (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
19:31:22.0617 1664        SNMPTRAP - ok
19:31:22.0633 1664        spldr          (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:31:22.0649 1664        spldr - ok
19:31:22.0680 1664        Spooler        (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
19:31:22.0727 1664        Spooler - ok
19:31:24.0039 1664        sptd            (88e5162e58c8919cc873f5d8946197cf) C:\Windows\System32\Drivers\sptd.sys
19:31:24.0086 1664        sptd - ok
19:31:25.0633 1664        srv            (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:31:25.0711 1664        srv - ok
19:31:25.0758 1664        srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:31:25.0820 1664        srv2 - ok
19:31:25.0836 1664        srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:31:25.0852 1664        srvnet - ok
19:31:25.0899 1664        SSDPSRV        (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
19:31:25.0945 1664        SSDPSRV - ok
19:31:25.0992 1664        SstpSvc        (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
19:31:26.0024 1664        SstpSvc - ok
19:31:26.0274 1664        stisvc          (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
19:31:26.0320 1664        stisvc - ok
19:31:26.0352 1664        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:31:26.0367 1664        swenum - ok
19:31:27.0024 1664        swprv          (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
19:31:27.0070 1664        swprv - ok
19:31:27.0289 1664        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:31:27.0305 1664        Symc8xx - ok
19:31:27.0320 1664        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:31:27.0336 1664        Sym_hi - ok
19:31:27.0352 1664        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:31:27.0367 1664        Sym_u3 - ok
19:31:27.0977 1664        SysMain        (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
19:31:28.0055 1664        SysMain - ok
19:31:28.0383 1664        TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
19:31:28.0414 1664        TabletInputService - ok
19:31:28.0445 1664        TapiSrv        (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
19:31:28.0492 1664        TapiSrv - ok
19:31:28.0524 1664        TBS            (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
19:31:28.0570 1664        TBS - ok
19:31:29.0352 1664        Tcpip          (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
19:31:29.0445 1664        Tcpip - ok
19:31:33.0852 1664        Tcpip6          (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
19:31:33.0977 1664        Tcpip6 - ok
19:31:34.0602 1664        tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:31:34.0617 1664        tcpipreg - ok
19:31:34.0727 1664        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:31:34.0789 1664        TDPIPE - ok
19:31:34.0820 1664        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:31:34.0867 1664        TDTCP - ok
19:31:34.0883 1664        tdx            (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:31:34.0914 1664        tdx - ok
19:31:35.0039 1664        TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:31:35.0055 1664        TermDD - ok
19:31:35.0102 1664        TermService    (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
19:31:35.0195 1664        TermService - ok
19:31:36.0275 1664        Themes          (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
19:31:36.0290 1664        Themes - ok
19:31:36.0446 1664        THREADORDER    (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:31:36.0493 1664        THREADORDER - ok
19:31:36.0931 1664        TrkWks          (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
19:31:36.0993 1664        TrkWks - ok
19:31:37.0040 1664        TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
19:31:37.0071 1664        TrustedInstaller - ok
19:31:37.0220 1664        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:31:37.0251 1664        tssecsrv - ok
19:31:37.0282 1664        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:31:37.0314 1664        tunmp - ok
19:31:37.0376 1664        tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:31:37.0407 1664        tunnel - ok
19:31:37.0423 1664        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:31:37.0439 1664        uagp35 - ok
19:31:38.0126 1664        udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:31:38.0189 1664        udfs - ok
19:31:38.0345 1664        UI0Detect      (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
19:31:38.0407 1664        UI0Detect - ok
19:31:38.0673 1664        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:31:38.0689 1664        uliagpkx - ok
19:31:38.0720 1664        uliahci        (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:31:38.0736 1664        uliahci - ok
19:31:38.0767 1664        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:31:38.0782 1664        UlSata - ok
19:31:38.0798 1664        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:31:38.0829 1664        ulsata2 - ok
19:31:38.0845 1664        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:31:38.0892 1664        umbus - ok
19:31:39.0048 1664        UmRdpService    (dc5e34f189b827199b9cc8481c648269) C:\Windows\System32\umrdp.dll
19:31:39.0079 1664        UmRdpService - ok
19:31:39.0595 1664        upnphost        (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
19:31:39.0657 1664        upnphost - ok
19:31:39.0704 1664        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:31:39.0736 1664        USBAAPL64 - ok
19:31:39.0798 1664        usbaudio        (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
19:31:39.0829 1664        usbaudio - ok
19:31:39.0876 1664        usbccgp        (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:31:39.0923 1664        usbccgp - ok
19:31:39.0939 1664        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:31:40.0001 1664        usbcir - ok
19:31:40.0126 1664        usbehci        (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:31:40.0173 1664        usbehci - ok
19:31:40.0204 1664        usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:31:40.0251 1664        usbhub - ok
19:31:40.0314 1664        usbohci        (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:31:40.0392 1664        usbohci - ok
19:31:40.0501 1664        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
19:31:40.0548 1664        usbprint - ok
19:31:40.0595 1664        usbscan        (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
19:31:40.0642 1664        usbscan - ok
19:31:40.0657 1664        USBSTOR        (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:31:40.0704 1664        USBSTOR - ok
19:31:40.0736 1664        usbuhci        (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:31:40.0767 1664        usbuhci - ok
19:31:40.0876 1664        UxSms          (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
19:31:40.0923 1664        UxSms - ok
19:31:40.0954 1664        vds            (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
19:31:41.0017 1664        vds - ok
19:31:41.0142 1664        vga            (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:31:41.0189 1664        vga - ok
19:31:41.0236 1664        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:31:41.0282 1664        VgaSave - ok
19:31:41.0345 1664        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:31:41.0361 1664        viaide - ok
19:31:41.0407 1664        volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:31:41.0423 1664        volmgr - ok
19:31:41.0470 1664        volmgrx        (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:31:41.0501 1664        volmgrx - ok
19:31:42.0439 1664        volsnap        (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:31:42.0470 1664        volsnap - ok
19:31:43.0048 1664        vpnagent        (5ea22cb6b100212837a97f281edb3c47) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
19:31:43.0079 1664        vpnagent - ok
19:31:43.0204 1664        vpnva          (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys
19:31:43.0236 1664        vpnva - ok
19:31:43.0267 1664        vsmraid        (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:31:43.0282 1664        vsmraid - ok
19:31:48.0095 1664        VSS            (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
19:31:48.0204 1664        VSS - ok
19:31:49.0142 1664        W32Time        (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
19:31:49.0204 1664        W32Time - ok
19:31:49.0423 1664        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:31:49.0486 1664        WacomPen - ok
19:31:49.0532 1664        Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:31:49.0579 1664        Wanarp - ok
19:31:49.0579 1664        Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:31:49.0611 1664        Wanarpv6 - ok
19:31:51.0079 1664        wbengine        (48eee289df9e4989128b2283f3eeacc6) C:\Windows\system32\wbengine.exe
19:31:51.0142 1664        wbengine - ok
19:31:52.0048 1664        wcncsvc        (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
19:31:52.0095 1664        wcncsvc - ok
19:31:52.0126 1664        WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
19:31:52.0173 1664        WcsPlugInService - ok
19:31:52.0517 1664        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:31:52.0532 1664        Wd - ok
19:31:54.0064 1664        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:31:54.0111 1664        Wdf01000 - ok
19:31:54.0376 1664        WdiServiceHost  (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:31:54.0454 1664        WdiServiceHost - ok
19:31:54.0454 1664        WdiSystemHost  (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:31:54.0486 1664        WdiSystemHost - ok
19:31:54.0532 1664        WebClient      (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
19:31:54.0564 1664        WebClient - ok
19:31:55.0048 1664        Wecsvc          (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
19:31:55.0095 1664        Wecsvc - ok
19:31:55.0329 1664        wercplsupport  (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
19:31:55.0407 1664        wercplsupport - ok
19:31:55.0579 1664        WerSvc          (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
19:31:55.0642 1664        WerSvc - ok
19:31:55.0642 1664        WinHttpAutoProxySvc - ok
19:31:56.0814 1664        Winmgmt        (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
19:31:56.0892 1664        Winmgmt - ok
19:31:59.0486 1664        WinRM          (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
19:31:59.0611 1664        WinRM - ok
19:32:01.0220 1664        Wlansvc        (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
19:32:01.0267 1664        Wlansvc - ok
19:32:01.0611 1664        WmiAcpi        (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:32:01.0657 1664        WmiAcpi - ok
19:32:02.0064 1664        wmiApSrv        (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
19:32:02.0111 1664        wmiApSrv - ok
19:32:02.0157 1664        WMPNetworkSvc - ok
19:32:02.0782 1664        WPCSvc          (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
19:32:02.0829 1664        WPCSvc - ok
19:32:02.0877 1664        WPDBusEnum      (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
19:32:02.0940 1664        WPDBusEnum - ok
19:32:03.0049 1664        WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:32:03.0065 1664        WpdUsb - ok
19:32:06.0065 1664        WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:32:06.0127 1664        WPFFontCache_v0400 - ok
19:32:06.0174 1664        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:32:06.0221 1664        ws2ifsl - ok
19:32:06.0237 1664        WSearch - ok
19:32:06.0596 1664        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:32:06.0643 1664        WUDFRd - ok
19:32:06.0674 1664        wudfsvc        (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
19:32:06.0721 1664        wudfsvc - ok
19:32:06.0768 1664        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:32:08.0065 1664        \Device\Harddisk0\DR0 - ok
19:32:08.0080 1664        Boot (0x1200)  (37a339b461cb30f0a5ddef20e1e4e0eb) \Device\Harddisk0\DR0\Partition0
19:32:08.0112 1664        \Device\Harddisk0\DR0\Partition0 - ok
19:32:08.0143 1664        Boot (0x1200)  (b3ebdd0f2bc4c1a3b99e232d07edcb3d) \Device\Harddisk0\DR0\Partition1
19:32:08.0158 1664        \Device\Harddisk0\DR0\Partition1 - ok
19:32:08.0174 1664        Boot (0x1200)  (5b71a2e3e44e129c3a035332fec3caf4) \Device\Harddisk0\DR0\Partition2
19:32:08.0205 1664        \Device\Harddisk0\DR0\Partition2 - ok
19:32:08.0205 1664        ============================================================
19:32:08.0205 1664        Scan finished
19:32:08.0205 1664        ============================================================
19:32:08.0221 4792        Detected object count: 1
19:32:08.0221 4792        Actual detected object count: 1
19:32:43.0373 4792        MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:43.0373 4792        MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
zur Info: mein malwarebytes "schreit" seit gestern abend nicht mehr...

kurze Frage noch: wäer es eigetnlich möglich ,dass man mails versendet, die mich als absender abzeigen, obowhl mein acc gar nicht verwendet wurde ? (hieße das, den "head" zu manipulieren? )

viele grüße

cosinus 09.08.2012 13:32
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

KurosakiIchi 09.08.2012 16:40
ein ding hat er wohl gefunden...


Combofix Logfile:
Code:
ComboFix 12-08-09.01 - Thomas 09.08.2012  16:44:15.1.2 - x64
Microsoft® Windows Vista™ Ultimate  6.0.6002.2.1252.43.1031.18.3263.1908 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-09 bis 2012-08-09  ))))))))))))))))))))))))))))))
.
.
2012-08-09 15:20 . 2012-08-09 15:20        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-08 16:31 . 2009-05-18 11:17        34152        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-08 16:31 . 2008-04-17 10:12        126312        ----a-w-        c:\windows\system32\GEARAspi64.dll
2012-08-08 16:31 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2012-08-08 16:30 . 2012-08-08 16:30        --------        d-----w-        c:\program files\iPod
2012-08-08 16:30 . 2012-08-08 16:30        --------        d-----w-        c:\program files\iTunes
2012-08-08 16:30 . 2012-08-08 16:30        --------        d-----w-        c:\program files (x86)\iTunes
2012-08-08 16:29 . 2012-08-08 16:29        --------        d-----w-        c:\program files (x86)\Apple Software Update
2012-08-08 16:27 . 2012-08-08 16:28        --------        d-----w-        c:\windows\LastGood.Tmp
2012-08-08 16:27 . 2012-08-08 16:27        --------        d-----w-        c:\program files\Common Files\Apple
2012-08-08 16:26 . 2012-08-08 16:26        --------        d-----w-        c:\program files\Bonjour
2012-08-08 16:26 . 2012-08-08 16:26        --------        d-----w-        c:\program files (x86)\Bonjour
2012-08-08 16:26 . 2012-08-08 16:30        --------        d-----w-        c:\program files (x86)\Common Files\Apple
2012-08-07 07:16 . 2012-08-07 07:16        --------        d-----w-        C:\_OTL
2012-08-04 10:20 . 2012-08-04 10:20        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2012-07-31 09:16 . 2012-07-31 09:16        --------        d-----w-        c:\program files (x86)\ESET
2012-07-31 01:26 . 2012-07-31 01:26        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-31 01:26 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-31 01:18 . 2011-05-12 12:05        18816        ------w-        c:\windows\SysWow64\SAVRKBootTasks.sys
2012-07-30 20:28 . 2011-05-12 12:03        6144        ----a-w-        c:\windows\system32\9C32.tmp
2012-07-30 20:27 . 2011-05-12 12:03        6144        ----a-w-        c:\windows\system32\52F8.tmp
2012-07-30 20:27 . 2012-07-30 20:27        --------        d-----w-        c:\program files (x86)\Sophos
2012-07-21 11:34 . 2012-06-29 10:04        9133488        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{732E4FBC-E4ED-454D-B042-A5683AD6D3DE}\mpengine.dll
2012-07-12 01:01 . 2012-06-02 12:07        887296        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 01:01 . 2012-06-02 12:06        499200        ----a-w-        c:\program files\Internet Explorer\jsdbgui.dll
2012-07-12 01:01 . 2012-06-02 08:27        678912        ----a-w-        c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-12 01:01 . 2012-06-02 08:26        387584        ----a-w-        c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-12 01:01 . 2012-06-02 12:49        17807360        ----a-w-        c:\windows\system32\mshtml.dll
2012-07-12 01:01 . 2012-06-02 12:17        10924032        ----a-w-        c:\windows\system32\ieframe.dll
2012-07-12 01:01 . 2012-06-13 13:58        2769408        ----a-w-        c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 14:58 . 2012-07-01 09:07        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 14:58 . 2012-02-29 08:32        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:04 . 2006-11-02 12:35        59701280        ----a-w-        c:\windows\system32\mrt.exe
2012-06-30 14:52 . 2012-06-30 14:52        30208        ----a-w-        c:\windows\system32\drivers\AegisP.sys
2012-06-02 22:19 . 2012-06-30 15:22        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-30 15:23        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-30 15:23        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-30 15:23        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-30 15:22        35864        ----a-w-        c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-30 15:22        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-30 15:22        577048        ----a-w-        c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-30 15:23        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-30 15:22        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-30 15:22        88576        ----a-w-        c:\windows\SysWow64\wudriver.dll
2012-06-02 13:19 . 2012-06-30 15:22        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-30 15:22        171904        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-30 15:22        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-30 15:22        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2012-05-31 10:25 . 2009-10-03 12:39        279656        ------w-        c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . B8844F93D2C5F1DCDB179AAA9AF134B7 . 381952 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F5D8053\Belkinwcui.exe [2007-9-17 1732608]
Logitech SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-6-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 14:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.telekom.at
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\kv5mvy10.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\9C32.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-09  17:30:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-09 15:30
.
Vor Suchlauf: 11 Verzeichnis(se), 23.991.259.136 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 23.772.803.072 Bytes frei
.
- - End Of File - - 27030DE42F5F0881613A21F76136D78B
--- --- ---
viele grüße
tom

cosinus 10.08.2012 19:33
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
File::
c:\windows\system32\9C32.tmp
c:\windows\system32\52F8.tmp
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

KurosakiIchi 10.08.2012 21:03
er hat nun die zwei von dir in der codebox geposteten dateien gelöscht ; ich war ne zeitlang nicht am pc und er hat den neustart damach selbständig durchgeführt...

anbei nun das ComboFix Logfile:

Code:
ComboFix 12-08-09.01 - Thomas 10.08.2012  21:07:03.2.2 - x64
Microsoft® Windows Vista™ Ultimate  6.0.6002.2.1252.43.1031.18.3263.1996 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Thomas\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\52F8.tmp"
"c:\windows\system32\9C32.tmp"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\52F8.tmp
c:\windows\system32\9C32.tmp
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MEMSWEEP2
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-10 bis 2012-08-10  ))))))))))))))))))))))))))))))
.
.
2012-08-10 19:48 . 2012-08-10 19:48        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-09 18:58 . 2012-08-09 18:58        --------        d-----w-        c:\program files (x86)\Microsoft
2012-08-08 16:31 . 2009-05-18 11:17        34152        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-08 16:31 . 2008-04-17 10:12        126312        ----a-w-        c:\windows\system32\GEARAspi64.dll
2012-08-08 16:31 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2012-08-08 16:30 . 2012-08-08 16:30        --------        d-----w-        c:\program files\iPod
2012-08-08 16:30 . 2012-08-08 16:30        --------        d-----w-        c:\program files\iTunes
2012-08-08 16:30 . 2012-08-08 16:30        --------        d-----w-        c:\program files (x86)\iTunes
2012-08-08 16:29 . 2012-08-08 16:29        --------        d-----w-        c:\program files (x86)\Apple Software Update
2012-08-08 16:27 . 2012-08-08 16:27        --------        d-----w-        c:\program files\Common Files\Apple
2012-08-08 16:26 . 2012-08-08 16:26        --------        d-----w-        c:\program files\Bonjour
2012-08-08 16:26 . 2012-08-08 16:26        --------        d-----w-        c:\program files (x86)\Bonjour
2012-08-08 16:26 . 2012-08-08 16:30        --------        d-----w-        c:\program files (x86)\Common Files\Apple
2012-08-07 07:16 . 2012-08-07 07:16        --------        d-----w-        C:\_OTL
2012-08-04 10:20 . 2012-08-04 10:20        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2012-07-31 09:16 . 2012-07-31 09:16        --------        d-----w-        c:\program files (x86)\ESET
2012-07-31 01:26 . 2012-07-31 01:26        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-31 01:26 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-31 01:18 . 2011-05-12 12:05        18816        ------w-        c:\windows\SysWow64\SAVRKBootTasks.sys
2012-07-30 20:27 . 2012-07-30 20:27        --------        d-----w-        c:\program files (x86)\Sophos
2012-07-21 11:34 . 2012-06-29 10:04        9133488        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{732E4FBC-E4ED-454D-B042-A5683AD6D3DE}\mpengine.dll
2012-07-12 01:01 . 2012-06-02 12:07        887296        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 01:01 . 2012-06-02 12:06        499200        ----a-w-        c:\program files\Internet Explorer\jsdbgui.dll
2012-07-12 01:01 . 2012-06-02 08:27        678912        ----a-w-        c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-12 01:01 . 2012-06-02 08:26        387584        ----a-w-        c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-12 01:01 . 2012-06-02 12:49        17807360        ----a-w-        c:\windows\system32\mshtml.dll
2012-07-12 01:01 . 2012-06-02 12:17        10924032        ----a-w-        c:\windows\system32\ieframe.dll
2012-07-12 01:01 . 2012-06-13 13:58        2769408        ----a-w-        c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 14:58 . 2012-07-01 09:07        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 14:58 . 2012-02-29 08:32        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:04 . 2006-11-02 12:35        59701280        ----a-w-        c:\windows\system32\mrt.exe
2012-06-30 14:52 . 2012-06-30 14:52        30208        ----a-w-        c:\windows\system32\drivers\AegisP.sys
2012-06-02 22:19 . 2012-06-30 15:22        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-30 15:23        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-30 15:23        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-30 15:23        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-30 15:22        35864        ----a-w-        c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-30 15:22        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-30 15:22        577048        ----a-w-        c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-30 15:23        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-30 15:22        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-30 15:22        88576        ----a-w-        c:\windows\SysWow64\wudriver.dll
2012-06-02 13:19 . 2012-06-30 15:22        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-30 15:22        171904        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-30 15:22        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-30 15:22        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2012-05-31 10:25 . 2009-10-03 12:39        279656        ------w-        c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . B8844F93D2C5F1DCDB179AAA9AF134B7 . 381952 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((((  SnapShot@2012-08-09_15.23.17  )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:09 . 2012-08-10 18:20        50578              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:44 . 2012-08-10 19:52        91776              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-10 18:04 . 2012-08-10 19:52        14394              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4234183825-735942597-2788852999-1000_UserData.bin
+ 2012-08-10 19:50 . 2012-08-10 19:50        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-09 15:22 . 2012-08-09 15:22        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-09 15:22 . 2012-08-09 15:22        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-10 19:50 . 2012-08-10 19:50        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2012-08-08 19:11        600532              c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-10 18:25        600532              c:\windows\system32\perfh009.dat
- 2008-01-21 10:46 . 2012-08-08 19:11        643898              c:\windows\system32\perfh007.dat
+ 2008-01-21 10:46 . 2012-08-10 18:25        643898              c:\windows\system32\perfh007.dat
+ 2006-11-02 12:46 . 2012-08-10 18:25        108414              c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-08-08 19:11        108414              c:\windows\system32\perfc009.dat
- 2008-01-21 10:46 . 2012-08-08 19:11        131214              c:\windows\system32\perfc007.dat
+ 2008-01-21 10:46 . 2012-08-10 18:25        131214              c:\windows\system32\perfc007.dat
- 2012-02-15 12:13 . 2012-08-09 15:21        369012              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-15 12:13 . 2012-08-10 19:48        369012              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-09 18:58 . 2012-08-09 18:58        553472              c:\windows\Installer\c71b86.msi
+ 2012-03-09 22:57 . 2012-08-10 19:49        5257400              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4234183825-735942597-2788852999-1000-4096.dat
- 2012-03-09 22:57 . 2012-08-09 15:21        5257400              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4234183825-735942597-2788852999-1000-4096.dat
+ 2012-02-15 12:13 . 2012-08-10 19:49        33626048              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4234183825-735942597-2788852999-1000-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F5D8053\Belkinwcui.exe [2007-9-17 1732608]
Logitech SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-6-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 14:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"combofix"="c:\combofix\CF3540.3XE" [2008-01-21 363008]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.telekom.at
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\kv5mvy10.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-10  21:58:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-10 19:58
ComboFix2.txt  2012-08-09 15:30
.
Vor Suchlauf: 16 Verzeichnis(se), 23.391.744.000 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 22.793.711.616 Bytes frei
.
- - End Of File - - B334AA31FE590A0596E77C9B7F6D01E0
--- --- ---


viele grüße

cosinus 11.08.2012 16:35
Hm, deine services.exe ist leider immer noch infiziert.
Mach mal bitte innerhalb des Windows-Ordners eine Suche nach services.exe - poste bitte die Ergebnisse

KurosakiIchi 11.08.2012 19:03
Liste der Anhänge anzeigen (Anzahl: 1)
ich weiß leider nicht genau, wie du das jetzt meinst...

habe im windows ordner im explorer nach "services.exe" im suchfeld gesucht die gefundenen Dateien als screenshot angehängt.

Hoffe, dass dir das auch etwas bringt!?
soll ich probieren etwaige dateien manuell zu löschen?

Viele Grüße

cosinus 11.08.2012 20:27
Das ist schon ok so. Normalweise zeigen mir die Logs von CF oder OTL noch andere Orte von Backups dieser Datei an, aber in deinem Fall leider nicht :(
Normalerweise hätte CF auch diese Datei automatisch durch eine intakte Kopie ersetzt...

Lad mir mal bitte die letzte Datei services aus der Sicht deines Screenshots (direkt die vor services.exe.mui) bitte bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html

KurosakiIchi 12.08.2012 10:05
Grüß dich!

Also ich habe nun nach deiner Anleitung "services.exe" hochgeladen, diejenige, die auf dem screenshot direkt vor der "services.exe.mui" war, sowie die system32 Datei!

Viele Grüße
tom

cosinus 12.08.2012 14:00
Ok, gut :)

Die Datei, du du in services.exe_3 umbenannt hast, bitte mal nach c:\cosinus kopieren
Den Ordner cosinus auf c: musst du neu anlegen :)

Dann gehts so weiter:

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
FCopy::
c:\cosinus\services.exe_3 | c:\windows\system32\services.exe
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

KurosakiIchi 12.08.2012 14:31
sorry, ich hätte zwei fragen:

1. ich war so dumm und habe mir nicht genau notiert , welche die dritte von mir hochgeladene datei war . eine hatte ich aus dem "system32" ordner genommen und zwei aus dem "winsxs" -- einmal aus dem unterordner "amd64" , einmal aus dem "x86". Kannst du mir da weiterhelfen, welche in den /cosinus gehört? :)

2. bei dem von dir in der gelben codebox geposteten "FCopy" hast du "service.exe_3" ohne "s" geschrieben... soll ich das so übernehmen , oder war das ein tippfehler?

vielen dank für deine zeit an der stelle auch mal :P

cosinus 13.08.2012 14:07
Danke für die Hinweise, das fehlende S hab ich hineineditiert ins Script
Welche Datei aus welchem Ordner das ist weiß ich so auch nicht, aber die Datei die ich meine hat als einzige eine Größe von 384.512 Bytes, sollte die Größte von den dreien sein, die anderen haben nur eine Größe von 279.552 Bytes

KurosakiIchi 14.08.2012 08:29
danke für die info, mit der dateigröße habe ichs finden können!

ich glaube aber, dass die "services.exe" leider noch im eimer ist. hier das Combofix Logfile:
(edit: sehe gerade,dass ich das ganze auf auf c/porgramme/cosinus statt c/cosinus durchgeführt habe... das sollte aber kein prob sein oder?)
Code:
ComboFix 12-08-13.01 - Thomas 14.08.2012  8:23.3.2 - x64
Microsoft® Windows Vista™ Ultimate  6.0.6002.2.1252.43.1031.18.3263.1816 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Thomas\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-14 bis 2012-08-14  ))))))))))))))))))))))))))))))
.
.
2012-08-14 07:09 . 2012-08-14 07:09        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-14 06:17 . 2012-08-14 06:18        --------        d-----w-        C:\Cosinus
2012-08-09 18:58 . 2012-08-09 18:58        --------        d-----w-        c:\program files (x86)\Microsoft
2012-08-08 16:31 . 2009-05-18 11:17        34152        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-08 16:31 . 2008-04-17 10:12        126312        ----a-w-        c:\windows\system32\GEARAspi64.dll
2012-08-08 16:31 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2012-08-08 16:30 . 2012-08-08 16:30        --------        d-----w-        c:\program files\iPod
2012-08-08 16:30 . 2012-08-08 16:30        --------        d-----w-        c:\program files\iTunes
2012-08-08 16:30 . 2012-08-08 16:30        --------        d-----w-        c:\program files (x86)\iTunes
2012-08-08 16:29 . 2012-08-08 16:29        --------        d-----w-        c:\program files (x86)\Apple Software Update
2012-08-08 16:27 . 2012-08-08 16:27        --------        d-----w-        c:\program files\Common Files\Apple
2012-08-08 16:26 . 2012-08-08 16:26        --------        d-----w-        c:\program files\Bonjour
2012-08-08 16:26 . 2012-08-08 16:26        --------        d-----w-        c:\program files (x86)\Bonjour
2012-08-08 16:26 . 2012-08-08 16:30        --------        d-----w-        c:\program files (x86)\Common Files\Apple
2012-08-07 07:16 . 2012-08-07 07:16        --------        d-----w-        C:\_OTL
2012-08-04 10:20 . 2012-08-04 10:20        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2012-07-31 09:16 . 2012-07-31 09:16        --------        d-----w-        c:\program files (x86)\ESET
2012-07-31 01:26 . 2012-07-31 01:26        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-31 01:26 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-31 01:18 . 2011-05-12 12:05        18816        ------w-        c:\windows\SysWow64\SAVRKBootTasks.sys
2012-07-30 20:27 . 2012-07-30 20:27        --------        d-----w-        c:\program files (x86)\Sophos
2012-07-21 11:34 . 2012-06-29 10:04        9133488        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{732E4FBC-E4ED-454D-B042-A5683AD6D3DE}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 14:58 . 2012-07-01 09:07        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 14:58 . 2012-02-29 08:32        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:04 . 2006-11-02 12:35        59701280        ----a-w-        c:\windows\system32\mrt.exe
2012-06-30 14:52 . 2012-06-30 14:52        30208        ----a-w-        c:\windows\system32\drivers\AegisP.sys
2012-06-13 13:58 . 2012-07-12 01:01        2769408        ----a-w-        c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 20:11        12899840        ----a-w-        c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 20:11        1401856        ----a-w-        c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 20:11        1248768        ----a-w-        c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 20:11        1797120        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 20:11        1869824        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 20:11        516480        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-30 15:22        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-30 15:23        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-30 15:23        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-30 15:23        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-30 15:22        35864        ----a-w-        c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-30 15:22        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-30 15:22        577048        ----a-w-        c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-30 15:23        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-30 15:22        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-30 15:22        88576        ----a-w-        c:\windows\SysWow64\wudriver.dll
2012-06-02 13:19 . 2012-06-30 15:22        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-30 15:22        171904        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-30 15:22        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-30 15:22        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2012-06-02 12:49 . 2012-07-12 01:01        17807360        ----a-w-        c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 01:01        10924032        ----a-w-        c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 01:02        2311680        ----a-w-        c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 01:02        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 01:02        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 01:02        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 01:02        237056        ----a-w-        c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 01:02        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 01:02        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 01:02        818688        ----a-w-        c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 01:02        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 01:02        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 01:02        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 01:02        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 01:02        1800192        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 01:02        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 01:02        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 01:02        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 01:02        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-06-02 00:22 . 2012-07-11 20:11        347136        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 20:11        254464        ----a-w-        c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 20:11        77312        ----a-w-        c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 20:11        278528        ----a-w-        c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 20:11        204288        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2012-05-31 10:25 . 2009-10-03 12:39        279656        ------w-        c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[-] 2009-04-11 . B8844F93D2C5F1DCDB179AAA9AF134B7 . 381952 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((((  SnapShot@2012-08-09_15.23.17  )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:09 . 2012-08-13 20:16        50602              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:44 . 2012-08-13 20:16        91904              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-10 18:04 . 2012-08-13 20:17        14410              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4234183825-735942597-2788852999-1000_UserData.bin
+ 2012-08-13 20:15 . 2012-08-13 20:15        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-09 15:22 . 2012-08-09 15:22        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-13 20:15 . 2012-08-13 20:15        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-09 15:22 . 2012-08-09 15:22        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2012-08-13 20:21        600532              c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-08-08 19:11        600532              c:\windows\system32\perfh009.dat
- 2008-01-21 10:46 . 2012-08-08 19:11        643898              c:\windows\system32\perfh007.dat
+ 2008-01-21 10:46 . 2012-08-13 20:21        643898              c:\windows\system32\perfh007.dat
+ 2006-11-02 12:46 . 2012-08-13 20:21        108414              c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-08-08 19:11        108414              c:\windows\system32\perfc009.dat
- 2008-01-21 10:46 . 2012-08-08 19:11        131214              c:\windows\system32\perfc007.dat
+ 2008-01-21 10:46 . 2012-08-13 20:21        131214              c:\windows\system32\perfc007.dat
- 2012-02-15 12:13 . 2012-08-09 15:21        369012              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-15 12:13 . 2012-08-13 18:33        369012              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-09 18:58 . 2012-08-09 18:58        553472              c:\windows\Installer\c71b86.msi
+ 2012-03-09 22:57 . 2012-08-13 18:33        5571500              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4234183825-735942597-2788852999-1000-4096.dat
+ 2012-02-15 12:13 . 2012-08-13 18:33        34724232              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4234183825-735942597-2788852999-1000-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F5D8053\Belkinwcui.exe [2007-9-17 1732608]
Logitech SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-6-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 14:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\kv5mvy10.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2012-08-14  09:12:06
ComboFix-quarantined-files.txt  2012-08-14 07:12
ComboFix2.txt  2012-08-10 19:58
ComboFix3.txt  2012-08-09 15:30
.
Vor Suchlauf: 16 Verzeichnis(se), 26.452.623.360 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 26.301.489.152 Bytes frei
.
- - End Of File - - 578B3518D70C776F4E21DDA132360A29
--- --- ---

viele grüße
tom

cosinus 14.08.2012 15:47
Doch das ist ein Problem!
Die echte services.exe muss CF auch finden können, du kannst da nicht irgendeinen Pfad angeben!
CF wird mit dem Script angewiesen die services.exe_3 nach c:\windows\system zu kopieren, wenn die Datei dort nicht liegt, dann wird sich auch nichts an deinem System verändern!

Bitte mach es doch einfach genau so wie ich geschrieben habe :(


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:24 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19