| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Check Virus + Gema Trojaner eingefangen...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.03.2012, 19:00
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  System Check Virus + Gema Trojaner eingefangen... Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{4031213B-2279-418F-81C5-A2F5CE04EF46}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{2781380E-042A-48DC-ADCD-24554EC175A9}: "URL" = http://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}: "URL" = http://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{79817182-B2D0-41A4-AF82-743AE2044FD5}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{A335781F-692C-42E6-ADB2-1292F66B8D62}: "URL" = http://go.web.de/tb2/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}: "URL" = http://go.web.de/tb/ie_ebay_sp/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{E5E01A93-5788-418C-ABD4-A269D2DC0631}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{F6F847D7-BB45-4F75-A366-F6183FA44994}: "URL" = http://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms}
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell - "" = AutoRun
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2012.03.19 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.18 18:23:54 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.03.17 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.17 21:12:40 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\kock
[2012.03.15 03:36:57 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\gema
[2012.03.15 03:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\gema
[2012.03.24 18:11:59 | 000,000,618 | ---- | M] () -- C:\Users\Jo\Desktop\Die Ordnungszahl 681 wurde in der DLL iertutil.dll nicht gefunden. Windows XP Forum.website
[2012.03.19 23:43:51 | 000,000,456 | ---- | M] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,264 | ---- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | ---- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.03.2012, 19:11
| #17 |
 | System Check Virus + Gema Trojaner eingefangen...Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4031213B-2279-418F-81C5-A2F5CE04EF46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4031213B-2279-418F-81C5-A2F5CE04EF46}\ not found.
HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2781380E-042A-48DC-ADCD-24554EC175A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781380E-042A-48DC-ADCD-24554EC175A9}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{79817182-B2D0-41A4-AF82-743AE2044FD5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79817182-B2D0-41A4-AF82-743AE2044FD5}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A335781F-692C-42E6-ADB2-1292F66B8D62}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A335781F-692C-42E6-ADB2-1292F66B8D62}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E5E01A93-5788-418C-ABD4-A269D2DC0631}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5E01A93-5788-418C-ABD4-A269D2DC0631}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F6F847D7-BB45-4F75-A366-F6183FA44994}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6F847D7-BB45-4F75-A366-F6183FA44994}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
C:\Programme\vShare\vshare_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\ not found.
File E:\AutoRun.exe not found.
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\Users\Jo\AppData\Roaming\UAs folder moved successfully.
C:\Users\Jo\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Jo\AppData\Roaming\kock folder moved successfully.
C:\Users\Jo\AppData\Roaming\gema folder moved successfully.
C:\ProgramData\gema folder moved successfully.
C:\Users\Jo\Desktop\Die Ordnungszahl 681 wurde in der DLL iertutil.dll nicht gefunden. Windows XP Forum.website moved successfully.
C:\ProgramData\bWNUBzRXeGIbSm moved successfully.
C:\ProgramData\~bWNUBzRXeGIbSm moved successfully.
C:\ProgramData\~bWNUBzRXeGIbSmr moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jo
->Temp folder emptied: 4131071 bytes
->Temporary Internet Files folder emptied: 299512220 bytes
->Java cache emptied: 23181235 bytes
->Google Chrome cache emptied: 194260686 bytes
->Opera cache emptied: 22251184 bytes
->Flash cache emptied: 18872 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7962835 bytes
RecycleBin emptied: 1286431 bytes
Total Files Cleaned = 527,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.1 log created on 03242012_190605
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
24.03.2012, 19:22
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Check Virus + Gema Trojaner eingefangen... Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
24.03.2012, 19:38
| #19 |
| | System Check Virus + Gema Trojaner eingefangen...Code:
ATTFilter 19:26:31.0911 3704 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
19:26:33.0939 3704 ============================================================
19:26:33.0939 3704 Current date / time: 2012/03/24 19:26:33.0939
19:26:33.0939 3704 SystemInfo:
19:26:33.0939 3704
19:26:33.0939 3704 OS Version: 6.1.7601 ServicePack: 1.0
19:26:33.0939 3704 Product type: Workstation
19:26:33.0939 3704 ComputerName: LAPTOP
19:26:33.0939 3704 UserName: Jo
19:26:33.0939 3704 Windows directory: C:\Windows
19:26:33.0939 3704 System windows directory: C:\Windows
19:26:33.0939 3704 Processor architecture: Intel x86
19:26:33.0939 3704 Number of processors: 2
19:26:33.0939 3704 Page size: 0x1000
19:26:33.0939 3704 Boot type: Normal boot
19:26:33.0939 3704 ============================================================
19:26:35.0202 3704 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:26:35.0202 3704 \Device\Harddisk0\DR0:
19:26:35.0202 3704 MBR used
19:26:35.0202 3704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
19:26:35.0202 3704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB
19:26:35.0234 3704 Initialize success
19:26:35.0249 3704 ============================================================
19:27:58.0202 5340 ============================================================
19:27:58.0202 5340 Scan started
19:27:58.0202 5340 Mode: Manual; SigCheck; TDLFS;
19:27:58.0202 5340 ============================================================
19:28:00.0386 5340 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:28:00.0511 5340 1394ohci - ok
19:28:00.0635 5340 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:28:00.0667 5340 ACPI - ok
19:28:00.0698 5340 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:28:00.0745 5340 AcpiPmi - ok
19:28:00.0901 5340 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:28:00.0916 5340 adp94xx - ok
19:28:00.0963 5340 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:28:00.0994 5340 adpahci - ok
19:28:01.0010 5340 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:28:01.0025 5340 adpu320 - ok
19:28:01.0057 5340 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:28:01.0088 5340 AeLookupSvc - ok
19:28:01.0228 5340 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:28:01.0291 5340 AFD - ok
19:28:01.0337 5340 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:28:01.0353 5340 agp440 - ok
19:28:01.0400 5340 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:28:01.0415 5340 aic78xx - ok
19:28:01.0478 5340 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:28:01.0525 5340 ALG - ok
19:28:01.0634 5340 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:28:01.0649 5340 aliide - ok
19:28:01.0696 5340 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:28:01.0712 5340 amdagp - ok
19:28:01.0727 5340 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:28:01.0743 5340 amdide - ok
19:28:01.0774 5340 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:28:01.0821 5340 AmdK8 - ok
19:28:01.0930 5340 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:28:01.0977 5340 AmdPPM - ok
19:28:02.0102 5340 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:28:02.0117 5340 amdsata - ok
19:28:02.0149 5340 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:28:02.0180 5340 amdsbs - ok
19:28:02.0211 5340 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:28:02.0227 5340 amdxata - ok
19:28:02.0398 5340 Apache2.2 (fb32f046a2578755fa0da5052c6a9cd3) C:\xammp\xampp\apache\bin\httpd.exe
19:28:02.0414 5340 Apache2.2 - ok
19:28:02.0570 5340 ApfiltrService (d7723a101c5cb4c0fa979e4dda732ec0) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:28:02.0617 5340 ApfiltrService - ok
19:28:02.0663 5340 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:28:02.0726 5340 AppID - ok
19:28:02.0819 5340 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:28:02.0897 5340 AppIDSvc - ok
19:28:02.0991 5340 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
19:28:03.0053 5340 Appinfo - ok
19:28:03.0225 5340 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:28:03.0241 5340 Apple Mobile Device - ok
19:28:03.0350 5340 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:28:03.0381 5340 arc - ok
19:28:03.0397 5340 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:28:03.0412 5340 arcsas - ok
19:28:03.0443 5340 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:28:03.0506 5340 AsyncMac - ok
19:28:03.0553 5340 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:28:03.0568 5340 atapi - ok
19:28:03.0646 5340 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:28:03.0709 5340 AudioEndpointBuilder - ok
19:28:03.0724 5340 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:28:03.0755 5340 Audiosrv - ok
19:28:03.0880 5340 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
19:28:03.0911 5340 AxInstSV - ok
19:28:03.0974 5340 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:28:04.0021 5340 b06bdrv - ok
19:28:04.0161 5340 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:28:04.0208 5340 b57nd60x - ok
19:28:04.0255 5340 BCM42RLY (eb4434444e2721d721a8ac8d5d2ad26b) C:\Windows\system32\drivers\BCM42RLY.sys
19:28:04.0270 5340 BCM42RLY - ok
19:28:04.0426 5340 BCM43XX (919832d1a7d067119cd5ee29ba76327a) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:28:04.0535 5340 BCM43XX - ok
19:28:04.0660 5340 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:28:04.0723 5340 BDESVC - ok
19:28:04.0863 5340 BecHelperService (553e94ae71d233c14a8c8b4af9286ed0) C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
19:28:04.0894 5340 BecHelperService - ok
19:28:05.0035 5340 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:28:05.0097 5340 Beep - ok
19:28:05.0222 5340 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
19:28:05.0284 5340 BFE - ok
19:28:05.0315 5340 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
19:28:05.0393 5340 BITS - ok
19:28:05.0440 5340 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:28:05.0471 5340 blbdrive - ok
19:28:05.0627 5340 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:28:05.0643 5340 Bonjour Service - ok
19:28:05.0783 5340 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:28:05.0815 5340 bowser - ok
19:28:05.0846 5340 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:28:05.0877 5340 BrFiltLo - ok
19:28:05.0908 5340 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:28:05.0939 5340 BrFiltUp - ok
19:28:05.0986 5340 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
19:28:06.0064 5340 Browser - ok
19:28:06.0189 5340 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:28:06.0236 5340 Brserid - ok
19:28:06.0267 5340 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:28:06.0298 5340 BrSerWdm - ok
19:28:06.0329 5340 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:28:06.0361 5340 BrUsbMdm - ok
19:28:06.0392 5340 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:28:06.0439 5340 BrUsbSer - ok
19:28:06.0579 5340 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
19:28:06.0657 5340 BthEnum - ok
19:28:06.0704 5340 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:28:06.0735 5340 BTHMODEM - ok
19:28:06.0891 5340 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:28:06.0922 5340 BthPan - ok
19:28:07.0109 5340 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
19:28:07.0156 5340 BTHPORT - ok
19:28:07.0281 5340 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:28:07.0343 5340 bthserv - ok
19:28:07.0406 5340 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
19:28:07.0437 5340 BTHUSB - ok
19:28:07.0484 5340 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:28:07.0546 5340 cdfs - ok
19:28:07.0687 5340 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:28:07.0733 5340 cdrom - ok
19:28:07.0843 5340 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:28:07.0905 5340 CertPropSvc - ok
19:28:07.0952 5340 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:28:07.0999 5340 circlass - ok
19:28:08.0045 5340 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:28:08.0061 5340 CLFS - ok
19:28:08.0170 5340 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:28:08.0186 5340 clr_optimization_v2.0.50727_32 - ok
19:28:08.0357 5340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:28:08.0373 5340 clr_optimization_v4.0.30319_32 - ok
19:28:08.0451 5340 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:28:08.0482 5340 CmBatt - ok
19:28:08.0513 5340 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:28:08.0529 5340 cmdide - ok
19:28:08.0576 5340 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:28:08.0607 5340 CNG - ok
19:28:08.0669 5340 CnxtHdAudService (053f7c2624d5b0ff60f1f372c4ac2fe7) C:\Windows\system32\drivers\CHDRT32.sys
19:28:08.0701 5340 CnxtHdAudService - ok
19:28:08.0810 5340 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:28:08.0825 5340 Compbatt - ok
19:28:08.0966 5340 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:28:08.0997 5340 CompositeBus - ok
19:28:09.0028 5340 COMSysApp - ok
19:28:09.0059 5340 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:28:09.0075 5340 crcdisk - ok
19:28:09.0200 5340 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
19:28:09.0247 5340 CryptSvc - ok
19:28:09.0387 5340 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
19:28:09.0418 5340 CtAudDrv - ok
19:28:09.0543 5340 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:28:09.0590 5340 CtClsFlt - ok
19:28:09.0637 5340 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:28:09.0715 5340 DcomLaunch - ok
19:28:09.0730 5340 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:28:09.0793 5340 defragsvc - ok
19:28:09.0839 5340 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:28:09.0886 5340 DfsC - ok
19:28:10.0011 5340 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
19:28:10.0042 5340 Dhcp - ok
19:28:10.0089 5340 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:28:10.0136 5340 discache - ok
19:28:10.0292 5340 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:28:10.0307 5340 Disk - ok
19:28:10.0354 5340 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
19:28:10.0401 5340 Dnscache - ok
19:28:10.0432 5340 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
19:28:10.0495 5340 dot3svc - ok
19:28:10.0541 5340 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
19:28:10.0604 5340 DPS - ok
19:28:10.0729 5340 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:28:10.0760 5340 drmkaud - ok
19:28:10.0822 5340 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:28:10.0853 5340 DXGKrnl - ok
19:28:10.0885 5340 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:28:10.0947 5340 EapHost - ok
19:28:11.0165 5340 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:28:11.0228 5340 ebdrv - ok
19:28:11.0321 5340 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
19:28:11.0353 5340 EFS - ok
19:28:11.0415 5340 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
19:28:11.0462 5340 ehRecvr - ok
19:28:11.0493 5340 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:28:11.0509 5340 ehSched - ok
19:28:11.0602 5340 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:28:11.0633 5340 elxstor - ok
19:28:11.0665 5340 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:28:11.0711 5340 ErrDev - ok
19:28:11.0758 5340 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:28:11.0805 5340 EventSystem - ok
19:28:11.0930 5340 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:28:11.0977 5340 exfat - ok
19:28:12.0008 5340 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:28:12.0039 5340 fastfat - ok
19:28:12.0164 5340 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
19:28:12.0211 5340 Fax - ok
19:28:12.0257 5340 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:28:12.0273 5340 fdc - ok
19:28:12.0367 5340 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:28:12.0429 5340 fdPHost - ok
19:28:12.0460 5340 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:28:12.0507 5340 FDResPub - ok
19:28:12.0569 5340 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:28:12.0601 5340 FileInfo - ok
19:28:12.0616 5340 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:28:12.0679 5340 Filetrace - ok
19:28:12.0710 5340 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:28:12.0741 5340 flpydisk - ok
19:28:12.0881 5340 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:28:12.0897 5340 FltMgr - ok
19:28:12.0944 5340 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
19:28:12.0991 5340 FontCache - ok
19:28:13.0084 5340 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:28:13.0100 5340 FontCache3.0.0.0 - ok
19:28:13.0225 5340 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:28:13.0240 5340 FsDepends - ok
19:28:13.0256 5340 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:28:13.0271 5340 Fs_Rec - ok
19:28:13.0318 5340 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:28:13.0349 5340 fvevol - ok
19:28:13.0474 5340 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:28:13.0490 5340 gagp30kx - ok
19:28:13.0646 5340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:28:13.0661 5340 GEARAspiWDM - ok
19:28:13.0708 5340 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
19:28:13.0786 5340 gpsvc - ok
19:28:13.0911 5340 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:28:13.0927 5340 gupdate - ok
19:28:13.0958 5340 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:28:13.0973 5340 gupdatem - ok
19:28:14.0098 5340 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:28:14.0145 5340 hcw85cir - ok
19:28:14.0285 5340 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:28:14.0332 5340 HDAudBus - ok
19:28:14.0379 5340 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:28:14.0426 5340 HidBatt - ok
19:28:14.0457 5340 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:28:14.0504 5340 HidBth - ok
19:28:14.0535 5340 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:28:14.0566 5340 HidIr - ok
19:28:14.0597 5340 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
19:28:14.0660 5340 hidserv - ok
19:28:14.0816 5340 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:28:14.0847 5340 HidUsb - ok
19:28:14.0878 5340 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
19:28:14.0925 5340 hkmsvc - ok
19:28:14.0956 5340 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
19:28:15.0003 5340 HomeGroupListener - ok
19:28:15.0050 5340 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
19:28:15.0112 5340 HomeGroupProvider - ok
19:28:15.0253 5340 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:28:15.0268 5340 HpSAMD - ok
19:28:15.0315 5340 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
19:28:15.0346 5340 HsfXAudioService - ok
19:28:15.0502 5340 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:28:15.0580 5340 HSF_DPV - ok
19:28:15.0705 5340 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:28:15.0736 5340 HSXHWAZL - ok
19:28:15.0877 5340 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:28:15.0923 5340 HTTP - ok
19:28:15.0955 5340 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:28:15.0986 5340 hwpolicy - ok
19:28:16.0033 5340 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:28:16.0064 5340 i8042prt - ok
19:28:16.0220 5340 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:28:16.0235 5340 iaStorV - ok
19:28:16.0376 5340 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:28:16.0391 5340 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:28:16.0391 5340 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:28:16.0547 5340 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:28:16.0579 5340 idsvc - ok
19:28:16.0875 5340 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:28:17.0156 5340 igfx - ok
19:28:17.0281 5340 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:28:17.0296 5340 iirsp - ok
19:28:17.0374 5340 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
19:28:17.0452 5340 IKEEXT - ok
19:28:17.0593 5340 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:28:17.0608 5340 intelide - ok
19:28:17.0655 5340 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:28:17.0671 5340 intelppm - ok
19:28:17.0702 5340 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:28:17.0764 5340 IPBusEnum - ok
19:28:17.0827 5340 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:28:17.0889 5340 IpFilterDriver - ok
19:28:17.0967 5340 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
19:28:18.0029 5340 iphlpsvc - ok
19:28:18.0092 5340 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:28:18.0123 5340 IPMIDRV - ok
19:28:18.0170 5340 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:28:18.0232 5340 IPNAT - ok
19:28:18.0357 5340 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
19:28:18.0404 5340 iPod Service - ok
19:28:18.0529 5340 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:28:18.0560 5340 IRENUM - ok
19:28:18.0607 5340 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:28:18.0622 5340 isapnp - ok
19:28:18.0669 5340 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:28:18.0685 5340 iScsiPrt - ok
19:28:18.0747 5340 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:28:18.0763 5340 kbdclass - ok
19:28:18.0809 5340 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:28:18.0841 5340 kbdhid - ok
19:28:18.0872 5340 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:28:18.0903 5340 KeyIso - ok
19:28:18.0919 5340 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:28:18.0934 5340 KSecDD - ok
19:28:18.0950 5340 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:28:18.0981 5340 KSecPkg - ok
19:28:19.0012 5340 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:28:19.0075 5340 KtmRm - ok
19:28:19.0137 5340 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
19:28:19.0200 5340 LanmanServer - ok
19:28:19.0247 5340 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
19:28:19.0310 5340 LanmanWorkstation - ok
19:28:19.0450 5340 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:28:19.0512 5340 lltdio - ok
19:28:19.0559 5340 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:28:19.0606 5340 lltdsvc - ok
19:28:19.0637 5340 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:28:19.0684 5340 lmhosts - ok
19:28:19.0746 5340 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:28:19.0778 5340 LSI_FC - ok
19:28:19.0793 5340 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:28:19.0809 5340 LSI_SAS - ok
19:28:19.0824 5340 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:28:19.0824 5340 LSI_SAS2 - ok
19:28:19.0840 5340 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:28:19.0856 5340 LSI_SCSI - ok
19:28:19.0871 5340 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:28:19.0902 5340 luafv - ok
19:28:20.0043 5340 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
19:28:20.0074 5340 massfilter - ok
19:28:20.0199 5340 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:28:20.0214 5340 MBAMProtector - ok
19:28:20.0339 5340 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:28:20.0370 5340 MBAMService - ok
19:28:20.0495 5340 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:28:20.0511 5340 McComponentHostService - ok
19:28:20.0620 5340 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
19:28:20.0651 5340 Mcx2Svc - ok
19:28:20.0698 5340 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:28:20.0729 5340 mdmxsdk - ok
19:28:20.0838 5340 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\Windows\system32\drivers\mdvrmng.sys
19:28:20.0854 5340 mdvrmng ( UnsignedFile.Multi.Generic ) - warning
19:28:20.0854 5340 mdvrmng - detected UnsignedFile.Multi.Generic (1)
19:28:20.0901 5340 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:28:20.0916 5340 megasas - ok
19:28:21.0057 5340 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:28:21.0088 5340 MegaSR - ok
19:28:21.0119 5340 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:28:21.0166 5340 MMCSS - ok
19:28:21.0228 5340 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:28:21.0275 5340 Modem - ok
19:28:21.0322 5340 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:28:21.0353 5340 monitor - ok
19:28:21.0494 5340 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:28:21.0509 5340 mouclass - ok
19:28:21.0540 5340 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:28:21.0572 5340 mouhid - ok
19:28:21.0618 5340 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:28:21.0650 5340 mountmgr - ok
19:28:21.0696 5340 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:28:21.0712 5340 mpio - ok
19:28:21.0743 5340 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:28:21.0806 5340 mpsdrv - ok
19:28:21.0899 5340 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
19:28:21.0977 5340 MpsSvc - ok
19:28:22.0024 5340 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:28:22.0086 5340 MRxDAV - ok
19:28:22.0133 5340 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:28:22.0180 5340 mrxsmb - ok
19:28:22.0227 5340 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:28:22.0258 5340 mrxsmb10 - ok
19:28:22.0289 5340 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:28:22.0336 5340 mrxsmb20 - ok
19:28:22.0445 5340 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:28:22.0461 5340 msahci - ok
19:28:22.0492 5340 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:28:22.0523 5340 msdsm - ok
19:28:22.0554 5340 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:28:22.0586 5340 MSDTC - ok
19:28:22.0648 5340 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:28:22.0695 5340 Msfs - ok
19:28:22.0710 5340 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:28:22.0726 5340 mshidkmdf - ok
19:28:22.0773 5340 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:28:22.0788 5340 msisadrv - ok
19:28:22.0851 5340 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:28:22.0913 5340 MSiSCSI - ok
19:28:22.0913 5340 msiserver - ok
19:28:22.0976 5340 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:28:23.0022 5340 MSKSSRV - ok
19:28:23.0054 5340 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:28:23.0085 5340 MSPCLOCK - ok
19:28:23.0100 5340 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:28:23.0132 5340 MSPQM - ok
19:28:23.0147 5340 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:28:23.0163 5340 MsRPC - ok
19:28:23.0194 5340 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:28:23.0225 5340 mssmbios - ok
19:28:23.0256 5340 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:28:23.0303 5340 MSTEE - ok
19:28:23.0319 5340 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:28:23.0334 5340 MTConfig - ok
19:28:23.0366 5340 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:28:23.0381 5340 Mup - ok
19:28:23.0631 5340 MySQL (21eef976d53a0bcb603abff4ab6e4c88) C:\xammp\xampp\mysql\bin\mysqld.exe
19:28:23.0740 5340 MySQL - ok
19:28:23.0849 5340 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
19:28:23.0896 5340 napagent - ok
19:28:24.0036 5340 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:28:24.0068 5340 NativeWifiP - ok
19:28:24.0130 5340 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:28:24.0161 5340 NDIS - ok
19:28:24.0286 5340 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:28:24.0364 5340 NdisCap - ok
19:28:24.0395 5340 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:28:24.0458 5340 NdisTapi - ok
19:28:24.0567 5340 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:28:24.0629 5340 Ndisuio - ok
19:28:24.0676 5340 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:28:24.0723 5340 NdisWan - ok
19:28:24.0770 5340 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:28:24.0801 5340 NDProxy - ok
19:28:24.0832 5340 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:28:24.0894 5340 NetBIOS - ok
19:28:24.0941 5340 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:28:24.0972 5340 NetBT - ok
19:28:24.0988 5340 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:28:25.0004 5340 Netlogon - ok
19:28:25.0066 5340 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:28:25.0128 5340 Netman - ok
19:28:25.0160 5340 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:28:25.0206 5340 netprofm - ok
19:28:25.0284 5340 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:28:25.0300 5340 NetTcpPortSharing - ok
19:28:25.0409 5340 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:28:25.0425 5340 nfrd960 - ok
19:28:25.0472 5340 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
19:28:25.0534 5340 NlaSvc - ok
19:28:25.0659 5340 nmwcd (e380bbcad640304737650367ddfa2366) C:\Windows\system32\drivers\nmwcd.sys
19:28:25.0706 5340 nmwcd - ok
19:28:25.0752 5340 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:28:25.0815 5340 Npfs - ok
19:28:25.0846 5340 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:28:25.0924 5340 nsi - ok
19:28:25.0986 5340 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:28:26.0033 5340 nsiproxy - ok
19:28:26.0111 5340 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:28:26.0142 5340 Ntfs - ok
19:28:26.0205 5340 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:28:26.0267 5340 Null - ok
19:28:26.0423 5340 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:28:26.0439 5340 nvraid - ok
19:28:26.0486 5340 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:28:26.0501 5340 nvstor - ok
19:28:26.0517 5340 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:28:26.0532 5340 nv_agp - ok
19:28:26.0595 5340 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:28:26.0642 5340 ohci1394 - ok
19:28:26.0688 5340 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:28:26.0735 5340 p2pimsvc - ok
19:28:26.0782 5340 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:28:26.0813 5340 p2psvc - ok
19:28:26.0876 5340 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:28:26.0907 5340 Parport - ok
19:28:26.0938 5340 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:28:26.0954 5340 partmgr - ok
19:28:26.0985 5340 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:28:27.0016 5340 Parvdm - ok
19:28:27.0063 5340 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:28:27.0094 5340 PcaSvc - ok
19:28:27.0141 5340 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:28:27.0156 5340 pci - ok
19:28:27.0188 5340 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:28:27.0188 5340 pciide - ok
19:28:27.0234 5340 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:28:27.0250 5340 pcmcia - ok
19:28:27.0281 5340 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:28:27.0281 5340 pcw - ok
19:28:27.0328 5340 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:28:27.0406 5340 PEAUTH - ok
19:28:27.0546 5340 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
19:28:27.0656 5340 pla - ok
19:28:27.0780 5340 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
19:28:27.0827 5340 PlugPlay - ok
19:28:27.0874 5340 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:28:27.0905 5340 PNRPAutoReg - ok
19:28:27.0936 5340 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:28:27.0952 5340 PNRPsvc - ok
19:28:27.0999 5340 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
19:28:28.0046 5340 PolicyAgent - ok
19:28:28.0092 5340 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
19:28:28.0139 5340 Power - ok
19:28:28.0202 5340 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:28:28.0248 5340 PptpMiniport - ok
19:28:28.0358 5340 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:28:28.0404 5340 Processor - ok
19:28:28.0451 5340 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
19:28:28.0498 5340 ProfSvc - ok
19:28:28.0514 5340 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:28:28.0529 5340 ProtectedStorage - ok
19:28:28.0607 5340 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:28:28.0654 5340 Psched - ok
19:28:28.0763 5340 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
19:28:28.0779 5340 PxHelp20 - ok
19:28:28.0841 5340 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:28:28.0888 5340 ql2300 - ok
19:28:28.0904 5340 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:28:28.0904 5340 ql40xx - ok
19:28:28.0935 5340 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:28:28.0997 5340 QWAVE - ok
19:28:29.0060 5340 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:28:29.0075 5340 QWAVEdrv - ok
19:28:29.0106 5340 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:28:29.0153 5340 RasAcd - ok
19:28:29.0216 5340 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:28:29.0262 5340 RasAgileVpn - ok
19:28:29.0356 5340 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:28:29.0403 5340 RasAuto - ok
19:28:29.0450 5340 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:28:29.0512 5340 Rasl2tp - ok
19:28:29.0606 5340 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
19:28:29.0652 5340 RasMan - ok
19:28:29.0715 5340 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:29.0746 5340 RasPppoe - ok
19:28:29.0762 5340 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:28:29.0824 5340 RasSstp - ok
19:28:29.0871 5340 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:28:29.0933 5340 rdbss - ok
19:28:29.0964 5340 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:28:29.0996 5340 rdpbus - ok
19:28:30.0042 5340 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:30.0105 5340 RDPCDD - ok
19:28:30.0214 5340 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:28:30.0276 5340 RDPENCDD - ok
19:28:30.0308 5340 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:28:30.0354 5340 RDPREFMP - ok
19:28:30.0401 5340 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
19:28:30.0432 5340 RDPWD - ok
19:28:30.0495 5340 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:28:30.0510 5340 rdyboost - ok
19:28:30.0542 5340 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:28:30.0604 5340 RemoteAccess - ok
19:28:30.0635 5340 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:28:30.0682 5340 RemoteRegistry - ok
19:28:30.0744 5340 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:28:30.0776 5340 RFCOMM - ok
19:28:30.0885 5340 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:28:30.0916 5340 rimmptsk - ok
19:28:30.0947 5340 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys
19:28:30.0978 5340 rimspci - ok
19:28:31.0010 5340 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:28:31.0041 5340 rimsptsk - ok
19:28:31.0072 5340 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys
19:28:31.0103 5340 risdpcie - ok
19:28:31.0134 5340 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:28:31.0166 5340 rismxdp - ok
19:28:31.0197 5340 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys
19:28:31.0228 5340 rixdpcie - ok
19:28:31.0275 5340 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:28:31.0306 5340 RpcEptMapper - ok
19:28:31.0337 5340 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:28:31.0368 5340 RpcLocator - ok
19:28:31.0415 5340 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:28:31.0462 5340 RpcSs - ok
19:28:31.0587 5340 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:28:31.0634 5340 rspndr - ok
19:28:31.0758 5340 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
19:28:31.0790 5340 RTL8167 - ok
19:28:31.0821 5340 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:28:31.0836 5340 SamSs - ok
19:28:31.0899 5340 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:28:31.0914 5340 sbp2port - ok
19:28:31.0961 5340 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:28:31.0992 5340 SCardSvr - ok
19:28:32.0039 5340 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:28:32.0117 5340 scfilter - ok
19:28:32.0164 5340 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
19:28:32.0242 5340 Schedule - ok
19:28:32.0273 5340 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:28:32.0304 5340 SCPolicySvc - ok
19:28:32.0336 5340 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
19:28:32.0382 5340 SDRSVC - ok
19:28:32.0429 5340 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:28:32.0492 5340 secdrv - ok
19:28:32.0585 5340 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:28:32.0648 5340 seclogon - ok
19:28:32.0679 5340 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
19:28:32.0726 5340 SENS - ok
19:28:32.0757 5340 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:28:32.0772 5340 SensrSvc - ok
19:28:32.0819 5340 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:28:32.0866 5340 Serenum - ok
19:28:32.0913 5340 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:28:32.0929 5340 Serial - ok
19:28:32.0975 5340 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:28:32.0991 5340 sermouse - ok
19:28:33.0038 5340 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
19:28:33.0085 5340 SessionEnv - ok
19:28:33.0209 5340 SfCtlCom (fc469fd4d639f5364ad2689ae3e064be) c:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
19:28:33.0225 5340 SfCtlCom - ok
19:28:33.0350 5340 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:28:33.0397 5340 sffdisk - ok
19:28:33.0412 5340 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:28:33.0459 5340 sffp_mmc - ok
19:28:33.0490 5340 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:28:33.0521 5340 sffp_sd - ok
19:28:33.0553 5340 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:28:33.0599 5340 sfloppy - ok
19:28:33.0646 5340 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
19:28:33.0724 5340 SharedAccess - ok
19:28:33.0771 5340 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
19:28:33.0818 5340 ShellHWDetection - ok
19:28:33.0880 5340 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:28:33.0896 5340 sisagp - ok
19:28:33.0943 5340 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:28:33.0958 5340 SiSRaid2 - ok
19:28:33.0974 5340 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:28:33.0989 5340 SiSRaid4 - ok
19:28:34.0005 5340 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:28:34.0036 5340 Smb - ok
19:28:34.0145 5340 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:28:34.0161 5340 SNMPTRAP - ok
19:28:34.0223 5340 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:28:34.0239 5340 spldr - ok
19:28:34.0270 5340 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
19:28:34.0317 5340 Spooler - ok
19:28:34.0442 5340 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
19:28:34.0567 5340 sppsvc - ok
19:28:34.0660 5340 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
19:28:34.0723 5340 sppuinotify - ok
19:28:34.0785 5340 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:28:34.0832 5340 srv - ok
19:28:34.0847 5340 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:28:34.0879 5340 srv2 - ok
19:28:34.0910 5340 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:28:34.0941 5340 srvnet - ok
19:28:34.0972 5340 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:28:35.0050 5340 SSDPSRV - ok
19:28:35.0066 5340 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:28:35.0097 5340 SstpSvc - ok
19:28:35.0144 5340 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:28:35.0159 5340 stexstor - ok
19:28:35.0191 5340 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
19:28:35.0237 5340 StiSvc - ok
19:28:35.0331 5340 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:28:35.0347 5340 stllssvr - ok
19:28:35.0440 5340 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:28:35.0456 5340 swenum - ok
19:28:35.0503 5340 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:28:35.0534 5340 swprv - ok
19:28:35.0612 5340 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
19:28:35.0659 5340 SysMain - ok
19:28:35.0705 5340 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
19:28:35.0768 5340 TabletInputService - ok
19:28:35.0815 5340 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
19:28:35.0877 5340 TapiSrv - ok
19:28:35.0908 5340 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:28:35.0955 5340 TBS - ok
19:28:36.0064 5340 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:28:36.0111 5340 Tcpip - ok
19:28:36.0158 5340 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:28:36.0189 5340 TCPIP6 - ok
19:28:36.0220 5340 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:28:36.0283 5340 tcpipreg - ok
19:28:36.0329 5340 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:28:36.0376 5340 TDPIPE - ok
19:28:36.0407 5340 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:28:36.0423 5340 TDTCP - ok
19:28:36.0470 5340 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:28:36.0532 5340 tdx - ok
19:28:36.0579 5340 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:28:36.0595 5340 TermDD - ok
19:28:36.0657 5340 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
19:28:36.0704 5340 TermService - ok
19:28:36.0766 5340 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:28:36.0813 5340 Themes - ok
19:28:36.0860 5340 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:28:36.0907 5340 THREADORDER - ok
19:28:36.0969 5340 tmactmon (230db9035fe3e53e98ae0762130f7f20) C:\Windows\system32\DRIVERS\tmactmon.sys
19:28:36.0985 5340 tmactmon - ok
19:28:37.0047 5340 TMBMServer (b72fdff41390262c7d2d790ec77cf416) c:\Program Files\Trend Micro\BM\TMBMSRV.exe
19:28:37.0063 5340 TMBMServer - ok
19:28:37.0156 5340 tmcomm (aa2bf2aae9abc27c7906bbe68f11d405) C:\Windows\system32\DRIVERS\tmcomm.sys
19:28:37.0187 5340 tmcomm - ok
19:28:37.0203 5340 tmevtmgr (7cebb331bcc433d75c129f03c27841b8) C:\Windows\system32\DRIVERS\tmevtmgr.sys
19:28:37.0219 5340 tmevtmgr - ok
19:28:37.0343 5340 tmlwf (fba80cd8524476214fe8ed0384766e1c) C:\Windows\system32\DRIVERS\tmlwf.sys
19:28:37.0359 5340 tmlwf - ok
19:28:37.0468 5340 TmPfw (cd32c0760e164ac6cc8ab4d9437218ac) c:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
19:28:37.0499 5340 TmPfw - ok
19:28:37.0624 5340 tmpreflt (c7c7959ec0940e0eddfc881fed8ec214) C:\Windows\system32\DRIVERS\tmpreflt.sys
19:28:37.0640 5340 tmpreflt - ok
19:28:37.0765 5340 tmproxy (dfe5f3a7ef837e117186113e63a8ff26) c:\Program Files\Trend Micro\Internet Security\TmProxy.exe
19:28:37.0780 5340 tmproxy - ok
19:28:37.0905 5340 tmtdi (1cf2f398e08592985a5bd1bbef59d043) C:\Windows\system32\DRIVERS\tmtdi.sys
19:28:37.0921 5340 tmtdi - ok
19:28:37.0967 5340 tmwfp (18a609d1dfd990336e9011b2170b7d06) C:\Windows\system32\DRIVERS\tmwfp.sys
19:28:37.0999 5340 tmwfp - ok
19:28:38.0092 5340 tmxpflt (3e615f370f0c7db414b6bcd1c18399d4) C:\Windows\system32\DRIVERS\tmxpflt.sys
19:28:38.0108 5340 tmxpflt - ok
19:28:38.0217 5340 TOSHIBA Bluetooth Service (ac88d258f20909eeb91796f490cfbb73) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:28:38.0233 5340 TOSHIBA Bluetooth Service - ok
19:28:38.0326 5340 tosporte (90afa1a4451bbbee87c9f18a665d8121) C:\Windows\system32\DRIVERS\tosporte.sys
19:28:38.0342 5340 tosporte - ok
19:28:38.0467 5340 tosrfbd (b168b345fb7073930c31e0d8b85e8353) C:\Windows\system32\DRIVERS\tosrfbd.sys
19:28:38.0482 5340 tosrfbd - ok
19:28:38.0591 5340 tosrfbnp (74392bab3f0d4810da8436ec79d6955d) C:\Windows\system32\Drivers\tosrfbnp.sys
19:28:38.0607 5340 tosrfbnp - ok
19:28:38.0732 5340 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\Windows\system32\Drivers\tosrfcom.sys
19:28:38.0732 5340 Tosrfcom - ok
19:28:38.0779 5340 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\Windows\system32\DRIVERS\Tosrfhid.sys
19:28:38.0794 5340 Tosrfhid - ok
19:28:38.0794 5340 tosrfnds (b2a1a6538245fd69578224bbf2fd4677) C:\Windows\system32\DRIVERS\tosrfnds.sys
19:28:38.0810 5340 tosrfnds - ok
19:28:38.0857 5340 Tosrfusb (97529d04178bf604c62c5be4b8bb2129) C:\Windows\system32\DRIVERS\tosrfusb.sys
19:28:38.0872 5340 Tosrfusb - ok
19:28:38.0919 5340 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:28:38.0981 5340 TrkWks - ok
19:28:39.0137 5340 TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys
19:28:39.0153 5340 TrojanKillerDriver - ok
19:28:39.0215 5340 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
19:28:39.0293 5340 TrustedInstaller - ok
19:28:39.0387 5340 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:28:39.0418 5340 tssecsrv - ok
19:28:39.0465 5340 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:28:39.0496 5340 TsUsbFlt - ok
19:28:39.0637 5340 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:28:39.0683 5340 tunnel - ok
19:28:39.0715 5340 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:28:39.0715 5340 uagp35 - ok
19:28:39.0761 5340 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:28:39.0808 5340 udfs - ok
19:28:39.0855 5340 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:28:39.0886 5340 UI0Detect - ok
19:28:39.0995 5340 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:28:40.0027 5340 uliagpkx - ok
19:28:40.0073 5340 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:28:40.0105 5340 umbus - ok
19:28:40.0136 5340 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:28:40.0183 5340 UmPass - ok
19:28:40.0229 5340 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:28:40.0276 5340 upnphost - ok
19:28:40.0354 5340 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:28:40.0385 5340 USBAAPL - ok
19:28:40.0432 5340 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:28:40.0463 5340 usbaudio - ok
19:28:40.0495 5340 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:28:40.0541 5340 usbccgp - ok
19:28:40.0588 5340 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:28:40.0635 5340 usbcir - ok
19:28:40.0666 5340 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:28:40.0682 5340 usbehci - ok
19:28:40.0713 5340 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:28:40.0775 5340 usbhub - ok
19:28:40.0791 5340 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
19:28:40.0822 5340 usbohci - ok
19:28:40.0869 5340 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:28:40.0900 5340 usbprint - ok
19:28:40.0931 5340 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:28:40.0978 5340 USBSTOR - ok
19:28:41.0009 5340 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:28:41.0025 5340 usbuhci - ok
19:28:41.0103 5340 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
19:28:41.0150 5340 usbvideo - ok
19:28:41.0181 5340 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:28:41.0243 5340 UxSms - ok
19:28:41.0259 5340 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:28:41.0275 5340 VaultSvc - ok
19:28:41.0353 5340 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:28:41.0368 5340 vdrvroot - ok
19:28:41.0415 5340 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
19:28:41.0509 5340 vds - ok
19:28:41.0633 5340 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:28:41.0649 5340 vga - ok
19:28:41.0665 5340 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:28:41.0696 5340 VgaSave - ok
19:28:41.0743 5340 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:28:41.0758 5340 vhdmp - ok
19:28:41.0805 5340 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:28:41.0821 5340 viaagp - ok
19:28:41.0852 5340 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:28:41.0883 5340 ViaC7 - ok
19:28:41.0930 5340 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:28:41.0945 5340 viaide - ok
19:28:41.0977 5340 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:28:41.0992 5340 volmgr - ok
19:28:42.0039 5340 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:28:42.0055 5340 volmgrx - ok
19:28:42.0101 5340 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:28:42.0117 5340 volsnap - ok
19:28:42.0195 5340 vsapint (60dfbc34228ca36221b03460789f5d4e) C:\Windows\system32\DRIVERS\vsapint.sys
19:28:42.0273 5340 vsapint - ok
19:28:42.0398 5340 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:28:42.0413 5340 vsmraid - ok
19:28:42.0476 5340 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
19:28:42.0569 5340 VSS - ok
19:28:42.0679 5340 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:28:42.0725 5340 vwifibus - ok
19:28:42.0835 5340 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:28:42.0866 5340 vwififlt - ok
19:28:42.0913 5340 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:28:42.0959 5340 W32Time - ok
19:28:43.0006 5340 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:28:43.0037 5340 WacomPen - ok
19:28:43.0069 5340 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:28:43.0115 5340 WANARP - ok
19:28:43.0131 5340 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:28:43.0147 5340 Wanarpv6 - ok
19:28:43.0240 5340 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
19:28:43.0303 5340 WatAdminSvc - ok
19:28:43.0365 5340 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
19:28:43.0427 5340 wbengine - ok
19:28:43.0521 5340 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:28:43.0568 5340 WbioSrvc - ok
19:28:43.0615 5340 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
19:28:43.0661 5340 wcncsvc - ok
19:28:43.0693 5340 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:28:43.0724 5340 WcsPlugInService - ok
19:28:43.0771 5340 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:28:43.0786 5340 Wd - ok
19:28:43.0817 5340 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:28:43.0833 5340 Wdf01000 - ok
19:28:43.0880 5340 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:28:43.0911 5340 WdiServiceHost - ok
19:28:43.0911 5340 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:28:43.0927 5340 WdiSystemHost - ok
19:28:43.0973 5340 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
19:28:44.0036 5340 WebClient - ok
19:28:44.0067 5340 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:28:44.0098 5340 Wecsvc - ok
19:28:44.0114 5340 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:28:44.0145 5340 wercplsupport - ok
19:28:44.0192 5340 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:28:44.0223 5340 WerSvc - ok
19:28:44.0332 5340 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:28:44.0379 5340 WfpLwf - ok
19:28:44.0410 5340 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:28:44.0426 5340 WIMMount - ok
19:28:44.0473 5340 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:28:44.0504 5340 winachsf - ok
19:28:44.0597 5340 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:28:44.0644 5340 WinDefend - ok
19:28:44.0644 5340 WinHttpAutoProxySvc - ok
19:28:44.0753 5340 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:28:44.0785 5340 Winmgmt - ok
19:28:44.0847 5340 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
19:28:44.0909 5340 WinRM - ok
19:28:45.0050 5340 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:28:45.0097 5340 WinUsb - ok
19:28:45.0143 5340 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:28:45.0221 5340 Wlansvc - ok
19:28:45.0409 5340 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:28:45.0487 5340 wlidsvc - ok
19:28:45.0518 5340 wltrysvc (3cbce0c65cc433121001c1108b511d13) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
19:28:45.0549 5340 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
19:28:45.0549 5340 wltrysvc - detected UnsignedFile.Multi.Generic (1)
19:28:45.0658 5340 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:28:45.0674 5340 WmiAcpi - ok
19:28:45.0752 5340 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:28:45.0783 5340 wmiApSrv - ok
19:28:45.0923 5340 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:28:46.0001 5340 WMPNetworkSvc - ok
19:28:46.0095 5340 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:28:46.0126 5340 WPCSvc - ok
19:28:46.0157 5340 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
19:28:46.0204 5340 WPDBusEnum - ok
19:28:46.0251 5340 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:28:46.0313 5340 ws2ifsl - ok
19:28:46.0329 5340 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
19:28:46.0376 5340 wscsvc - ok
19:28:46.0391 5340 WSearch - ok
19:28:46.0485 5340 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
19:28:46.0579 5340 wuauserv - ok
19:28:46.0641 5340 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:28:46.0672 5340 WudfPf - ok
19:28:46.0797 5340 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:28:46.0844 5340 WUDFRd - ok
19:28:46.0891 5340 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
19:28:46.0922 5340 wudfsvc - ok
19:28:46.0953 5340 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:28:47.0015 5340 WwanSvc - ok
19:28:47.0047 5340 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
19:28:47.0062 5340 XAudio - ok
19:28:47.0187 5340 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:28:47.0218 5340 ZTEusbmdm6k - ok
19:28:47.0343 5340 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:28:47.0359 5340 ZTEusbnmea - ok
19:28:47.0390 5340 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:28:47.0390 5340 ZTEusbser6k - ok
19:28:47.0437 5340 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:28:47.0655 5340 \Device\Harddisk0\DR0 - ok
19:28:47.0655 5340 Boot (0x1200) (326a9eddc7b4339130e9adfd28726acf) \Device\Harddisk0\DR0\Partition0
19:28:47.0655 5340 \Device\Harddisk0\DR0\Partition0 - ok
19:28:47.0686 5340 Boot (0x1200) (a8f4572e7aa97c705437f715f09ab4a4) \Device\Harddisk0\DR0\Partition1
19:28:47.0702 5340 \Device\Harddisk0\DR0\Partition1 - ok
19:28:47.0702 5340 ============================================================
19:28:47.0702 5340 Scan finished
19:28:47.0702 5340 ============================================================
19:28:47.0764 3404 Detected object count: 3
19:28:47.0764 3404 Actual detected object count: 3
19:29:37.0468 3404 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:29:37.0468 3404 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:29:37.0468 3404 mdvrmng ( UnsignedFile.Multi.Generic ) - skipped by user
19:29:37.0468 3404 mdvrmng ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:29:37.0484 3404 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:29:37.0484 3404 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:23.0582 0368 Deinitialize success
|
|
24.03.2012, 19:43
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Check Virus + Gema Trojaner eingefangen... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2012, 20:06
| #21 |
| | System Check Virus + Gema Trojaner eingefangen... [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-03-22.01 - Jo 24.03.2012 19:54:21.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2012.1261 [GMT 1:00]
ausgeführt von:: c:\users\Jo\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jo\AppData\Roaming\AcroIEHelpe.txt
c:\users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
c:\users\Jo\AppData\Roaming\srvblck2.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-24 bis 2012-03-24 ))))))))))))))))))))))))))))))
.
.
2012-03-24 19:01 . 2012-03-24 19:02 -------- d-----w- c:\users\Jo\AppData\Local\temp
2012-03-24 19:01 . 2012-03-24 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-24 19:00 . 2012-03-24 19:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FA997FC-810B-4B82-81B0-5F04A595417F}\offreg.dll
2012-03-24 18:06 . 2012-03-24 18:06 -------- d-----w- C:\_OTL
2012-03-23 15:50 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FA997FC-810B-4B82-81B0-5F04A595417F}\mpengine.dll
2012-03-20 15:43 . 2012-03-20 15:43 -------- d-----w- c:\users\Jo\AppData\Roaming\Malwarebytes
2012-03-20 15:43 . 2012-03-20 15:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-20 15:43 . 2012-03-20 15:43 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 15:43 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 15:19 . 2012-03-20 15:32 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-03-18 12:37 . 2012-03-18 12:38 -------- d-----w- c:\program files\CCleaner
2012-03-18 12:36 . 2012-03-18 12:38 -------- d-----w- c:\users\Jo\AppData\Local\Google
2012-03-18 12:36 . 2012-03-18 12:37 -------- d-----w- c:\program files\Google
2012-03-15 02:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 02:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:51 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:51 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:50 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:50 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:50 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:50 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:50 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 20:33 . 2012-03-10 20:34 -------- d-----w- c:\program files\v-Grabber
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 12:23 . 2011-08-07 15:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-05-19 07:22 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 16:51 . 2012-02-08 16:51 65536 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
2012-01-04 14:28 . 2012-01-04 14:28 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2012-01-04 08:58 . 2012-02-15 07:55 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-15 07:55 478720 ----a-w- c:\windows\system32\timedate.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-10 233472]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-08-12 1398024]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2009-10-17 7168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-18 136176]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-18 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-08-12 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-08-12 648456]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-10 1343400]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-08-12 142352]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Apache2.2;Apache2.2;c:\xammp\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-06-30 49152]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2009-08-12 50192]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-08-12 235024]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 41690919
*NewlyCreated* - 97635685
*Deregistered* - 41690919
*Deregistered* - 97635685
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-18 12:36]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-18 12:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 212.18.0.5 212.18.3.5 192.168.77.1
TCP: Interfaces\{7B00989C-9452-44BD-B6B9-D5D8BF77283C}: NameServer = 217.171.135.1 217.171.132.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-24 20:04:18
ComboFix-quarantined-files.txt 2012-03-24 19:04
.
Vor Suchlauf: 11 Verzeichnis(se), 140.019.015.680 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 139.585.716.224 Bytes frei
.
- - End Of File - - 71D51F0A6D4A389B82D99DF0BF4C9FBE
|
|
24.03.2012, 20:08
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Check Virus + Gema Trojaner eingefangen... Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2012, 20:42
| #23 |
| | System Check Virus + Gema Trojaner eingefangen...Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-24 20:42:09
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-75A23T0 rev.01.01A01
Running: ijxuv89s.exe; Driver: C:\Users\Jo\AppData\Local\Temp\uxldapow.sys
---- System - GMER 1.0.15 ----
SSDT 87100000 ZwCreateKey
SSDT 870FF240 ZwCreateProcess
SSDT 870FF500 ZwCreateProcessEx
SSDT 87100E60 ZwCreateThread
SSDT 87101000 ZwCreateThreadEx
SSDT 870FF7C0 ZwCreateUserProcess
SSDT 87100580 ZwDeleteKey
SSDT 87100840 ZwDeleteValueKey
SSDT 871011A0 ZwLoadDriver
SSDT 870FFA80 ZwOpenProcess
SSDT 871002C0 ZwSetValueKey
SSDT 870FFD40 ZwTerminateProcess
SSDT 87100CC0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C8D3D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC6D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82CCDEB4 4 Bytes [00, 00, 10, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82CCDED8 8 Bytes [40, F2, 0F, 87, 00, F5, 0F, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82CCDEF8 8 Bytes [60, 0E, 10, 87, 00, 10, 10, ...] {PUSHA ; PUSH CS; ADC [EDI-0x78eff000], AL}
.text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82CCDF10 4 Bytes [C0, F7, 0F, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1243 82CCDF38 4 Bytes [80, 05, 10, 87]
.text ...
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\Jo\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713afcee2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713afcee2 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:50:22 on 24.03.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Google Inc. Google Chrome 17.0.963.83 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL "CPLNumark_NS6.cpl" - "Numark" - C:\Windows\system32\CPLNumark_NS6.cpl "CPLNumark_NS7.cpl" - "Numark" - C:\Windows\system32\CPLNumark_NS7.cpl "CPLNumark_V7.cpl" - "Numark" - C:\Windows\system32\CPLNumark_V7.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "TosBtLocalCOM" - "TOSHIBA CORPORATION" - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\Windows\System32\drivers\BCM42RLY.sys "catchme" (catchme) - ? - C:\Users\Jo\AppData\Local\Temp\catchme.sys (File not found) "GridinSoft Trojan Killer Driver" (TrojanKillerDriver) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\gtkdrv.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "Mobile IP Route Manager" (mdvrmng) - ? - C:\Windows\system32\drivers\mdvrmng.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "tmactmon" (tmactmon) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmactmon.sys "tmcomm" (tmcomm) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmcomm.sys "tmevtmgr" (tmevtmgr) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmevtmgr.sys "tmpreflt" (tmpreflt) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmpreflt.sys "tmxpflt" (tmxpflt) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmxpflt.sys "uxldapow" (uxldapow) - ? - C:\Users\Jo\AppData\Local\Temp\uxldapow.sys (Hidden registry entry, rootkit activity | File not found) "vsapint" (vsapint) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\vsapint.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? - (File not found | COM-object registry key not found) {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {48F45200-91E6-11CE-8A4F-0080C81A28D4} "TMD Shell Extension" - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\Tmdshell.dll {771A9DA0-731A-11CE-993C-00AA004ADB6C} "VBPropSheet" - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\VBProp.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Broadcom Wireless Manager UI" - "Dell Inc." - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe "DBRMTray" - "Microsoft" - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe "Dell Webcam Central" - "Creative Technology Ltd" - "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 "ITSecMng" - "TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PDVDDXSrv" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UfSeAgnt.exe" - "Trend Micro Inc." - "c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "DBRMTray" - "Microsoft" - C:\Dell\DBRM\Reminder\TrayApp.exe [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "LIDIL hpzlllhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpzlllhn.dll "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apache2.2" (Apache2.2) - "Apache Software Foundation" - C:\xammp\xampp\apache\bin\httpd.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "BecHelperService" (BecHelperService) - ? - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe (File found, but it contains no detailed information) "Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE (File found, but it contains no detailed information) "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MySQL" (MySQL) - "MySQL AB" - C:\xammp\xampp\mysql\bin\mysqld.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe "Trend Micro Personal Firewall" (TmPfw) - "Trend Micro Inc." - c:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe "Trend Micro Proxy Service" (tmproxy) - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\TmProxy.exe "Trend Micro Unauthorized Change Prevention Service" (TMBMServer) - "Trend Micro Inc." - c:\Program Files\Trend Micro\BM\TMBMSRV.exe "Trend Micro Zentrale Steuerkomponente" (SfCtlCom) - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-24 20:56:03
-----------------------------
20:56:03.458 OS Version: Windows 6.1.7601 Service Pack 1
20:56:03.458 Number of processors: 2 586 0x170A
20:56:03.474 ComputerName: LAPTOP UserName: Jo
20:56:05.486 Initialize success
20:58:57.624 AVAST engine defs: 12032400
21:00:19.696 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:00:19.696 Disk 0 Vendor: WDC_WD2500BEVT-75A23T0 01.01A01 Size: 238475MB BusType: 11
21:00:19.961 Disk 0 MBR read successfully
21:00:19.961 Disk 0 MBR scan
21:00:19.977 Disk 0 Windows VISTA default MBR code
21:00:20.008 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:00:20.070 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
21:00:20.133 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30800325
21:00:20.320 Disk 0 scanning sectors +488395120
21:00:20.725 Disk 0 scanning C:\Windows\system32\drivers
21:01:55.043 Service scanning
21:02:23.591 Modules scanning
21:04:44.584 Disk 0 trace - called modules:
21:04:44.631
21:04:45.988 AVAST engine scan C:\Windows
21:05:50.791 AVAST engine scan C:\Windows\system32
21:24:06.730 AVAST engine scan C:\Windows\system32\drivers
21:27:00.100 AVAST engine scan C:\Users\Jo
21:45:01.086 AVAST engine scan C:\ProgramData
21:51:58.150 Scan finished successfully
22:07:32.274 Disk 0 MBR has been saved successfully to "C:\Users\Jo\Desktop\MBR.dat"
22:07:32.274 The log file has been saved successfully to "C:\Users\Jo\Desktop\aswMBR.txt"
|
|
25.03.2012, 14:23
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Check Virus + Gema Trojaner eingefangen... Sieht soweit ok aus. Zitat:
Mach bitte auch zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2012, 16:03
| #25 |
| | System Check Virus + Gema Trojaner eingefangen...Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/26/2012 at 04:58 PM
Application Version : 5.0.1146
Core Rules Database Version : 8377
Trace Rules Database Version: 6189
Scan type : Complete Scan
Total Scan Time : 00:47:23
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 756
Memory threats detected : 0
Registry items scanned : 34336
Registry threats detected : 0
File items scanned : 40487
File threats detected : 184
Adware.Tracking Cookie
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\36OA7BRX.txt [ /webmasterplan.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\94U8QPVW.txt [ /content.yieldmanager.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\DG90TVTP.txt [ /mediafire.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\LBIW3BJM.txt [ /ru4.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\91E6W7BW.txt [ /static.freewebs.getclicky.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\IKXLCMWZ.txt [ /dyntracker.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\K1S2B6S2.txt [ /ads.ad4game.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\DRYFZPX1.txt [ /ad.propellerads.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\CMHBAVKY.txt [ /ads.blog.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\2IKYVAYN.txt [ /partypoker.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\0CUPSHLF.txt [ /smartadserver.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\1PZQWL8A.txt [ /yieldmanager.net ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\36GMRQJ5.txt [ /eas.apm.emediate.eu ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\W80BFTJT.txt [ /ads.glispa.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\4TG8TL9H.txt [ /www.zanox-affiliate.de ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\F18HPZBM.txt [ /ads.movierelics.de ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\E3CCTZP9.txt [ /mediaplex.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\Q2HGE5FU.txt [ /adtech.de ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\QZUC9NZ8.txt [ /wmedia.rotator.hadj7.adjuggler.net ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\DHUQRW72.txt [ /ads.crakmedia.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\V6J1YR0U.txt [ /xiti.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\RBSVUQNC.txt [ /track.adform.net ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\XYEC1WZ3.txt [ /bs.serving-sys.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\0J8FUHYM.txt [ /apmebf.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\3IJDH2VI.txt [ /advertising.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\HE4EE1A2.txt [ /ads2.zeusclicks.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\WKX5YNT5.txt [ /specificclick.net ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\2CAWD7JD.txt [ /tracking.quisma.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\Q26ZQCRU.txt [ /lpa.trackfox2.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\DLCVW5CI.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\65M23838.txt [ /ads.depositfiles.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\5NONXBKO.txt [ /pornhub.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\TIVCGDFB.txt [ /media6degrees.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\8QMRPUXK.txt [ /invitemedia.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\M3U41T0E.txt [ /atdmt.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\IITDG1TU.txt [ /ad.zanox.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\0M94D3OY.txt [ /ads.creative-serving.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\VNLXU2YO.txt [ /adform.net ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\D05PFV9O.txt [ /ad.yieldmanager.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\FIMK11X3.txt [ /trafficasts.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\7SYJFZK5.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\2YBN9IA7.txt [ /lucidmedia.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\65CN29BQ.txt [ /at.atwola.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\C1HYJSLM.txt [ /ad6media.fr ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\1O2MC9VG.txt [ /rts.pgmediaserve.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\XQGILFWT.txt [ /exoclick.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\1NLIHVLW.txt [ /yadro.ru ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\WTW0KQQU.txt [ /www.youporn.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\RPM57BBK.txt [ /revsci.net ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\ED32UCRU.txt [ /serving-sys.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\VA9PSS5V.txt [ /adbrite.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\WCJLWBHG.txt [ /amazon-adsystem.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\51JME5Q7.txt [ /www4.smartadserver.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\LRTC94FO.txt [ /youporn.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\3PQER52Q.txt [ /doubleclick.net ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\ZLMFYQFE.txt [ /imrworldwide.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\F03NOZVW.txt [ /adxpansion.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\UI24EFFE.txt [ /a.trackfox2.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\CJBTYZCA.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\M1M2CF8N.txt [ /de.partypoker.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\JIXOVNW7.txt [ /freemediaforyou.net ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\YHNNM10P.txt [ /adfarm1.adition.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\U0NCSPP1.txt [ /adultfriendfinder.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\YBC6V82S.txt [ /zedo.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\RS0OVQ5X.txt [ /zanox.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\T5BB0RO3.txt [ /mmotraffic.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\WQ57NES5.txt [ /adviva.net ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\QDA2JPKG.txt [ /www.pornhub.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\813372I6.txt [ /pornografish.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\F9F60S13.txt [ /stat.ed.cupidplc.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\DVYGIJ9U.txt [ /girlsteachsex.com ]
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\7JXYH4UP.txt [ /ad.360yield.com ]
C:\USERS\JO\Cookies\36OA7BRX.txt [ Cookie:jo@webmasterplan.com/ ]
C:\USERS\JO\Cookies\94U8QPVW.txt [ Cookie:jo@content.yieldmanager.com/ ]
C:\USERS\JO\Cookies\91E6W7BW.txt [ Cookie:jo@static.freewebs.getclicky.com/ ]
C:\USERS\JO\Cookies\IKXLCMWZ.txt [ Cookie:jo@dyntracker.com/ ]
C:\USERS\JO\Cookies\2IKYVAYN.txt [ Cookie:jo@partypoker.com/ ]
C:\USERS\JO\Cookies\0CUPSHLF.txt [ Cookie:jo@smartadserver.com/ ]
C:\USERS\JO\Cookies\1PZQWL8A.txt [ Cookie:jo@yieldmanager.net/ ]
C:\USERS\JO\Cookies\36GMRQJ5.txt [ Cookie:jo@eas.apm.emediate.eu/ ]
C:\USERS\JO\Cookies\4TG8TL9H.txt [ Cookie:jo@www.zanox-affiliate.de/ ]
C:\USERS\JO\Cookies\E3CCTZP9.txt [ Cookie:jo@mediaplex.com/ ]
C:\USERS\JO\Cookies\Q2HGE5FU.txt [ Cookie:jo@adtech.de/ ]
C:\USERS\JO\Cookies\QZUC9NZ8.txt [ Cookie:jo@wmedia.rotator.hadj7.adjuggler.net/ ]
C:\USERS\JO\Cookies\DHUQRW72.txt [ Cookie:jo@ads.crakmedia.com/ ]
C:\USERS\JO\Cookies\V6J1YR0U.txt [ Cookie:jo@xiti.com/ ]
C:\USERS\JO\Cookies\RBSVUQNC.txt [ Cookie:jo@track.adform.net/ ]
C:\USERS\JO\Cookies\3IJDH2VI.txt [ Cookie:jo@advertising.com/ ]
C:\USERS\JO\Cookies\HE4EE1A2.txt [ Cookie:jo@ads2.zeusclicks.com/ ]
C:\USERS\JO\Cookies\2CAWD7JD.txt [ Cookie:jo@tracking.quisma.com/ ]
C:\USERS\JO\Cookies\Q26ZQCRU.txt [ Cookie:jo@lpa.trackfox2.com/ ]
C:\USERS\JO\Cookies\DLCVW5CI.txt [ Cookie:jo@ad1.adfarm1.adition.com/ ]
C:\USERS\JO\Cookies\5NONXBKO.txt [ Cookie:jo@pornhub.com/ ]
C:\USERS\JO\Cookies\TIVCGDFB.txt [ Cookie:jo@media6degrees.com/ ]
C:\USERS\JO\Cookies\8QMRPUXK.txt [ Cookie:jo@invitemedia.com/ ]
C:\USERS\JO\Cookies\IITDG1TU.txt [ Cookie:jo@ad.zanox.com/ ]
C:\USERS\JO\Cookies\D05PFV9O.txt [ Cookie:jo@ad.yieldmanager.com/ ]
C:\USERS\JO\Cookies\FIMK11X3.txt [ Cookie:jo@trafficasts.com/ ]
C:\USERS\JO\Cookies\7SYJFZK5.txt [ Cookie:jo@ad3.adfarm1.adition.com/ ]
C:\USERS\JO\Cookies\2YBN9IA7.txt [ Cookie:jo@lucidmedia.com/ ]
C:\USERS\JO\Cookies\65CN29BQ.txt [ Cookie:jo@at.atwola.com/ ]
C:\USERS\JO\Cookies\1O2MC9VG.txt [ Cookie:jo@rts.pgmediaserve.com/ ]
C:\USERS\JO\Cookies\XQGILFWT.txt [ Cookie:jo@exoclick.com/ ]
C:\USERS\JO\Cookies\1NLIHVLW.txt [ Cookie:jo@yadro.ru/ ]
C:\USERS\JO\Cookies\WTW0KQQU.txt [ Cookie:jo@www.youporn.com/ ]
C:\USERS\JO\Cookies\RPM57BBK.txt [ Cookie:jo@revsci.net/ ]
C:\USERS\JO\Cookies\VA9PSS5V.txt [ Cookie:jo@adbrite.com/ ]
C:\USERS\JO\Cookies\WCJLWBHG.txt [ Cookie:jo@amazon-adsystem.com/ ]
C:\USERS\JO\Cookies\51JME5Q7.txt [ Cookie:jo@www4.smartadserver.com/ ]
C:\USERS\JO\Cookies\3PQER52Q.txt [ Cookie:jo@doubleclick.net/ ]
C:\USERS\JO\Cookies\ZLMFYQFE.txt [ Cookie:jo@imrworldwide.com/cgi-bin ]
C:\USERS\JO\Cookies\UI24EFFE.txt [ Cookie:jo@a.trackfox2.com/ ]
C:\USERS\JO\Cookies\CJBTYZCA.txt [ Cookie:jo@ad2.adfarm1.adition.com/ ]
C:\USERS\JO\Cookies\M1M2CF8N.txt [ Cookie:jo@de.partypoker.com/ ]
C:\USERS\JO\Cookies\JIXOVNW7.txt [ Cookie:jo@freemediaforyou.net/ ]
C:\USERS\JO\Cookies\YHNNM10P.txt [ Cookie:jo@adfarm1.adition.com/ ]
C:\USERS\JO\Cookies\U0NCSPP1.txt [ Cookie:jo@adultfriendfinder.com/ ]
C:\USERS\JO\Cookies\RS0OVQ5X.txt [ Cookie:jo@zanox.com/ ]
C:\USERS\JO\Cookies\T5BB0RO3.txt [ Cookie:jo@mmotraffic.com/ ]
C:\USERS\JO\Cookies\WQ57NES5.txt [ Cookie:jo@adviva.net/ ]
C:\USERS\JO\Cookies\QDA2JPKG.txt [ Cookie:jo@www.pornhub.com/ ]
C:\USERS\JO\Cookies\813372I6.txt [ Cookie:jo@pornografish.com/ ]
C:\USERS\JO\Cookies\DVYGIJ9U.txt [ Cookie:jo@girlsteachsex.com/ ]
.kaspersky.122.2o7.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gostats.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gostats.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unister-adservices.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unister-adservices.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.zanox-affiliate.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
edates.traffective-tracking.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
edates.traffective-tracking.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
edates.traffective-tracking.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
edates.traffective-tracking.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
files.youporn.com [ C:\USERS\JO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NCQYU7N5 ]
www.pornhub.com [ C:\USERS\JO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NCQYU7N5 ]
Soll ich mit der SUPERAntiSpyware die "184 Items Found" löschen (remove (n) ) Ein Malwarebytes Log folgt. |
|
26.03.2012, 18:28
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Check Virus + Gema Trojaner eingefangen... Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Fehlt noch das Log von Malwarebytes.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2012, 18:44
| #27 |
| | System Check Virus + Gema Trojaner eingefangen...Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.26.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Jo :: LAPTOP [Administrator] Schutz: Aktiviert 26.03.2012 17:11:19 mbam-log-2012-03-26 (17-11-19).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 309564 Laufzeit: 1 Stunde(n), 26 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
26.03.2012, 18:51
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Check Virus + Gema Trojaner eingefangen...Zitat:
 ...weil es nun keine Funde außer Cookies mehr gibt, diese Logik versteh ich nicht, bitte erklären wie du darauf kommst!Den ganzen Quatsch hätte man sich hier auch sparen können wenn man eh alles plätten und neu installieren will 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2012, 21:16
| #29 |
| | System Check Virus + Gema Trojaner eingefangen... Sehr gut! Ich sehe das genau so, es war eine heiden Arbeit!  Da anscheinend immernoch Überreste in dem Windowswirrwarr sind möchte ich einfach sicher gehen. Ich nutz mein Laptop u.a. für OnlineBanking oder Online Einkäufe.. können an hand von cookies meine passwörter zB oder ähnliches ausgespeht werden? Vielen Dank für die Hilfe! |
|
27.03.2012, 10:20
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Check Virus + Gema Trojaner eingefangen...Zitat:
Deswegen kann man nach so einer Aktion auch mal seine Passwörter einfach alle mal ändern
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu System Check Virus + Gema Trojaner eingefangen... |
| bacroiehelpe, ccsetup, check, dankbar, dateien, eingefangen, entfern, fenster, gefangen, gema trojaner, gestern, hallo zusammen, host.exe, install.exe, komplette, laptop, malwarebytes, mbamservice.exe, nichts, plug-in, searchscopes, security scan, sendspace.com, software, system, tagen, taskhost.exe, troja, trojaner, version=1.0, versteckt, viren, virus, virus eingefangen, woche, zusammen |
Linear-Darstellung
