Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Nach Live Security Platinum nun pup.downloadnsave

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.07.2012, 03:16   #1
Florentine
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Liebes Board,
habe durch ein gekauftes Internetspiel oder durch den Acrobat Reader den Live Security Platinum Rogue bekommen. Der ist nun dank Malwarebytes weg. Übrig bleiben 14 infizierte Objekte mit dem schauerlichen Namen pup.downloadnsave, bei denen Malwarebytes machtlos ist und die auch nicht in Quarantäne sind.
Hier sind die Log files, was ist der nächste Schritt?

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.11

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Florentine :: FLORENTINE-PC [Administrator]

23.07.2012 18:17:23
mbam-log-2012-07-23 (18-17-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336627
Laufzeit: 49 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A8B0DBDE-8119-48B0-8088-D12DA01C36BA} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\DownloadnSave (PUP.DownloadnSave) -> Keine Aktion durchgeführt.

Infizierte Dateien: 6
C:\ProgramData\DownloadnSave\bhoclass.dll (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\ProgramData\DownloadnSave\content.js (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\ProgramData\DownloadnSave\background.html (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\ProgramData\DownloadnSave\ibaokjjhapofbkidpmegkdgnlefekngo.crx (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\ProgramData\DownloadnSave\settings.ini (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\ProgramData\DownloadnSave\uninstall.exe (PUP.DownloadnSave) -> Keine Aktion durchgeführt.

(Ende)
         
Vielen, vielen Dank für die Hilfe.
Florentine

Alt 25.07.2012, 13:18   #2
Larusso
/// Selecta Jahrusso
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave






Lass MBAM erneut laufen, und die Funde auch entfernen

Danach,
Bitte folge den Anweisungen hier und poste die geforderten Logfiles.
http://www.trojaner-board.de/69886-a...-beachten.html
__________________

__________________

Alt 25.07.2012, 16:25   #3
Florentine
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Ah ja das mit dem Löschen war ein sinnvoller Hinweis, deshalb hat mir auch vorher keiner geantwortet
So das sind die Log files
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.04

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Florentine :: FLORENTINE-PC [Administrator]

25.07.2012 07:21:25
mbam-log-2012-07-25 (07-21-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 339165
Laufzeit: 50 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A8B0DBDE-8119-48B0-8088-D12DA01C36BA} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\DownloadnSave (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 6
C:\ProgramData\DownloadnSave\bhoclass.dll (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DownloadnSave\content.js (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DownloadnSave\background.html (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DownloadnSave\ibaokjjhapofbkidpmegkdgnlefekngo.crx (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DownloadnSave\settings.ini (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DownloadnSave\uninstall.exe (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Was kommt nun
oder bin ich schon befreit?

Danke!!
__________________

Alt 25.07.2012, 18:34   #4
Larusso
/// Selecta Jahrusso
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Lies bitte meine letzte Antwort nochmal
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 26.07.2012, 07:25   #5
Florentine
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Ok jetzt hab ichs. Tut mir leid.

Code:
ATTFilter
OTL logfile created on: 7/25/2012 10:44:51 PM - Run 4
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Florentine\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.67% Memory free
5.93 Gb Paging File | 5.33 Gb Available in Paging File | 89.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 202.80 Gb Total Space | 100.61 Gb Free Space | 49.61% Space Free | Partition Type: NTFS
Drive D: | 247.87 Gb Total Space | 247.77 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
 
Computer Name: FLORENTINE-PC | User Name: Florentine | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/23 19:27:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Florentine\Desktop\OTL.exe
PRC - [2011/05/09 02:40:08 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/03/16 16:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009/12/12 07:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/17 08:58:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/10 20:46:11 | 004,419,392 | ---- | M] () [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/06/07 17:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/22 09:25:58 | 000,163,536 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\F-Secure\fshoster32.exe -- (fshoster)
SRV - [2012/03/15 15:55:34 | 000,062,160 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2012/03/15 09:00:44 | 000,213,672 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2012/03/15 09:00:38 | 000,610,472 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/06/12 03:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/09/25 03:52:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\FLOREN~1\AppData\Local\Temp\kxriraog.sys -- (kxriraog)
DRV - [2012/06/25 20:02:20 | 000,144,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/06/25 20:01:24 | 000,072,976 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Program Files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2012/06/17 23:54:53 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts)
DRV - [2012/03/15 09:00:38 | 000,073,640 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2012/03/15 09:00:38 | 000,038,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
DRV - [2012/03/15 09:00:28 | 000,014,504 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2011/12/12 19:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/09 02:41:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/12/07 10:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/12/07 10:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/10/12 06:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/01 01:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2007/05/18 08:04:16 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bfturboh.sys -- (bfturboh)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com/newtab.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C9475052-A237-412C-8FA1-F5C2F7CB36D2}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://nytimes.com/"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..keyword.URL: "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="
FF - prefs.js..network.proxy.backup.ftp: "192.168.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "192.168.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "192.168.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "192.168.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.0.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "192.168.0.1"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.0.1"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "192.168.0.1"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Florentine\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Florentine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Florentine\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Florentine\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Florentine\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/01/09 07:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 08:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/23 05:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/02/08 02:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 08:58:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/23 05:56:56 | 000,000,000 | ---D | M]
 
[2009/12/01 04:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florentine\AppData\Roaming\mozilla\Extensions
[2012/07/08 09:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florentine\AppData\Roaming\mozilla\Firefox\Profiles\lqtw2ek1.default\extensions
[2012/04/29 21:43:51 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\Florentine\AppData\Roaming\mozilla\Firefox\Profiles\lqtw2ek1.default\extensions\4f9d8d3028225@4f9d8d3028225.info
[2012/03/06 04:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/07/17 08:58:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/06 04:37:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 14:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/06/15 19:49:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/15 19:49:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 19:49:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/15 19:49:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/15 19:49:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/15 19:49:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Linkury Smartbar Search (Enabled)
CHR - default_search_provider: search_url = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Florentine\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Florentine\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Florentine\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Florentine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Florentine\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Florentine\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Florentine\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Florentine\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O2 - BHO: (ViewSource Class) - {CDF4B833-67D5-4e14-8F01-EEFD3FD10152} - C:\Program Files\BAUM Retec\WebFormator\WebForm.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [F-Secure Hoster (666)] C:\Program Files\F-Secure\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Florentine\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Florentine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Florentine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Florentine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Florentine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FE3ED8C-26DD-44B9-882C-AE56BF3DACA5}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAD592CF-FDBA-46FB-B745-1905041129CC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{71554e57-5d58-11e0-bc03-0024543a47a3}\Shell - "" = AutoRun
O33 - MountPoints2\{71554e57-5d58-11e0-bc03-0024543a47a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{71554e67-5d58-11e0-bc03-0024543a47a3}\Shell - "" = AutoRun
O33 - MountPoints2\{71554e67-5d58-11e0-bc03-0024543a47a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a386aecf-5e31-11e0-b7a3-0024543a47a3}\Shell - "" = AutoRun
O33 - MountPoints2\{a386aecf-5e31-11e0-b7a3-0024543a47a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/25 07:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/25 07:20:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/07/25 07:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/23 19:27:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Florentine\Desktop\OTL.exe
[2012/07/23 14:54:16 | 000,000,000 | ---D | C] -- C:\Users\Florentine\AppData\Roaming\Malwarebytes
[2012/07/23 14:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/22 09:00:14 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/07/22 08:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF85D2E13686B0CF7996F875F020
[2012/07/07 23:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/07/07 23:55:01 | 000,000,000 | ---D | C] -- C:\Users\Florentine\AppData\Roaming\pdfforge
[2012/07/07 23:54:57 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\windows\System32\pdfcmon.dll
[2012/07/07 23:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012/07/07 09:29:20 | 000,000,000 | ---D | C] -- C:\Users\Florentine\AppData\Local\Macromedia
[2012/07/02 08:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/07/02 08:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/09/15 10:35:07 | 016,215,808 | ---- | C] (Dropbox, Inc.) -- C:\Users\Florentine\Dropbox 1.1.45.exe
[2009/12/20 12:59:22 | 007,919,008 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.5.exe
[31 C:\Users\Florentine\Desktop\*.tmp files -> C:\Users\Florentine\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/25 22:18:31 | 000,302,592 | ---- | M] () -- C:\Users\Florentine\Desktop\jfiu802g.exe
[2012/07/25 21:51:10 | 000,000,000 | ---- | M] () -- C:\Users\Florentine\defogger_reenable
[2012/07/25 21:50:06 | 000,050,477 | ---- | M] () -- C:\Users\Florentine\Desktop\Defogger.exe
[2012/07/25 21:35:33 | 000,657,196 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/07/25 21:35:33 | 000,619,078 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/07/25 21:35:33 | 000,131,548 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/07/25 21:35:33 | 000,107,938 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/07/25 21:26:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/25 21:26:25 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 08:17:00 | 000,000,614 | ---- | M] () -- C:\windows\tasks\Scheduled scanning task.job
[2012/07/25 07:20:48 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/23 19:27:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Florentine\Desktop\OTL.exe
[2012/07/22 09:21:00 | 000,001,140 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job
[2012/07/22 08:31:10 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 08:31:10 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 11:20:00 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job
[2012/07/18 07:52:36 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\F-Secure Launch pad.lnk
[2012/07/11 20:53:58 | 003,788,864 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/07/05 13:02:30 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\windows\System32\pdfcmon.dll
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[31 C:\Users\Florentine\Desktop\*.tmp files -> C:\Users\Florentine\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/25 22:18:31 | 000,302,592 | ---- | C] () -- C:\Users\Florentine\Desktop\jfiu802g.exe
[2012/07/25 21:51:10 | 000,000,000 | ---- | C] () -- C:\Users\Florentine\defogger_reenable
[2012/07/25 21:50:06 | 000,050,477 | ---- | C] () -- C:\Users\Florentine\Desktop\Defogger.exe
[2012/07/25 07:20:48 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/18 07:52:36 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\F-Secure Launch pad.lnk
[2012/05/22 23:35:56 | 000,044,184 | ---- | C] () -- C:\windows\System32\drivers\fsbts.sys
[2012/05/22 23:35:10 | 000,019,454 | ---- | C] () -- C:\windows\prodsett_copy.ini
[2011/11/02 14:09:08 | 000,017,408 | ---- | C] () -- C:\Users\Florentine\AppData\Local\WebpageIcons.db
[2011/11/02 03:03:51 | 000,059,392 | R--- | C] () -- C:\windows\System32\streamhlp.dll
[2011/05/25 02:54:24 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010/12/14 12:53:04 | 000,003,584 | ---- | C] () -- C:\Users\Florentine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/25 16:13:33 | 000,236,155 | ---- | C] () -- C:\Users\Florentine\Big Be 2010-07-26 01-13-33.zip
[2010/07/25 15:46:51 | 000,235,094 | ---- | C] () -- C:\Users\Florentine\Big Be 2010-07-26 00-46-51.zip
[2010/07/08 00:27:13 | 000,235,382 | ---- | C] () -- C:\Users\Florentine\Big Be 2010-07-08 09-27-14.zip
[2010/06/03 13:14:27 | 000,226,042 | ---- | C] () -- C:\Users\Florentine\GrosseReformen 2010-05-07 17-33-52.zip
[2010/06/03 13:14:27 | 000,224,353 | ---- | C] () -- C:\Users\Florentine\GrosseReformen 2010-04-29 14-47-37.zip
[2010/06/03 13:14:27 | 000,216,030 | ---- | C] () -- C:\Users\Florentine\GrosseReformen 2010-04-26 22-27-57.zip
[2010/04/09 04:46:03 | 000,000,017 | ---- | C] () -- C:\Users\Florentine\AppData\Local\resmon.resmoncfg
[2009/12/18 12:21:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/30 14:12:00 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010/02/27 07:00:48 | 000,000,000 | -HSD | M] -- C:\Users\Florentine\AppData\Roaming\.#
[2010/04/25 02:31:45 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Academic Software Zurich
[2012/04/29 21:05:21 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Anuman
[2012/03/09 08:00:01 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Audacity
[2011/03/20 12:13:47 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Canon
[2012/01/29 09:31:20 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\casanova
[2011/01/03 11:35:06 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\CasualForge
[2011/05/05 12:26:37 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/02 14:30:52 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Cysi
[2012/07/22 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Dropbox
[2011/12/07 03:17:16 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\DVDVideoSoft
[2011/07/12 10:56:58 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/02 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Ekpa
[2012/01/03 00:30:00 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\f-secure
[2010/01/22 13:03:22 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Go Go Gourmet
[2010/02/27 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Meridian93
[2011/05/14 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Octoshape
[2012/03/22 09:52:09 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\OpenCandy
[2010/10/12 09:37:59 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\OpenOffice.org
[2012/07/21 20:21:30 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\pdfforge
[2012/01/28 10:35:03 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\ScreenSeven
[2012/04/19 09:54:41 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Swiss Academic Software
[2011/11/01 16:01:44 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\thecleaner
[2012/02/08 02:48:30 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Thunderbird
[2011/11/02 13:55:15 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\TrojanHunter
[2012/06/02 10:06:10 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/07/25 08:17:00 | 000,000,614 | ---- | M] () -- C:\windows\Tasks\Scheduled scanning task.job
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\$NtUninstallKB12571$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >
         
OTL hat bei diesem Scan kein Extras.txt erstellt. Ich zippe die Log-Datei die der Scan am Montag gebracht hat. Wenn der dir nichts nützt würd ich mich freuen wenn du mir erklärst wie ich einen Neuen kriege.
Das Problem ist außerdem, dass der Virus mein F-Secure Antivirusprogramm befallen hat. Das Programm reagiert weder im abgesichterten noch im normalen Modus.
Sorry für die späte Antwort, bin 9 h hinter euch.


Alt 26.07.2012, 12:45   #6
Larusso
/// Selecta Jahrusso
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.
Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Nach Live Security Platinum nun pup.downloadnsave

Alt 26.07.2012, 16:28   #7
Florentine
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Lieber Daniel,
danke für deine Unterstützung.
Während des Scans kam eine Meldung "pev.3XE funktioniert nicht mehr", habe es mir einfach mal notiert. Musste das dann mit ok bestätigen.

Code:
ATTFilter
ComboFix 12-07-27.02 - Florentine 26.07.2012   8:05.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3037.2670 [GMT -7:00]
ausgeführt von:: c:\users\Florentine\Desktop\ComboFix.exe
AV: Anti-Virus *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Anti-Virus *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\DownloadnSave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\Uninstall.lnk
c:\users\Florentine\AppData\Roaming\.#
c:\windows\$NtUninstallKB12571$
c:\windows\$NtUninstallKB12571$\3287260331
c:\windows\$NtUninstallKB12571$\798367373\@
c:\windows\$NtUninstallKB12571$\798367373\Desktop.ini
c:\windows\$NtUninstallKB12571$\798367373\L\00000004.@
c:\windows\$NtUninstallKB12571$\798367373\L\201d3dde
c:\windows\$NtUninstallKB12571$\798367373\L\xadqgnnk
c:\windows\$NtUninstallKB12571$\798367373\U\00000004.@
c:\windows\$NtUninstallKB12571$\798367373\U\00000008.@
c:\windows\$NtUninstallKB12571$\798367373\U\000000cb.@
c:\windows\$NtUninstallKB12571$\798367373\U\80000000.@
c:\windows\$NtUninstallKB12571$\798367373\U\80000032.@
.
Infizierte Kopie von c:\windows\system32\drivers\dfsc.sys wurde gefunden und desinfiziert 
Kopie von - The cat found it :) wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))
.
.
2012-07-26 15:14 . 2012-07-26 15:14	--------	dc----w-	c:\users\Florentine\AppData\Local\temp
2012-07-26 06:13 . 2012-07-26 06:13	--------	dc----w-	c:\program files\7-Zip
2012-07-25 14:20 . 2012-07-25 14:20	--------	dc----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-25 14:20 . 2012-07-03 20:46	22344	-c--a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-23 21:54 . 2012-07-23 21:54	--------	dc----w-	c:\users\Florentine\AppData\Roaming\Malwarebytes
2012-07-23 21:53 . 2012-07-23 21:53	--------	dc----w-	c:\programdata\Malwarebytes
2012-07-22 16:00 . 2012-07-22 16:00	--------	dcsh--w-	c:\windows\system32\%APPDATA%
2012-07-22 15:54 . 2012-07-22 15:56	--------	dc----w-	c:\programdata\036DFF85D2E13686B0CF7996F875F020
2012-07-11 07:44 . 2012-07-11 07:44	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-08 06:55 . 2012-07-22 03:21	--------	dc----w-	c:\users\Florentine\AppData\Roaming\pdfforge
2012-07-08 06:54 . 1998-06-24 08:00	137000	-c--a-w-	c:\windows\system32\MSMAPI32.OCX
2012-07-08 06:54 . 2012-07-05 20:02	81920	-c--a-w-	c:\windows\system32\pdfcmon.dll
2012-07-08 06:54 . 2004-03-09 08:00	662288	-c--a-w-	c:\windows\system32\MSCOMCT2.OCX
2012-07-08 06:54 . 2012-07-08 06:55	--------	dc----w-	c:\program files\PDFCreator
2012-07-08 06:54 . 1998-07-07 01:56	125712	-c--a-w-	c:\windows\system32\VB6DE.DLL
2012-07-08 06:54 . 1998-07-07 01:55	158208	-c--a-w-	c:\windows\system32\MSCMCDE.DLL
2012-07-08 06:54 . 1998-07-07 01:55	64512	-c--a-w-	c:\windows\system32\MSCC2DE.DLL
2012-07-08 06:54 . 1998-07-06 08:00	23552	-c--a-w-	c:\windows\system32\MSMPIDE.DLL
2012-07-07 16:29 . 2012-07-07 16:29	--------	dc----w-	c:\users\Florentine\AppData\Local\Macromedia
2012-07-02 15:26 . 2012-07-08 06:55	--------	dc----w-	c:\program files\Application Updater
2012-07-02 15:26 . 2012-07-08 06:55	--------	dc----w-	c:\program files\Common Files\Spigot
2012-06-27 15:22 . 2012-06-27 15:23	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-27 15:22 . 2012-06-27 15:23	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-27 15:22 . 2012-06-27 15:23	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-27 15:22 . 2012-06-27 15:23	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-27 15:22 . 2012-06-27 15:58	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-27 15:22 . 2012-06-27 15:58	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-27 15:22 . 2012-06-27 15:58	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-27 15:22 . 2012-06-27 15:23	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-27 15:22 . 2012-06-27 15:23	171904	----a-w-	c:\windows\system32\wuwebv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 16:04 . 2012-03-31 14:54	426184	-c--a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-22 16:04 . 2011-11-11 07:39	70344	-c--a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 06:54 . 2012-05-23 06:35	44184	-c--a-w-	c:\windows\system32\drivers\fsbts.sys
2012-06-13 16:25 . 2012-06-13 16:15	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 16:25 . 2012-06-13 16:15	981504	----a-w-	c:\windows\system32\wininet.dll
2012-06-13 16:25 . 2012-06-13 16:15	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-13 16:24 . 2012-06-13 16:14	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-13 16:24 . 2012-06-13 16:14	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 16:24 . 2012-06-13 16:14	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 16:24 . 2012-06-13 16:14	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 16:24 . 2012-06-13 16:14	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-13 16:24 . 2012-06-13 16:14	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 16:24 . 2012-06-13 16:14	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 16:24 . 2012-06-13 16:14	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-05-09 03:56 . 2012-05-09 02:23	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-09 03:56 . 2012-05-09 02:23	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-09 03:56 . 2012-05-09 02:23	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-09 03:52 . 2012-05-09 02:23	56176	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-09 03:52 . 2012-05-09 02:23	1077248	----a-w-	c:\windows\system32\DWrite.dll
2009-12-01 11:01 . 2009-12-20 19:59	7919008	-c--a-w-	c:\program files\Firefox Setup 3.5.5.exe
2012-07-17 15:58 . 2012-01-02 10:14	136672	-c--a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	-c--a-w-	c:\users\Florentine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	-c--a-w-	c:\users\Florentine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	-c--a-w-	c:\users\Florentine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-05-09 1174016]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Akamai NetSession Interface"="c:\users\Florentine\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-31 13797992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"F-Secure Manager"="c:\program files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2012-03-15 311976]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-27 1090440]
"F-Secure Hoster (666)"="c:\program files\F-Secure\fshoster32.exe" [2012-05-22 163536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
" Malwarebytes Anti-Malware  (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Florentine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Florentine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2009-12-26 1311744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
 WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2012-4-23 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
R2 fshoster;F-Secure Dll Hoster;c:\program files\F-Secure\fshoster32.exe [x]
R2 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\apps\CCF_Reputation\fsorsp.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job
- c:\users\Florentine\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 17:32]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job
- c:\users\Florentine\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 17:32]
.
2012-07-25 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\apps\COMPUT~1\ANTI-V~1\fsav.exe [2012-05-23 16:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.linkury.com/newtab.html
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Florentine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FE3ED8C-26DD-44B9-882C-AE56BF3DACA5}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Florentine\AppData\Roaming\Mozilla\Firefox\Profiles\lqtw2ek1.default\
FF - prefs.js: browser.search.selectedEngine - Linkury Smartbar Search
FF - prefs.js: browser.startup.homepage - http://www.trojaner-board.de/120243-...tml#post872345
FF - prefs.js: keyword.URL - hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=
FF - prefs.js: network.proxy.ftp - 192.168.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 192.168.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 192.168.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 192.168.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 192.168.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files\F-Secure\fshoster32.exe\" -hosterid:0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1720)
c:\users\Florentine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-26  08:22:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-26 15:22
.
Vor Suchlauf: 8 Verzeichnis(se), 107.479.814.144 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 110.273.724.416 Bytes frei
.
- - End Of File - - 902D4C8F17FCA90CF132825E5F6FC20D
         

Alt 27.07.2012, 13:30   #8
Larusso
/// Selecta Jahrusso
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.



Berichte mal, wie der Rechner läuft
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 27.07.2012, 15:31   #9
Florentine
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Das ist ist das Ergebnis des Scans
Code:
ATTFilter
07:22:48.0523 1792	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
07:22:48.0976 1792	============================================================
07:22:48.0976 1792	Current date / time: 2012/07/27 07:22:48.0976
07:22:48.0976 1792	SystemInfo:
07:22:48.0976 1792	
07:22:48.0976 1792	OS Version: 6.1.7601 ServicePack: 1.0
07:22:48.0976 1792	Product type: Workstation
07:22:48.0976 1792	ComputerName: FLORENTINE-PC
07:22:48.0976 1792	UserName: Florentine
07:22:48.0976 1792	Windows directory: C:\windows
07:22:48.0976 1792	System windows directory: C:\windows
07:22:48.0976 1792	Processor architecture: Intel x86
07:22:48.0976 1792	Number of processors: 2
07:22:48.0976 1792	Page size: 0x1000
07:22:48.0976 1792	Boot type: Safe boot with network
07:22:48.0976 1792	============================================================
07:22:49.0334 1792	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:22:49.0350 1792	============================================================
07:22:49.0350 1792	\Device\Harddisk0\DR0:
07:22:49.0350 1792	MBR partitions:
07:22:49.0350 1792	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
07:22:49.0350 1792	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x19598000
07:22:49.0350 1792	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B3CA800, BlocksNum 0x1EFBB000
07:22:49.0350 1792	============================================================
07:22:49.0366 1792	C: <-> \Device\Harddisk0\DR0\Partition1
07:22:49.0412 1792	D: <-> \Device\Harddisk0\DR0\Partition2
07:22:49.0412 1792	============================================================
07:22:49.0412 1792	Initialize success
07:22:49.0412 1792	============================================================
07:23:06.0666 1364	============================================================
07:23:06.0666 1364	Scan started
07:23:06.0666 1364	Mode: Manual; 
07:23:06.0666 1364	============================================================
07:23:07.0025 1364	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
07:23:07.0040 1364	1394ohci - ok
07:23:07.0118 1364	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
07:23:07.0118 1364	ACPI - ok
07:23:07.0181 1364	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
07:23:07.0181 1364	AcpiPmi - ok
07:23:07.0228 1364	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
07:23:07.0243 1364	adp94xx - ok
07:23:07.0290 1364	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
07:23:07.0290 1364	adpahci - ok
07:23:07.0321 1364	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
07:23:07.0321 1364	adpu320 - ok
07:23:07.0368 1364	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
07:23:07.0368 1364	AeLookupSvc - ok
07:23:07.0462 1364	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
07:23:07.0462 1364	AFD - ok
07:23:07.0508 1364	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
07:23:07.0508 1364	agp440 - ok
07:23:07.0555 1364	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
07:23:07.0555 1364	aic78xx - ok
07:23:07.0898 1364	Akamai          (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
07:23:07.0898 1364	Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
07:23:07.0898 1364	Akamai ( HiddenFile.Multi.Generic ) - warning
07:23:07.0898 1364	Akamai - detected HiddenFile.Multi.Generic (1)
07:23:08.0023 1364	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
07:23:08.0023 1364	ALG - ok
07:23:08.0132 1364	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
07:23:08.0148 1364	aliide - ok
07:23:08.0164 1364	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
07:23:08.0164 1364	amdagp - ok
07:23:08.0195 1364	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
07:23:08.0195 1364	amdide - ok
07:23:08.0226 1364	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
07:23:08.0226 1364	AmdK8 - ok
07:23:08.0257 1364	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
07:23:08.0257 1364	AmdPPM - ok
07:23:08.0335 1364	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
07:23:08.0335 1364	amdsata - ok
07:23:08.0366 1364	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
07:23:08.0366 1364	amdsbs - ok
07:23:08.0382 1364	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
07:23:08.0382 1364	amdxata - ok
07:23:08.0444 1364	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
07:23:08.0444 1364	AppID - ok
07:23:08.0491 1364	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
07:23:08.0507 1364	AppIDSvc - ok
07:23:08.0569 1364	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
07:23:08.0569 1364	Appinfo - ok
07:23:08.0694 1364	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:23:08.0694 1364	Apple Mobile Device - ok
07:23:08.0756 1364	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
07:23:08.0756 1364	arc - ok
07:23:08.0772 1364	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
07:23:08.0772 1364	arcsas - ok
07:23:08.0819 1364	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
07:23:08.0819 1364	AsyncMac - ok
07:23:08.0881 1364	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
07:23:08.0881 1364	atapi - ok
07:23:09.0006 1364	athr            (49f17a2e79469be6581d491706720671) C:\windows\system32\DRIVERS\athr.sys
07:23:09.0037 1364	athr - ok
07:23:09.0178 1364	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
07:23:09.0193 1364	AudioEndpointBuilder - ok
07:23:09.0193 1364	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
07:23:09.0193 1364	Audiosrv - ok
07:23:09.0302 1364	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
07:23:09.0302 1364	AxInstSV - ok
07:23:09.0412 1364	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
07:23:09.0412 1364	b06bdrv - ok
07:23:09.0474 1364	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
07:23:09.0474 1364	b57nd60x - ok
07:23:09.0521 1364	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
07:23:09.0521 1364	BDESVC - ok
07:23:09.0536 1364	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
07:23:09.0536 1364	Beep - ok
07:23:09.0614 1364	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
07:23:09.0614 1364	BFE - ok
07:23:09.0692 1364	bfturboh        (f5433ce07f01fe45c940cccbb0ba2d68) C:\windows\system32\drivers\bfturboh.sys
07:23:09.0692 1364	bfturboh - ok
07:23:09.0755 1364	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
07:23:09.0770 1364	blbdrive - ok
07:23:09.0973 1364	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
07:23:09.0973 1364	Bonjour Service - ok
07:23:10.0051 1364	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
07:23:10.0051 1364	bowser - ok
07:23:10.0082 1364	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
07:23:10.0082 1364	BrFiltLo - ok
07:23:10.0098 1364	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
07:23:10.0098 1364	BrFiltUp - ok
07:23:10.0550 1364	BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
07:23:10.0582 1364	BridgeMP - ok
07:23:10.0894 1364	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
07:23:10.0894 1364	Browser - ok
07:23:11.0237 1364	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
07:23:11.0299 1364	Brserid - ok
07:23:11.0440 1364	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
07:23:11.0455 1364	BrSerWdm - ok
07:23:11.0502 1364	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
07:23:11.0502 1364	BrUsbMdm - ok
07:23:11.0611 1364	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
07:23:11.0627 1364	BrUsbSer - ok
07:23:11.0705 1364	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
07:23:11.0705 1364	BTHMODEM - ok
07:23:11.0752 1364	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
07:23:11.0752 1364	bthserv - ok
07:23:11.0861 1364	catchme - ok
07:23:11.0892 1364	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
07:23:11.0892 1364	cdfs - ok
07:23:11.0954 1364	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
07:23:11.0954 1364	cdrom - ok
07:23:12.0001 1364	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
07:23:12.0001 1364	CertPropSvc - ok
07:23:12.0017 1364	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
07:23:12.0017 1364	circlass - ok
07:23:12.0079 1364	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
07:23:12.0095 1364	CLFS - ok
07:23:12.0188 1364	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:23:12.0188 1364	clr_optimization_v2.0.50727_32 - ok
07:23:12.0282 1364	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:23:12.0313 1364	clr_optimization_v4.0.30319_32 - ok
07:23:12.0360 1364	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
07:23:12.0360 1364	CmBatt - ok
07:23:12.0407 1364	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
07:23:12.0407 1364	cmdide - ok
07:23:12.0469 1364	CNG             (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys
07:23:12.0469 1364	CNG - ok
07:23:12.0516 1364	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
07:23:12.0516 1364	Compbatt - ok
07:23:12.0563 1364	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
07:23:12.0578 1364	CompositeBus - ok
07:23:12.0594 1364	COMSysApp - ok
07:23:12.0625 1364	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
07:23:12.0625 1364	crcdisk - ok
07:23:12.0688 1364	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
07:23:12.0688 1364	CryptSvc - ok
07:23:12.0766 1364	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
07:23:12.0922 1364	DcomLaunch - ok
07:23:12.0953 1364	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
07:23:12.0953 1364	defragsvc - ok
07:23:13.0015 1364	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
07:23:13.0015 1364	DfsC - ok
07:23:13.0078 1364	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
07:23:13.0078 1364	Dhcp - ok
07:23:13.0109 1364	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
07:23:13.0109 1364	discache - ok
07:23:13.0140 1364	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
07:23:13.0140 1364	Disk - ok
07:23:13.0187 1364	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
07:23:13.0202 1364	Dnscache - ok
07:23:13.0249 1364	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
07:23:13.0265 1364	dot3svc - ok
07:23:13.0296 1364	Dot4            (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
07:23:13.0312 1364	Dot4 - ok
07:23:13.0327 1364	Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\DRIVERS\Dot4Prt.sys
07:23:13.0327 1364	Dot4Print - ok
07:23:13.0390 1364	Dot4Scan        (9f7de667c505ce6500becdd8e11644d7) C:\windows\system32\DRIVERS\Dot4Scan.sys
07:23:13.0390 1364	Dot4Scan - ok
07:23:13.0405 1364	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
07:23:13.0405 1364	dot4usb - ok
07:23:13.0468 1364	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
07:23:13.0468 1364	DPS - ok
07:23:13.0514 1364	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
07:23:13.0514 1364	drmkaud - ok
07:23:13.0592 1364	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
07:23:13.0592 1364	DXGKrnl - ok
07:23:13.0639 1364	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
07:23:13.0639 1364	EapHost - ok
07:23:13.0748 1364	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
07:23:13.0780 1364	ebdrv - ok
07:23:13.0826 1364	EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
07:23:13.0826 1364	EFS - ok
07:23:13.0904 1364	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
07:23:13.0920 1364	ehRecvr - ok
07:23:13.0936 1364	ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
07:23:13.0936 1364	ehSched - ok
07:23:14.0029 1364	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
07:23:14.0029 1364	elxstor - ok
07:23:14.0092 1364	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
07:23:14.0092 1364	ErrDev - ok
07:23:14.0138 1364	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
07:23:14.0154 1364	EventSystem - ok
07:23:14.0232 1364	ewusbnet        (dafc7e1b2ffa35ccbddf95ae3e31bfae) C:\windows\system32\DRIVERS\ewusbnet.sys
07:23:14.0248 1364	ewusbnet - ok
07:23:14.0263 1364	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
07:23:14.0263 1364	exfat - ok
07:23:14.0513 1364	F-Secure Gatekeeper (dc2ffa1ce9841c12dbc038b24ff17ff0) C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
07:23:14.0513 1364	F-Secure Gatekeeper - ok
07:23:14.0606 1364	F-Secure HIPS   (7c93d27d27d3aea2fd9e6e46abc4766e) C:\Program Files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
07:23:14.0606 1364	F-Secure HIPS - ok
07:23:14.0638 1364	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
07:23:14.0638 1364	fastfat - ok
07:23:14.0716 1364	Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
07:23:14.0731 1364	Fax - ok
07:23:14.0762 1364	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
07:23:14.0762 1364	fdc - ok
07:23:14.0794 1364	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
07:23:14.0794 1364	fdPHost - ok
07:23:14.0809 1364	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
07:23:14.0809 1364	FDResPub - ok
07:23:14.0825 1364	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
07:23:14.0825 1364	FileInfo - ok
07:23:14.0840 1364	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
07:23:14.0840 1364	Filetrace - ok
07:23:14.0856 1364	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
07:23:14.0872 1364	flpydisk - ok
07:23:14.0887 1364	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
07:23:14.0887 1364	FltMgr - ok
07:23:14.0965 1364	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
07:23:14.0981 1364	FontCache - ok
07:23:15.0074 1364	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:23:15.0074 1364	FontCache3.0.0.0 - ok
07:23:15.0137 1364	fsbts           (1d2de58a837e6909f98ca35103d10739) C:\windows\system32\Drivers\fsbts.sys
07:23:15.0137 1364	fsbts - ok
07:23:15.0168 1364	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
07:23:15.0184 1364	FsDepends - ok
07:23:15.0371 1364	FSDFWD          (ee0d13c7cf71e9ad2bc18c5932573d1b) C:\Program Files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
07:23:15.0371 1364	FSDFWD - ok
07:23:15.0433 1364	FSES            (a87006c1c4015ce286e4de7d6f8b5b0c) C:\windows\system32\drivers\fses.sys
07:23:15.0433 1364	FSES - ok
07:23:15.0496 1364	FSFW            (a272d270cef837fb95d963d4671c5603) C:\windows\system32\drivers\fsdfw.sys
07:23:15.0496 1364	FSFW - ok
07:23:15.0589 1364	fshoster        (69e8f9a3b22aac0f7eca55ee545f19e7) C:\Program Files\F-Secure\fshoster32.exe
07:23:15.0620 1364	fshoster - ok
07:23:15.0714 1364	FSMA            (c2251c602edfc49e71d13d660ab7f625) C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
07:23:15.0714 1364	FSMA - ok
07:23:15.0792 1364	FSORSPClient    (b50c3ad8a850fa494d87af943c011f2f) C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe
07:23:15.0792 1364	FSORSPClient - ok
07:23:15.0839 1364	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
07:23:15.0839 1364	fssfltr - ok
07:23:15.0917 1364	fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
07:23:15.0932 1364	fsssvc - ok
07:23:16.0026 1364	fsvista         (f95ffcf662786dae8b79f0ba32fa8add) C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
07:23:16.0026 1364	fsvista - ok
07:23:16.0073 1364	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
07:23:16.0073 1364	Fs_Rec - ok
07:23:16.0135 1364	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
07:23:16.0135 1364	fvevol - ok
07:23:16.0166 1364	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
07:23:16.0182 1364	gagp30kx - ok
07:23:16.0213 1364	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:23:16.0213 1364	GEARAspiWDM - ok
07:23:16.0291 1364	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
07:23:16.0291 1364	gpsvc - ok
07:23:16.0307 1364	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
07:23:16.0307 1364	hcw85cir - ok
07:23:16.0385 1364	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
07:23:16.0385 1364	HdAudAddService - ok
07:23:16.0416 1364	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
07:23:16.0416 1364	HDAudBus - ok
07:23:16.0447 1364	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
07:23:16.0447 1364	HidBatt - ok
07:23:16.0463 1364	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
07:23:16.0463 1364	HidBth - ok
07:23:16.0510 1364	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
07:23:16.0510 1364	HidIr - ok
07:23:16.0556 1364	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
07:23:16.0556 1364	hidserv - ok
07:23:16.0619 1364	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
07:23:16.0619 1364	HidUsb - ok
07:23:16.0666 1364	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
07:23:16.0666 1364	hkmsvc - ok
07:23:16.0712 1364	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
07:23:16.0712 1364	HomeGroupListener - ok
07:23:16.0775 1364	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
07:23:16.0775 1364	HomeGroupProvider - ok
07:23:16.0822 1364	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
07:23:16.0822 1364	HpSAMD - ok
07:23:16.0915 1364	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
07:23:16.0931 1364	HTTP - ok
07:23:16.0993 1364	hwdatacard      (1fc7a63148e4f2bd831dab0dc732026d) C:\windows\system32\DRIVERS\ewusbmdm.sys
07:23:16.0993 1364	hwdatacard - ok
07:23:17.0040 1364	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
07:23:17.0040 1364	hwpolicy - ok
07:23:17.0087 1364	hwusbdev        (a259d3619aa23d4562581067f85e2006) C:\windows\system32\DRIVERS\ewusbdev.sys
07:23:17.0087 1364	hwusbdev - ok
07:23:17.0149 1364	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
07:23:17.0149 1364	i8042prt - ok
07:23:17.0196 1364	iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
07:23:17.0196 1364	iaStor - ok
07:23:17.0243 1364	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
07:23:17.0258 1364	iaStorV - ok
07:23:17.0399 1364	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:23:17.0399 1364	idsvc - ok
07:23:17.0602 1364	igfx            (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
07:23:17.0680 1364	igfx - ok
07:23:17.0789 1364	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
07:23:17.0789 1364	iirsp - ok
07:23:17.0929 1364	IJPLMSVC        (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
07:23:17.0929 1364	IJPLMSVC - ok
07:23:18.0007 1364	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
07:23:18.0023 1364	IKEEXT - ok
07:23:18.0179 1364	IntcAzAudAddService (5ceef2cccb4fe00d3ffbfeb12bcfa07f) C:\windows\system32\drivers\RTKVHDA.sys
07:23:18.0210 1364	IntcAzAudAddService - ok
07:23:18.0335 1364	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
07:23:18.0335 1364	intelide - ok
07:23:18.0382 1364	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
07:23:18.0382 1364	intelppm - ok
07:23:18.0413 1364	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
07:23:18.0413 1364	IPBusEnum - ok
07:23:18.0444 1364	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
07:23:18.0444 1364	IpFilterDriver - ok
07:23:18.0522 1364	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
07:23:18.0522 1364	iphlpsvc - ok
07:23:18.0569 1364	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
07:23:18.0569 1364	IPMIDRV - ok
07:23:18.0600 1364	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
07:23:18.0600 1364	IPNAT - ok
07:23:18.0709 1364	iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
07:23:18.0725 1364	iPod Service - ok
07:23:18.0756 1364	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
07:23:18.0756 1364	IRENUM - ok
07:23:18.0803 1364	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
07:23:18.0803 1364	isapnp - ok
07:23:18.0850 1364	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
07:23:18.0850 1364	iScsiPrt - ok
07:23:18.0928 1364	Iviaspi         (4ac11b2250106774f694df2db4ffed61) C:\windows\system32\drivers\iviaspi.sys
07:23:18.0928 1364	Iviaspi - ok
07:23:18.0990 1364	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
07:23:18.0990 1364	kbdclass - ok
07:23:19.0021 1364	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
07:23:19.0021 1364	kbdhid - ok
07:23:19.0068 1364	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
07:23:19.0068 1364	KeyIso - ok
07:23:19.0099 1364	KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys
07:23:19.0115 1364	KSecDD - ok
07:23:19.0130 1364	KSecPkg         (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys
07:23:19.0130 1364	KSecPkg - ok
07:23:19.0162 1364	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
07:23:19.0177 1364	KtmRm - ok
07:23:19.0224 1364	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
07:23:19.0224 1364	LanmanServer - ok
07:23:19.0302 1364	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
07:23:19.0318 1364	LanmanWorkstation - ok
07:23:19.0364 1364	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
07:23:19.0364 1364	lltdio - ok
07:23:19.0396 1364	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
07:23:19.0396 1364	lltdsvc - ok
07:23:19.0411 1364	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
07:23:19.0427 1364	lmhosts - ok
07:23:19.0489 1364	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
07:23:19.0489 1364	LSI_FC - ok
07:23:19.0505 1364	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
07:23:19.0505 1364	LSI_SAS - ok
07:23:19.0552 1364	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
07:23:19.0552 1364	LSI_SAS2 - ok
07:23:19.0567 1364	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
07:23:19.0567 1364	LSI_SCSI - ok
07:23:19.0614 1364	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
07:23:19.0614 1364	luafv - ok
07:23:19.0661 1364	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
07:23:19.0676 1364	Mcx2Svc - ok
07:23:19.0676 1364	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
07:23:19.0692 1364	megasas - ok
07:23:19.0739 1364	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
07:23:19.0739 1364	MegaSR - ok
07:23:19.0879 1364	Microsoft SharePoint Workspace Audit Service - ok
07:23:19.0910 1364	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
07:23:19.0910 1364	MMCSS - ok
07:23:19.0926 1364	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
07:23:19.0926 1364	Modem - ok
07:23:19.0957 1364	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
07:23:19.0973 1364	monitor - ok
07:23:20.0004 1364	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
07:23:20.0020 1364	mouclass - ok
07:23:20.0082 1364	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
07:23:20.0082 1364	mouhid - ok
07:23:20.0129 1364	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
07:23:20.0129 1364	mountmgr - ok
07:23:20.0222 1364	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:23:20.0238 1364	MozillaMaintenance - ok
07:23:20.0285 1364	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
07:23:20.0285 1364	mpio - ok
07:23:20.0300 1364	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
07:23:20.0316 1364	mpsdrv - ok
07:23:20.0363 1364	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
07:23:20.0363 1364	MRxDAV - ok
07:23:20.0425 1364	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
07:23:20.0425 1364	mrxsmb - ok
07:23:20.0472 1364	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
07:23:20.0488 1364	mrxsmb10 - ok
07:23:20.0503 1364	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
07:23:20.0503 1364	mrxsmb20 - ok
07:23:20.0550 1364	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
07:23:20.0550 1364	msahci - ok
07:23:20.0597 1364	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
07:23:20.0597 1364	msdsm - ok
07:23:20.0628 1364	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
07:23:20.0628 1364	MSDTC - ok
07:23:20.0690 1364	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
07:23:20.0690 1364	Msfs - ok
07:23:20.0706 1364	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
07:23:20.0706 1364	mshidkmdf - ok
07:23:20.0753 1364	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
07:23:20.0753 1364	msisadrv - ok
07:23:20.0815 1364	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
07:23:20.0815 1364	MSiSCSI - ok
07:23:20.0831 1364	msiserver - ok
07:23:20.0862 1364	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
07:23:20.0862 1364	MSKSSRV - ok
07:23:20.0878 1364	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
07:23:20.0878 1364	MSPCLOCK - ok
07:23:20.0878 1364	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
07:23:20.0878 1364	MSPQM - ok
07:23:20.0909 1364	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
07:23:20.0924 1364	MsRPC - ok
07:23:20.0956 1364	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
07:23:20.0956 1364	mssmbios - ok
07:23:20.0971 1364	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
07:23:20.0971 1364	MSTEE - ok
07:23:20.0987 1364	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
07:23:20.0987 1364	MTConfig - ok
07:23:21.0018 1364	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
07:23:21.0018 1364	Mup - ok
07:23:21.0080 1364	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
07:23:21.0096 1364	napagent - ok
07:23:21.0143 1364	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
07:23:21.0143 1364	NativeWifiP - ok
07:23:21.0236 1364	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
07:23:21.0252 1364	NDIS - ok
07:23:21.0299 1364	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
07:23:21.0299 1364	NdisCap - ok
07:23:21.0330 1364	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
07:23:21.0330 1364	NdisTapi - ok
07:23:21.0377 1364	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
07:23:21.0377 1364	Ndisuio - ok
07:23:21.0424 1364	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
07:23:21.0424 1364	NdisWan - ok
07:23:21.0455 1364	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
07:23:21.0470 1364	NDProxy - ok
07:23:21.0502 1364	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
07:23:21.0502 1364	NetBIOS - ok
07:23:21.0533 1364	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
07:23:21.0533 1364	NetBT - ok
07:23:21.0580 1364	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
07:23:21.0580 1364	Netlogon - ok
07:23:21.0642 1364	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
07:23:21.0642 1364	Netman - ok
07:23:21.0673 1364	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
07:23:21.0673 1364	netprofm - ok
07:23:21.0782 1364	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:23:21.0782 1364	NetTcpPortSharing - ok
07:23:21.0814 1364	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
07:23:21.0814 1364	nfrd960 - ok
07:23:21.0876 1364	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
07:23:21.0876 1364	NlaSvc - ok
07:23:21.0923 1364	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
07:23:21.0923 1364	Npfs - ok
07:23:21.0938 1364	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
07:23:21.0938 1364	nsi - ok
07:23:21.0970 1364	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
07:23:21.0970 1364	nsiproxy - ok
07:23:22.0079 1364	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
07:23:22.0094 1364	Ntfs - ok
07:23:22.0110 1364	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
07:23:22.0110 1364	Null - ok
07:23:22.0469 1364	nvlddmkm        (2713392707e515efb671751fa767ebd2) C:\windows\system32\DRIVERS\nvlddmkm.sys
07:23:22.0656 1364	nvlddmkm - ok
07:23:22.0781 1364	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
07:23:22.0796 1364	nvraid - ok
07:23:22.0812 1364	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
07:23:22.0812 1364	nvstor - ok
07:23:22.0874 1364	nvsvc           (d445466c0a10536486fbebbc271d6e34) C:\windows\system32\nvvsvc.exe
07:23:22.0874 1364	nvsvc - ok
07:23:22.0890 1364	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
07:23:22.0890 1364	nv_agp - ok
07:23:22.0906 1364	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
07:23:22.0906 1364	ohci1394 - ok
07:23:23.0015 1364	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:23:23.0015 1364	ose - ok
07:23:23.0296 1364	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:23:23.0405 1364	osppsvc - ok
07:23:23.0530 1364	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
07:23:23.0530 1364	p2pimsvc - ok
07:23:23.0576 1364	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
07:23:23.0576 1364	p2psvc - ok
07:23:23.0623 1364	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
07:23:23.0639 1364	Parport - ok
07:23:23.0686 1364	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
07:23:23.0686 1364	partmgr - ok
07:23:23.0686 1364	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
07:23:23.0686 1364	Parvdm - ok
07:23:23.0717 1364	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
07:23:23.0717 1364	PcaSvc - ok
07:23:23.0779 1364	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
07:23:23.0779 1364	pci - ok
07:23:23.0810 1364	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
07:23:23.0810 1364	pciide - ok
07:23:23.0857 1364	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
07:23:23.0857 1364	pcmcia - ok
07:23:23.0873 1364	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
07:23:23.0873 1364	pcw - ok
07:23:23.0935 1364	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
07:23:23.0935 1364	PEAUTH - ok
07:23:24.0076 1364	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
07:23:24.0091 1364	pla - ok
07:23:24.0216 1364	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
07:23:24.0232 1364	PlugPlay - ok
07:23:24.0263 1364	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
07:23:24.0263 1364	PNRPAutoReg - ok
07:23:24.0278 1364	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
07:23:24.0294 1364	PNRPsvc - ok
07:23:24.0341 1364	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
07:23:24.0356 1364	PolicyAgent - ok
07:23:24.0403 1364	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
07:23:24.0403 1364	Power - ok
07:23:24.0466 1364	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
07:23:24.0466 1364	PptpMiniport - ok
07:23:24.0497 1364	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
07:23:24.0497 1364	Processor - ok
07:23:24.0544 1364	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
07:23:24.0544 1364	ProfSvc - ok
07:23:24.0590 1364	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
07:23:24.0590 1364	ProtectedStorage - ok
07:23:24.0637 1364	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
07:23:24.0637 1364	Psched - ok
07:23:24.0715 1364	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
07:23:24.0731 1364	ql2300 - ok
07:23:24.0762 1364	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
07:23:24.0762 1364	ql40xx - ok
07:23:24.0809 1364	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
07:23:24.0809 1364	QWAVE - ok
07:23:24.0824 1364	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
07:23:24.0824 1364	QWAVEdrv - ok
07:23:24.0840 1364	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
07:23:24.0840 1364	RasAcd - ok
07:23:24.0871 1364	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
07:23:24.0887 1364	RasAgileVpn - ok
07:23:24.0902 1364	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
07:23:24.0902 1364	RasAuto - ok
07:23:24.0934 1364	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
07:23:24.0934 1364	Rasl2tp - ok
07:23:24.0996 1364	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
07:23:25.0012 1364	RasMan - ok
07:23:25.0043 1364	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
07:23:25.0043 1364	RasPppoe - ok
07:23:25.0043 1364	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
07:23:25.0043 1364	RasSstp - ok
07:23:25.0105 1364	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
07:23:25.0105 1364	rdbss - ok
07:23:25.0121 1364	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
07:23:25.0121 1364	rdpbus - ok
07:23:25.0152 1364	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
07:23:25.0152 1364	RDPCDD - ok
07:23:25.0168 1364	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
07:23:25.0168 1364	RDPENCDD - ok
07:23:25.0183 1364	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
07:23:25.0199 1364	RDPREFMP - ok
07:23:25.0246 1364	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
07:23:25.0246 1364	RDPWD - ok
07:23:25.0308 1364	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
07:23:25.0324 1364	rdyboost - ok
07:23:25.0370 1364	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
07:23:25.0370 1364	RemoteAccess - ok
07:23:25.0402 1364	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
07:23:25.0402 1364	RemoteRegistry - ok
07:23:25.0433 1364	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
07:23:25.0433 1364	RpcEptMapper - ok
07:23:25.0448 1364	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
07:23:25.0448 1364	RpcLocator - ok
07:23:25.0511 1364	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
07:23:25.0511 1364	RpcSs - ok
07:23:25.0558 1364	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
07:23:25.0558 1364	rspndr - ok
07:23:25.0620 1364	RTL8167         (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys
07:23:25.0620 1364	RTL8167 - ok
07:23:25.0651 1364	SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
07:23:25.0651 1364	SABI - ok
07:23:25.0714 1364	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
07:23:25.0714 1364	SamSs - ok
07:23:25.0760 1364	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
07:23:25.0760 1364	sbp2port - ok
07:23:25.0807 1364	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
07:23:25.0807 1364	SCardSvr - ok
07:23:25.0838 1364	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
07:23:25.0854 1364	scfilter - ok
07:23:25.0916 1364	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
07:23:25.0932 1364	Schedule - ok
07:23:25.0948 1364	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
07:23:25.0948 1364	SCPolicySvc - ok
07:23:25.0994 1364	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
07:23:25.0994 1364	SDRSVC - ok
07:23:26.0041 1364	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
07:23:26.0041 1364	secdrv - ok
07:23:26.0057 1364	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
07:23:26.0072 1364	seclogon - ok
07:23:26.0119 1364	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
07:23:26.0119 1364	SENS - ok
07:23:26.0150 1364	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
07:23:26.0150 1364	SensrSvc - ok
07:23:26.0166 1364	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
07:23:26.0182 1364	Serenum - ok
07:23:26.0197 1364	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
07:23:26.0197 1364	Serial - ok
07:23:26.0244 1364	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
07:23:26.0244 1364	sermouse - ok
07:23:26.0306 1364	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
07:23:26.0306 1364	SessionEnv - ok
07:23:26.0322 1364	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
07:23:26.0322 1364	sffdisk - ok
07:23:26.0338 1364	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
07:23:26.0338 1364	sffp_mmc - ok
07:23:26.0353 1364	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
07:23:26.0353 1364	sffp_sd - ok
07:23:26.0384 1364	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
07:23:26.0384 1364	sfloppy - ok
07:23:26.0431 1364	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
07:23:26.0447 1364	SharedAccess - ok
07:23:26.0494 1364	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
07:23:26.0509 1364	ShellHWDetection - ok
07:23:26.0556 1364	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
07:23:26.0556 1364	sisagp - ok
07:23:26.0587 1364	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
07:23:26.0587 1364	SiSRaid2 - ok
07:23:26.0618 1364	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
07:23:26.0618 1364	SiSRaid4 - ok
07:23:26.0696 1364	SkypeUpdate     (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
07:23:26.0696 1364	SkypeUpdate - ok
07:23:26.0728 1364	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
07:23:26.0728 1364	Smb - ok
07:23:26.0774 1364	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
07:23:26.0774 1364	SNMPTRAP - ok
07:23:26.0806 1364	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
07:23:26.0806 1364	spldr - ok
07:23:26.0868 1364	Spooler         (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
07:23:26.0868 1364	Spooler - ok
07:23:27.0040 1364	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
07:23:27.0086 1364	sppsvc - ok
07:23:27.0211 1364	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
07:23:27.0211 1364	sppuinotify - ok
07:23:27.0305 1364	SQLWriter       (54902536aad0e9b99bc65f89c0caf93f) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:23:27.0320 1364	SQLWriter - ok
07:23:27.0383 1364	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
07:23:27.0383 1364	srv - ok
07:23:27.0430 1364	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
07:23:27.0430 1364	srv2 - ok
07:23:27.0476 1364	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
07:23:27.0476 1364	srvnet - ok
07:23:27.0508 1364	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
07:23:27.0508 1364	SSDPSRV - ok
07:23:27.0523 1364	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
07:23:27.0539 1364	SstpSvc - ok
07:23:27.0554 1364	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
07:23:27.0554 1364	stexstor - ok
07:23:27.0617 1364	StillCam        (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
07:23:27.0617 1364	StillCam - ok
07:23:27.0695 1364	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
07:23:27.0695 1364	StiSvc - ok
07:23:27.0742 1364	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
07:23:27.0757 1364	swenum - ok
07:23:27.0804 1364	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
07:23:27.0820 1364	swprv - ok
07:23:27.0866 1364	SynTP           (7a9025d8f7852b06d6d08ed536135e7e) C:\windows\system32\DRIVERS\SynTP.sys
07:23:27.0866 1364	SynTP - ok
07:23:27.0976 1364	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
07:23:27.0991 1364	SysMain - ok
07:23:28.0038 1364	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
07:23:28.0038 1364	TabletInputService - ok
07:23:28.0085 1364	TapiSrv         (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
07:23:28.0085 1364	TapiSrv - ok
07:23:28.0116 1364	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
07:23:28.0116 1364	TBS - ok
07:23:28.0272 1364	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
07:23:28.0288 1364	Tcpip - ok
07:23:28.0319 1364	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
07:23:28.0319 1364	TCPIP6 - ok
07:23:28.0366 1364	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
07:23:28.0381 1364	tcpipreg - ok
07:23:28.0412 1364	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
07:23:28.0412 1364	TDPIPE - ok
07:23:28.0459 1364	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
07:23:28.0459 1364	TDTCP - ok
07:23:28.0506 1364	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
07:23:28.0506 1364	tdx - ok
07:23:28.0553 1364	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
07:23:28.0553 1364	TermDD - ok
07:23:28.0615 1364	TermService     (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
07:23:28.0615 1364	TermService - ok
07:23:28.0646 1364	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
07:23:28.0646 1364	Themes - ok
07:23:28.0693 1364	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
07:23:28.0693 1364	THREADORDER - ok
07:23:28.0709 1364	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
07:23:28.0709 1364	TrkWks - ok
07:23:28.0771 1364	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
07:23:28.0771 1364	TrustedInstaller - ok
07:23:28.0818 1364	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
07:23:28.0818 1364	tssecsrv - ok
07:23:28.0849 1364	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
07:23:28.0849 1364	TsUsbFlt - ok
07:23:28.0912 1364	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
07:23:28.0927 1364	tunnel - ok
07:23:28.0958 1364	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
07:23:28.0958 1364	uagp35 - ok
07:23:29.0021 1364	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
07:23:29.0021 1364	udfs - ok
07:23:29.0068 1364	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
07:23:29.0068 1364	UI0Detect - ok
07:23:29.0114 1364	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
07:23:29.0130 1364	uliagpkx - ok
07:23:29.0146 1364	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
07:23:29.0146 1364	umbus - ok
07:23:29.0161 1364	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
07:23:29.0161 1364	UmPass - ok
07:23:29.0192 1364	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
07:23:29.0192 1364	upnphost - ok
07:23:29.0239 1364	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
07:23:29.0255 1364	usbccgp - ok
07:23:29.0302 1364	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
07:23:29.0302 1364	usbcir - ok
07:23:29.0348 1364	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
07:23:29.0348 1364	usbehci - ok
07:23:29.0380 1364	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
07:23:29.0380 1364	usbhub - ok
07:23:29.0411 1364	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
07:23:29.0411 1364	usbohci - ok
07:23:29.0458 1364	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
07:23:29.0458 1364	usbprint - ok
07:23:29.0504 1364	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
07:23:29.0504 1364	usbscan - ok
07:23:29.0551 1364	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
07:23:29.0551 1364	USBSTOR - ok
07:23:29.0582 1364	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
07:23:29.0582 1364	usbuhci - ok
07:23:29.0645 1364	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
07:23:29.0645 1364	usbvideo - ok
07:23:29.0676 1364	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
07:23:29.0676 1364	UxSms - ok
07:23:29.0723 1364	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
07:23:29.0723 1364	VaultSvc - ok
07:23:29.0754 1364	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
07:23:29.0770 1364	vdrvroot - ok
07:23:29.0832 1364	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
07:23:29.0832 1364	vds - ok
07:23:29.0863 1364	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
07:23:29.0863 1364	vga - ok
07:23:29.0894 1364	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
07:23:29.0894 1364	VgaSave - ok
07:23:29.0957 1364	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
07:23:29.0957 1364	vhdmp - ok
07:23:30.0004 1364	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
07:23:30.0004 1364	viaagp - ok
07:23:30.0035 1364	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
07:23:30.0035 1364	ViaC7 - ok
07:23:30.0082 1364	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
07:23:30.0082 1364	viaide - ok
07:23:30.0097 1364	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
07:23:30.0113 1364	volmgr - ok
07:23:30.0160 1364	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
07:23:30.0175 1364	volmgrx - ok
07:23:30.0222 1364	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
07:23:30.0222 1364	volsnap - ok
07:23:30.0253 1364	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
07:23:30.0253 1364	vsmraid - ok
07:23:30.0331 1364	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
07:23:30.0347 1364	VSS - ok
07:23:30.0378 1364	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
07:23:30.0378 1364	vwifibus - ok
07:23:30.0394 1364	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
07:23:30.0394 1364	vwififlt - ok
07:23:30.0425 1364	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
07:23:30.0425 1364	vwifimp - ok
07:23:30.0472 1364	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
07:23:30.0472 1364	W32Time - ok
07:23:30.0503 1364	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
07:23:30.0503 1364	WacomPen - ok
07:23:30.0565 1364	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
07:23:30.0581 1364	WANARP - ok
07:23:30.0596 1364	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
07:23:30.0596 1364	Wanarpv6 - ok
07:23:30.0721 1364	WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
07:23:30.0737 1364	WatAdminSvc - ok
07:23:30.0830 1364	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
07:23:30.0846 1364	wbengine - ok
07:23:30.0877 1364	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
07:23:30.0893 1364	WbioSrvc - ok
07:23:30.0940 1364	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
07:23:30.0955 1364	wcncsvc - ok
07:23:30.0971 1364	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
07:23:30.0971 1364	WcsPlugInService - ok
07:23:31.0033 1364	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
07:23:31.0033 1364	Wd - ok
07:23:31.0064 1364	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
07:23:31.0064 1364	Wdf01000 - ok
07:23:31.0080 1364	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
07:23:31.0080 1364	WdiServiceHost - ok
07:23:31.0111 1364	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
07:23:31.0127 1364	WdiSystemHost - ok
07:23:31.0158 1364	WebClient       (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
07:23:31.0174 1364	WebClient - ok
07:23:31.0205 1364	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
07:23:31.0220 1364	Wecsvc - ok
07:23:31.0236 1364	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
07:23:31.0236 1364	wercplsupport - ok
07:23:31.0267 1364	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
07:23:31.0283 1364	WerSvc - ok
07:23:31.0298 1364	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
07:23:31.0298 1364	WfpLwf - ok
07:23:31.0314 1364	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
07:23:31.0314 1364	WIMMount - ok
07:23:31.0423 1364	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
07:23:31.0423 1364	WinDefend - ok
07:23:31.0439 1364	WinHttpAutoProxySvc - ok
07:23:31.0486 1364	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
07:23:31.0486 1364	Winmgmt - ok
07:23:31.0579 1364	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
07:23:31.0595 1364	WinRM - ok
07:23:31.0673 1364	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
07:23:31.0688 1364	Wlansvc - ok
07:23:31.0735 1364	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
07:23:31.0735 1364	WmiAcpi - ok
07:23:31.0813 1364	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
07:23:31.0813 1364	wmiApSrv - ok
07:23:31.0969 1364	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
07:23:31.0985 1364	WMPNetworkSvc - ok
07:23:32.0094 1364	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
07:23:32.0094 1364	WPCSvc - ok
07:23:32.0125 1364	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
07:23:32.0141 1364	WPDBusEnum - ok
07:23:32.0172 1364	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
07:23:32.0172 1364	ws2ifsl - ok
07:23:32.0188 1364	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
07:23:32.0188 1364	wscsvc - ok
07:23:32.0203 1364	WSearch - ok
07:23:32.0344 1364	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
07:23:32.0375 1364	wuauserv - ok
07:23:32.0500 1364	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
07:23:32.0500 1364	WudfPf - ok
07:23:32.0546 1364	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
07:23:32.0546 1364	WUDFRd - ok
07:23:32.0578 1364	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
07:23:32.0578 1364	wudfsvc - ok
07:23:32.0624 1364	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
07:23:32.0624 1364	WwanSvc - ok
07:23:32.0671 1364	MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
07:23:32.0952 1364	\Device\Harddisk0\DR0 - ok
07:23:32.0952 1364	Boot (0x1200)   (ffcf558f995dc6506b87e0580f61da7e) \Device\Harddisk0\DR0\Partition0
07:23:32.0952 1364	\Device\Harddisk0\DR0\Partition0 - ok
07:23:32.0968 1364	Boot (0x1200)   (4d4821b6231758dbc3f0304b6bba6dbb) \Device\Harddisk0\DR0\Partition1
07:23:32.0968 1364	\Device\Harddisk0\DR0\Partition1 - ok
07:23:32.0999 1364	Boot (0x1200)   (3816343f3d7af4ed0bb4c1fe70be24c9) \Device\Harddisk0\DR0\Partition2
07:23:32.0999 1364	\Device\Harddisk0\DR0\Partition2 - ok
07:23:32.0999 1364	============================================================
07:23:32.0999 1364	Scan finished
07:23:32.0999 1364	============================================================
07:23:33.0014 1328	Detected object count: 1
07:23:33.0014 1328	Actual detected object count: 1
07:24:08.0504 1328	Akamai ( HiddenFile.Multi.Generic ) - skipped by user
07:24:08.0504 1328	Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
         
Ich benutze den Rechner nur für das Forum und die Scans, daher läuft das im abges. Modus ganz gut. Wenn ich eine Internetseite öffne, öffnet sich meist ein zweiter Tab mit Werbung. Suchergebnisse bei Google bringen mich nie auf die angeklickte Seite, sondern es geht gleich auf Werbung. Mein Word und F-Secure kann ich nicht öffnen. Das Icon für Live Security Platinum, das sich auf dem Desktop installiert hat, ist auch weg. Sonst versuch ich nichts weiter zu machen.
Viele Grüße

Alt 27.07.2012, 18:57   #10
Larusso
/// Selecta Jahrusso
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Zitat:
Google bringen mich nie auf die angeklickte Seite, sondern es geht gleich auf Werbung
Immer noch ?
Im abgesicherten Modus brauchst du nicht prüfen, wie der PC läuft. Das bringt mich nicht weiter.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 28.07.2012, 08:51   #11
Florentine
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Da ich nichts falsch machen wollte, war ich die ganze Zeit im abg. Modus. Schreib doch bitte solche kleinen aber wichtigen Details mit rein, dann kann ich auch besser antworten.
Also im Normalmodus hing er kurz im Internet (keine Rückmeldung), es öffnet sich aber keine zusaetzliche Werbung auch nicht bei Google. Mein Virenprogramm sagt mir, dass alles ok ist (sag mir, wenn ich das durchlaufen lassen soll) und Word fkt. auch
Da scheint ja schon mal die halbe Miete.

Alt 28.07.2012, 12:34   #12
Larusso
/// Selecta Jahrusso
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



F-Secure startet auch ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 28.07.2012, 16:40   #13
Florentine
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Ja, das wird als aktiv angezeigt und öffnet sich auch.
Ich bekomme eine Fehlermeldung wenn der PC sich hochfährt. Die Meldung hänge ich in den Anhang.
Ich habe das Gefühl dass der PC ein bisschen langsamer ist.
Grüße aus LA
Flo
Miniaturansicht angehängter Grafiken
Nach Live Security Platinum nun pup.downloadnsave-runtimeerror.jpg  

Alt 29.07.2012, 07:45   #14
Florentine
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Habe F-secure durchlaufen lassen. Hat eine malware gefunden, siehe Anhang, ist in Quarantäne, kann ich auch wieder 'freilassen' wenn wirs bräuchten. Jetzt wart ich erstmal auf neue Anweisungen
Miniaturansicht angehängter Grafiken
Nach Live Security Platinum nun pup.downloadnsave-f-secure.jpg  

Alt 29.07.2012, 12:07   #15
Larusso
/// Selecta Jahrusso
 
Nach Live Security Platinum nun pup.downloadnsave - Standard

Nach Live Security Platinum nun pup.downloadnsave



Lösche bitte die vorhandene Combofix Version und downloade dir von hier eine neue Version.

Speichere diese auf dem Desktop.
Gehe sicher, dass all deine Anti Virus und anderen Schutzprogramme abgeschalten sind.



Poste die C:\Combofix.txt hier
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Nach Live Security Platinum nun pup.downloadnsave
acrobat, administrator, anti-malware, autostart, browser, code, dateien, explorer, gen, helper, infizierte, install, install.exe, live, live security platinum malwarebytes, log, malwarebytes, microsoft, namen, platinum, pup.downloadnsave, quarantäne, security, service, software, speicher, uninstall.exe, version



Ähnliche Themen: Nach Live Security Platinum nun pup.downloadnsave


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. Was tun nach "Live Security Platinum" Virus
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (28)
  3. TR/Crypt.EPACK.Gen2 nach Platinum live security warnung
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  4. Nach löschen von Live Security Platinum System sauber?
    Log-Analyse und Auswertung - 06.09.2012 (33)
  5. Live-Security-platinum mit OTL
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (1)
  6. Live Security Platinum
    Log-Analyse und Auswertung - 14.08.2012 (12)
  7. Check nach "Live Security Platinum"-Befall
    Log-Analyse und Auswertung - 14.08.2012 (1)
  8. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (3)
  9. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (5)
  10. Live Security Platinum
    Log-Analyse und Auswertung - 06.08.2012 (1)
  11. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (1)
  12. Live Security Platinum nach System-Neuinstallation wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  13. Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun?
    Log-Analyse und Auswertung - 27.07.2012 (9)
  14. Nach Befall von Live Security Platinum unter Vista
    Log-Analyse und Auswertung - 26.07.2012 (1)
  15. Vorgehen nach Live Security Platinum Entfernung?
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (1)
  16. Live Security Platinum auf dem Laptop mit Logfiles - ist nun nach Malwarebytes alles gut?
    Mülltonne - 20.07.2012 (0)
  17. Neuinstallation von Windows nach Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)

Zum Thema Nach Live Security Platinum nun pup.downloadnsave - Liebes Board, habe durch ein gekauftes Internetspiel oder durch den Acrobat Reader den Live Security Platinum Rogue bekommen. Der ist nun dank Malwarebytes weg. Übrig bleiben 14 infizierte Objekte mit - Nach Live Security Platinum nun pup.downloadnsave...
Archiv
Du betrachtest: Nach Live Security Platinum nun pup.downloadnsave auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.