Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.Phex.THAGen9 - eeePC - Win7

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 15.09.2012, 12:19   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Bitte besser aufpassen und sorgfältiger arbeiten!
Du hast ein adwCleaner Log bei OTL eingefügt, das kann so nichts werden!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.09.2012, 13:07   #17
kkjoky
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7




Wie kommt die denn da rein??

Bin verwundert cosinus, habe sie genauso auf den Desktop gelegt bekommen... (Ja ich weiß, kann eigentlich nicht sein...)
Mache OTL neu und poste es dann.
Sry
kkjoky

So Cosinus, hier der neue Versuch...
Jetzt war ich sorgfältiger (hoffe ich jedenfalls...) muss wohl beim letzten Mal irgendein Durcheinander mit 'Strg-V' + 'Strg-C' fabriziert haben... Aber so spät nachts war es doch eigentlich gar nicht... naja, nächstes Mal bessert.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/15/2012 2:11:34 PM - Run 2
OTL by OldTimer - Version 3.2.61.4     Folder = C:\Users\***\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 384.51 Mb Available Physical Memory | 37.91% Memory free
1.71 Gb Paging File | 0.88 Gb Available in Paging File | 51.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 2.06 Gb Free Space | 2.57% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 0.82 Gb Free Space | 1.52% Space Free | Partition Type: NTFS
Drive F: | 1.84 Gb Total Space | 0.60 Gb Free Space | 32.48% Space Free | Partition Type: FAT
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\CapsHook\CapsHook.exe (ASUS)
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL ()
MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Samsung UPD Service2) -- C:\Windows\System32\SUPDSvc2.exe (Samsung Electronics)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 12:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/25 20:30:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 12:52:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/25 20:30:55 | 000,000,000 | ---D | M]
 
[2010/11/25 14:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012/08/19 13:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions
[2012/07/28 10:19:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/12/17 14:32:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/12 18:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/07/29 12:52:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 12:54:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/16 12:54:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 12:54:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/16 12:54:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/16 12:54:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/16 12:54:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAF9D302-BA4D-4E91-A8BF-03F81B5296BD}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2030/01/01 14:31:55 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/09/14 21:30:47 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/09/14 00:39:47 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/09/14 00:36:02 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/09/14 00:35:33 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/14 00:35:33 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/14 00:35:33 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/09/14 00:31:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys
[2012/09/14 00:31:38 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/09/14 00:31:38 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/09/14 00:31:35 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2012/09/11 07:12:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/07 10:22:33 | 000,000,000 | ---D | C] -- C:\trojaner
[2012/09/07 08:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/07 08:02:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012/09/07 08:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/07 08:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/07 08:01:52 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/07 08:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/06 14:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\pcdjxalmprhtcbs
[2012/09/05 21:38:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/05 21:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/05 21:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/29 20:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/08/25 20:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/08/25 20:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/25 20:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/08/25 20:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/19 13:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/19 13:27:06 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/15 14:00:50 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/15 14:00:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/14 21:30:54 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/09/14 12:30:46 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 12:30:46 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 12:23:10 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/14 03:24:17 | 000,654,824 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/09/14 03:24:17 | 000,616,666 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/14 03:24:17 | 000,130,406 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/09/14 03:24:17 | 000,106,788 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/14 00:40:28 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/09/14 00:39:32 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/14 00:35:15 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/09/14 00:35:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/14 00:35:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/14 00:35:15 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/09/14 00:35:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2012/09/14 00:35:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/07 15:24:24 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012/09/06 14:30:49 | 000,076,347 | ---- | M] () -- C:\ProgramData\ouzgshjjxcyeruo
[2012/08/29 20:31:49 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/08/29 20:31:49 | 000,002,040 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/26 15:58:02 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/08/26 15:58:02 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/08/24 11:31:10 | 002,468,247 | ---- | M] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Bengang HD.mp3
[2012/08/24 11:20:04 | 003,118,185 | ---- | M] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Revolte.mp3
[2012/08/24 11:19:03 | 006,160,974 | ---- | M] () -- C:\Users\***\Desktop\Atzepeng - Paul Kalkbrenner.mp3
[2012/08/24 11:14:01 | 007,576,010 | ---- | M] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Gebrünn Gebrünn [Berlin Calling Edits] [HQ].mp3
[2012/08/24 11:08:21 | 006,135,995 | ---- | M] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Mango.mp3
[2012/08/22 19:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/08/22 19:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/08/20 19:47:06 | 000,002,431 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Word Starter 2010.lnk
[2012/08/17 13:27:54 | 000,076,754 | ---- | M] () -- C:\Users\***\Desktop\283889_4488110409710_1412415631_n.jpg
[2012/08/17 12:40:07 | 000,284,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/09/14 06:12:33 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/09/07 15:24:24 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012/09/07 08:01:54 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/06 14:30:37 | 000,076,347 | ---- | C] () -- C:\ProgramData\ouzgshjjxcyeruo
[2012/08/25 20:31:16 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/08/25 20:31:16 | 000,002,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/24 11:30:26 | 002,468,247 | ---- | C] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Bengang HD.mp3
[2012/08/24 11:19:05 | 003,118,185 | ---- | C] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Revolte.mp3
[2012/08/24 11:16:56 | 006,160,974 | ---- | C] () -- C:\Users\***\Desktop\Atzepeng - Paul Kalkbrenner.mp3
[2012/08/24 11:12:00 | 007,576,010 | ---- | C] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Gebrünn Gebrünn [Berlin Calling Edits] [HQ].mp3
[2012/08/24 11:06:40 | 006,135,995 | ---- | C] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Mango.mp3
[2012/08/20 19:47:06 | 000,002,431 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Word Starter 2010.lnk
[2012/08/17 13:27:39 | 000,076,754 | ---- | C] () -- C:\Users\***\Desktop\283889_4488110409710_1412415631_n.jpg
[2012/04/24 21:48:10 | 000,349,264 | ---- | C] () -- C:\windows\System32\UPDIO2.dll
[2012/04/24 21:48:09 | 000,024,064 | ---- | C] () -- C:\windows\System32\spd__l.dll
[2012/04/24 21:48:07 | 000,261,712 | ---- | C] () -- C:\windows\SUPDRun.exe
[2012/04/24 21:48:07 | 000,151,552 | ---- | C] () -- C:\windows\System32\spd__ci.exe
[2012/04/15 19:05:04 | 000,007,609 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011/02/05 23:02:24 | 000,000,859 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010/11/24 20:54:39 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010/11/24 20:54:39 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/11/24 19:47:09 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2010/11/24 19:45:44 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/07/23 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012/08/14 21:22:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011/01/04 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Asus
[2012/05/26 15:24:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage
[2010/11/23 21:23:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2012/09/14 12:41:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011/09/24 20:23:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011/02/08 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/11/24 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\E-Cam
[2011/02/05 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012/06/05 09:50:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009/07/14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010/06/24 18:00:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010/06/24 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012/09/07 08:02:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011/07/25 18:48:18 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2010/11/25 14:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011/02/06 18:14:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012/09/06 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012/07/29 17:39:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2012/09/11 07:12:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2010/11/25 16:16:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011/08/27 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012/07/03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012/07/03 03:21:40 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012/07/03 03:21:46 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
--- --- ---



Hoffe es stimmt jetzt?
Danke jedenfalls für die Geduld.

Lässt sich eigentlich mein früherer Thread von mir noch editieren/bearbeiten? Vermutlich nicht, oder?

Lg
kkjoky
__________________


Alt 16.09.2012, 14:16   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



So isses nun richtig - du kannst deine Postings nur max. 1h nach nach Erstellung editieren
Was willst du genau editieren und warum?
__________________
__________________

Alt 16.09.2012, 17:19   #19
kkjoky
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Ja gut, die 1Stunde ist natürlich schon um...
Cosinuns, ich hätte gerne noch drei Sternchen eingefügt.

Wie könnte es nun weitergehen? Der Vorgang ist vermutlich noch nicht fertig, oder?

Danke für den nächsten Tipp.

Gruß
kkjoky

Alt 17.09.2012, 09:21   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
[2012/07/28 10:19:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\Program Files\ICQ6Toolbar
C:\ProgramData\ouzgshjjxcyeruo
C:\ProgramData\pcdjxalmprhtcbs
C:\Users\All Users\pcdjxalmprhtcbs
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.09.2012, 09:39   #21
kkjoky
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Hallo und danke für die Weiterbegleitung:

OTL.EXE ausgeführt - Neustart des eeePC.
Beim Start kam die Sicherheitswarnung, ob OTL.EXE (unbekannter Herausgeber) ausgheführt werden soll. 'Ausführen' geklickt.

Hier der Log-file:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "" removed from browser.search.defaultengine
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "" removed from browser.search.order.1
Prefs.js: "" removed from browser.search.selectedEngine
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\ProgramData\ouzgshjjxcyeruo moved successfully.
C:\ProgramData\pcdjxalmprhtcbs folder moved successfully.
File\Folder C:\Users\All Users\pcdjxalmprhtcbs not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 1246464 bytes
->Temporary Internet Files folder emptied: 497382 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 83716619 bytes
->Flash cache emptied: 864 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1017286 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 82.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.4 log created on 09172012_102903

Files\Folders moved on Reboot...
C:\windows\temp\HS.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
ach ja, das wollte ich noch loswerden:
- alles läuft prima im normalen Modus;
- keine leeren (Programm-)Ordner.

Gruß
kkjoky

Geändert von kkjoky (17.09.2012 um 09:46 Uhr) Grund: normaler Modus und Co.

Alt 17.09.2012, 09:44   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.09.2012, 10:07   #23
kkjoky
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



So, Cosinus.
Auch das lief weitgehenst nach Plan.

TDSSKiller wollte von Version 2.8.8.0 (dein Link) auf 2.8.9.0 updaten.
Hat aber nicht geklappt...

daher dieser Log:
Code:
ATTFilter
10:57:59.0044 4740  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:58:01.0384 4740  ============================================================
10:58:01.0384 4740  Current date / time: 2012/09/17 10:58:01.0384
10:58:01.0384 4740  SystemInfo:
10:58:01.0384 4740  
10:58:01.0384 4740  OS Version: 6.1.7601 ServicePack: 1.0
10:58:01.0384 4740  Product type: Workstation
10:58:01.0384 4740  ComputerName: ***-PC
10:58:01.0384 4740  UserName: ***
10:58:01.0384 4740  Windows directory: C:\windows
10:58:01.0384 4740  System windows directory: C:\windows
10:58:01.0384 4740  Processor architecture: Intel x86
10:58:01.0384 4740  Number of processors: 2
10:58:01.0384 4740  Page size: 0x1000
10:58:01.0384 4740  Boot type: Normal boot
10:58:01.0384 4740  ============================================================
10:58:02.0445 4740  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:58:02.0460 4740  Drive \Device\Harddisk1\DR1 - Size: 0x75A00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:58:02.0460 4740  ============================================================
10:58:02.0460 4740  \Device\Harddisk0\DR0:
10:58:02.0460 4740  MBR partitions:
10:58:02.0460 4740  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000800
10:58:02.0460 4740  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBE01000, BlocksNum 0x6C0E800
10:58:02.0460 4740  \Device\Harddisk1\DR1:
10:58:02.0460 4740  MBR partitions:
10:58:02.0460 4740  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3ACF79
10:58:02.0460 4740  ============================================================
10:58:02.0507 4740  C: <-> \Device\Harddisk0\DR0\Partition1
10:58:02.0554 4740  D: <-> \Device\Harddisk0\DR0\Partition2
10:58:02.0554 4740  ============================================================
10:58:02.0554 4740  Initialize success
10:58:02.0554 4740  ============================================================
10:58:49.0900 4720  ============================================================
10:58:49.0900 4720  Scan started
10:58:49.0900 4720  Mode: Manual; SigCheck; TDLFS; 
10:58:49.0900 4720  ============================================================
10:58:50.0587 4720  ================ Scan system memory ========================
10:58:50.0587 4720  System memory - ok
10:58:50.0602 4720  ================ Scan services =============================
10:58:50.0836 4720  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
10:58:51.0117 4720  1394ohci - ok
10:58:51.0164 4720  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
10:58:51.0242 4720  ACPI - ok
10:58:51.0289 4720  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
10:58:51.0413 4720  AcpiPmi - ok
10:58:51.0585 4720  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:58:51.0632 4720  AdobeARMservice - ok
10:58:51.0757 4720  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:58:51.0819 4720  AdobeFlashPlayerUpdateSvc - ok
10:58:51.0897 4720  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
10:58:51.0975 4720  adp94xx - ok
10:58:52.0053 4720  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
10:58:52.0131 4720  adpahci - ok
10:58:52.0162 4720  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
10:58:52.0209 4720  adpu320 - ok
10:58:52.0256 4720  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
10:58:52.0381 4720  AeLookupSvc - ok
10:58:52.0459 4720  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
10:58:52.0583 4720  AFD - ok
10:58:52.0630 4720  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
10:58:52.0677 4720  agp440 - ok
10:58:52.0739 4720  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
10:58:52.0802 4720  aic78xx - ok
10:58:52.0880 4720  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
10:58:52.0989 4720  ALG - ok
10:58:53.0067 4720  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
10:58:53.0129 4720  aliide - ok
10:58:53.0145 4720  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
10:58:53.0207 4720  amdagp - ok
10:58:53.0223 4720  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
10:58:53.0270 4720  amdide - ok
10:58:53.0332 4720  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
10:58:53.0410 4720  AmdK8 - ok
10:58:53.0426 4720  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
10:58:53.0504 4720  AmdPPM - ok
10:58:53.0551 4720  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
10:58:53.0597 4720  amdsata - ok
10:58:53.0629 4720  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
10:58:53.0691 4720  amdsbs - ok
10:58:53.0738 4720  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
10:58:53.0785 4720  amdxata - ok
10:58:53.0847 4720  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
10:58:54.0081 4720  AppID - ok
10:58:54.0159 4720  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
10:58:54.0284 4720  AppIDSvc - ok
10:58:54.0362 4720  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
10:58:54.0487 4720  Appinfo - ok
10:58:54.0674 4720  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:58:54.0705 4720  Apple Mobile Device - ok
10:58:54.0767 4720  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
10:58:54.0814 4720  arc - ok
10:58:54.0845 4720  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
10:58:54.0892 4720  arcsas - ok
10:58:54.0955 4720  [ 561D6B76C045311691B870F6B3F19EAB ] AsUpIO          C:\windows\system32\drivers\AsUpIO.sys
10:58:55.0064 4720  AsUpIO - ok
10:58:55.0111 4720  [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService     C:\Windows\System32\AsusService.exe
10:58:55.0157 4720  AsusService ( UnsignedFile.Multi.Generic ) - warning
10:58:55.0173 4720  AsusService - detected UnsignedFile.Multi.Generic (1)
10:58:55.0220 4720  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
10:58:55.0407 4720  AsyncMac - ok
10:58:55.0485 4720  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
10:58:55.0532 4720  atapi - ok
10:58:55.0641 4720  [ B01751CC563AECAC09BBE36AAA21FBEF ] athr            C:\windows\system32\DRIVERS\athr.sys
10:58:55.0797 4720  athr - ok
10:58:55.0875 4720  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
10:58:56.0031 4720  AudioEndpointBuilder - ok
10:58:56.0093 4720  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
10:58:56.0203 4720  Audiosrv - ok
10:58:56.0281 4720  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
10:58:56.0405 4720  AxInstSV - ok
10:58:56.0483 4720  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
10:58:56.0593 4720  b06bdrv - ok
10:58:56.0655 4720  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
10:58:56.0733 4720  b57nd60x - ok
10:58:56.0827 4720  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
10:58:56.0889 4720  BBSvc - ok
10:58:56.0967 4720  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
10:58:57.0061 4720  BBUpdate - ok
10:58:57.0139 4720  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
10:58:57.0248 4720  BDESVC - ok
10:58:57.0295 4720  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
10:58:57.0435 4720  Beep - ok
10:58:57.0497 4720  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
10:58:57.0653 4720  BFE - ok
10:58:57.0716 4720  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
10:58:57.0872 4720  BITS - ok
10:58:57.0919 4720  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
10:58:57.0997 4720  blbdrive - ok
10:58:58.0090 4720  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:58:58.0137 4720  Bonjour Service - ok
10:58:58.0199 4720  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
10:58:58.0309 4720  bowser - ok
10:58:58.0355 4720  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
10:58:58.0480 4720  BrFiltLo - ok
10:58:58.0511 4720  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
10:58:58.0589 4720  BrFiltUp - ok
10:58:58.0652 4720  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
10:58:58.0745 4720  Browser - ok
10:58:58.0792 4720  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
10:58:58.0870 4720  Brserid - ok
10:58:58.0886 4720  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
10:58:58.0964 4720  BrSerWdm - ok
10:58:58.0979 4720  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
10:58:59.0073 4720  BrUsbMdm - ok
10:58:59.0104 4720  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
10:58:59.0167 4720  BrUsbSer - ok
10:58:59.0229 4720  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
10:58:59.0338 4720  BthEnum - ok
10:58:59.0385 4720  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
10:58:59.0463 4720  BTHMODEM - ok
10:58:59.0494 4720  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
10:58:59.0572 4720  BthPan - ok
10:58:59.0650 4720  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
10:58:59.0744 4720  BTHPORT - ok
10:58:59.0806 4720  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
10:58:59.0947 4720  bthserv - ok
10:58:59.0993 4720  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
10:59:00.0087 4720  BTHUSB - ok
10:59:00.0134 4720  [ 92C5B845803F3662637EB691AC0B250F ] btusbflt        C:\windows\system32\drivers\btusbflt.sys
10:59:00.0165 4720  btusbflt - ok
10:59:00.0243 4720  [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
10:59:00.0290 4720  btwaudio - ok
10:59:00.0337 4720  [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
10:59:00.0383 4720  btwavdt - ok
10:59:00.0524 4720  [ 13F2E3BF60FC1EB4E02912582C0B1E3E ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:59:00.0617 4720  btwdins - ok
10:59:00.0680 4720  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
10:59:00.0711 4720  btwl2cap - ok
10:59:00.0773 4720  [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
10:59:00.0805 4720  btwrchid - ok
10:59:00.0867 4720  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
10:59:00.0992 4720  cdfs - ok
10:59:01.0085 4720  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\drivers\cdrom.sys
10:59:01.0163 4720  cdrom - ok
10:59:01.0226 4720  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
10:59:01.0351 4720  CertPropSvc - ok
10:59:01.0397 4720  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
10:59:01.0460 4720  circlass - ok
10:59:01.0507 4720  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
10:59:01.0569 4720  CLFS - ok
10:59:01.0678 4720  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:59:01.0725 4720  clr_optimization_v2.0.50727_32 - ok
10:59:01.0834 4720  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:59:01.0912 4720  clr_optimization_v4.0.30319_32 - ok
10:59:01.0959 4720  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
10:59:02.0037 4720  CmBatt - ok
10:59:02.0115 4720  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
10:59:02.0146 4720  cmdide - ok
10:59:02.0224 4720  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
10:59:02.0349 4720  CNG - ok
10:59:02.0411 4720  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
10:59:02.0458 4720  Compbatt - ok
10:59:02.0521 4720  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
10:59:02.0599 4720  CompositeBus - ok
10:59:02.0614 4720  COMSysApp - ok
10:59:02.0661 4720  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
10:59:02.0708 4720  crcdisk - ok
10:59:02.0770 4720  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\windows\system32\cryptsvc.dll
10:59:02.0864 4720  CryptSvc - ok
10:59:03.0020 4720  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:59:03.0160 4720  cvhsvc - ok
10:59:03.0238 4720  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
10:59:03.0379 4720  DcomLaunch - ok
10:59:03.0425 4720  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
10:59:03.0566 4720  defragsvc - ok
10:59:03.0628 4720  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
10:59:03.0737 4720  DfsC - ok
10:59:03.0815 4720  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
10:59:03.0956 4720  Dhcp - ok
10:59:04.0003 4720  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
10:59:04.0159 4720  discache - ok
10:59:04.0205 4720  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
10:59:04.0268 4720  Disk - ok
10:59:04.0299 4720  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
10:59:04.0393 4720  Dnscache - ok
10:59:04.0455 4720  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
10:59:04.0595 4720  dot3svc - ok
10:59:04.0642 4720  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
10:59:04.0783 4720  DPS - ok
10:59:04.0845 4720  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
10:59:04.0923 4720  drmkaud - ok
10:59:05.0001 4720  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
10:59:05.0126 4720  DXGKrnl - ok
10:59:05.0204 4720  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
10:59:05.0329 4720  EapHost - ok
10:59:05.0500 4720  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
10:59:05.0781 4720  ebdrv - ok
10:59:05.0828 4720  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
10:59:05.0953 4720  EFS - ok
10:59:06.0031 4720  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
10:59:06.0124 4720  elxstor - ok
10:59:06.0155 4720  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
10:59:06.0233 4720  ErrDev - ok
10:59:06.0327 4720  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
10:59:06.0467 4720  EventSystem - ok
10:59:06.0499 4720  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
10:59:06.0655 4720  exfat - ok
10:59:06.0701 4720  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
10:59:06.0842 4720  fastfat - ok
10:59:06.0920 4720  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
10:59:07.0045 4720  Fax - ok
10:59:07.0107 4720  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
10:59:07.0169 4720  fdc - ok
10:59:07.0216 4720  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
10:59:07.0357 4720  fdPHost - ok
10:59:07.0388 4720  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
10:59:07.0513 4720  FDResPub - ok
10:59:07.0544 4720  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
10:59:07.0591 4720  FileInfo - ok
10:59:07.0637 4720  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
10:59:07.0747 4720  Filetrace - ok
10:59:07.0762 4720  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
10:59:07.0840 4720  flpydisk - ok
10:59:07.0887 4720  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
10:59:07.0949 4720  FltMgr - ok
10:59:08.0012 4720  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\windows\system32\FntCache.dll
10:59:08.0184 4720  FontCache - ok
10:59:08.0262 4720  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:59:08.0340 4720  FontCache3.0.0.0 - ok
10:59:08.0387 4720  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
10:59:08.0434 4720  FsDepends - ok
10:59:08.0465 4720  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
10:59:08.0512 4720  Fs_Rec - ok
10:59:08.0574 4720  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
10:59:08.0637 4720  fvevol - ok
10:59:08.0715 4720  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
10:59:08.0762 4720  gagp30kx - ok
10:59:08.0808 4720  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
10:59:08.0840 4720  GEARAspiWDM - ok
10:59:08.0918 4720  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
10:59:09.0105 4720  gpsvc - ok
10:59:09.0184 4720  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:59:09.0231 4720  gusvc - ok
10:59:09.0262 4720  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
10:59:09.0340 4720  hcw85cir - ok
10:59:09.0418 4720  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
10:59:09.0511 4720  HdAudAddService - ok
10:59:09.0558 4720  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
10:59:09.0636 4720  HDAudBus - ok
10:59:09.0683 4720  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
10:59:09.0730 4720  HidBatt - ok
10:59:09.0761 4720  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
10:59:09.0839 4720  HidBth - ok
10:59:09.0855 4720  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
10:59:09.0933 4720  HidIr - ok
10:59:09.0979 4720  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
10:59:10.0120 4720  hidserv - ok
10:59:10.0199 4720  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\drivers\hidusb.sys
10:59:10.0261 4720  HidUsb - ok
10:59:10.0324 4720  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
10:59:10.0448 4720  hkmsvc - ok
10:59:10.0495 4720  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
10:59:10.0589 4720  HomeGroupListener - ok
10:59:10.0651 4720  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
10:59:10.0745 4720  HomeGroupProvider - ok
10:59:10.0807 4720  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
10:59:10.0854 4720  HpSAMD - ok
10:59:10.0932 4720  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
10:59:11.0119 4720  HTTP - ok
10:59:11.0166 4720  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
10:59:11.0213 4720  hwpolicy - ok
10:59:11.0306 4720  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
10:59:11.0384 4720  i8042prt - ok
10:59:11.0478 4720  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:59:11.0540 4720  IAANTMON - ok
10:59:11.0587 4720  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
10:59:11.0634 4720  iaStor - ok
10:59:11.0696 4720  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
10:59:11.0759 4720  iaStorV - ok
10:59:11.0806 4720  ICQ Service - ok
10:59:11.0899 4720  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:59:12.0040 4720  idsvc - ok
10:59:12.0305 4720  [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
10:59:12.0679 4720  igfx - ok
10:59:12.0726 4720  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
10:59:12.0757 4720  iirsp - ok
10:59:12.0835 4720  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
10:59:12.0960 4720  IKEEXT - ok
10:59:13.0132 4720  [ BF9866875EDF86AAE24DD8BD9418DEFF ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
10:59:13.0350 4720  IntcAzAudAddService - ok
10:59:13.0381 4720  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
10:59:13.0412 4720  intelide - ok
10:59:13.0475 4720  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
10:59:13.0522 4720  intelppm - ok
10:59:13.0568 4720  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
10:59:13.0693 4720  IPBusEnum - ok
10:59:13.0724 4720  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
10:59:13.0849 4720  IpFilterDriver - ok
10:59:13.0943 4720  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
10:59:14.0114 4720  iphlpsvc - ok
10:59:14.0161 4720  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
10:59:14.0255 4720  IPMIDRV - ok
10:59:14.0286 4720  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
10:59:14.0411 4720  IPNAT - ok
10:59:14.0489 4720  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:59:14.0582 4720  iPod Service - ok
10:59:14.0645 4720  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
10:59:14.0754 4720  IRENUM - ok
10:59:14.0801 4720  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
10:59:14.0863 4720  isapnp - ok
10:59:14.0894 4720  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
10:59:14.0957 4720  iScsiPrt - ok
10:59:15.0019 4720  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
10:59:15.0082 4720  kbdclass - ok
10:59:15.0144 4720  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
10:59:15.0206 4720  kbdhid - ok
10:59:15.0269 4720  [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr         C:\windows\system32\DRIVERS\kbfiltr.sys
10:59:15.0300 4720  kbfiltr - ok
10:59:15.0331 4720  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
10:59:15.0378 4720  KeyIso - ok
10:59:15.0425 4720  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
10:59:15.0472 4720  KSecDD - ok
10:59:15.0534 4720  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
10:59:15.0596 4720  KSecPkg - ok
10:59:15.0628 4720  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
10:59:15.0768 4720  KtmRm - ok
10:59:15.0846 4720  [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C             C:\windows\system32\DRIVERS\L1C62x86.sys
10:59:15.0940 4720  L1C - ok
10:59:15.0986 4720  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
10:59:16.0174 4720  LanmanServer - ok
10:59:16.0236 4720  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
10:59:16.0330 4720  LanmanWorkstation - ok
10:59:16.0408 4720  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
10:59:16.0517 4720  lltdio - ok
10:59:16.0564 4720  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
10:59:16.0688 4720  lltdsvc - ok
10:59:16.0720 4720  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
10:59:16.0844 4720  lmhosts - ok
10:59:16.0891 4720  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
10:59:16.0954 4720  LSI_FC - ok
10:59:16.0969 4720  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
10:59:17.0032 4720  LSI_SAS - ok
10:59:17.0078 4720  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
10:59:17.0125 4720  LSI_SAS2 - ok
10:59:17.0141 4720  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
10:59:17.0203 4720  LSI_SCSI - ok
10:59:17.0250 4720  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
10:59:17.0359 4720  luafv - ok
10:59:17.0468 4720  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\windows\system32\drivers\mbamswissarmy.sys
10:59:17.0500 4720  MBAMSwissArmy - ok
10:59:17.0640 4720  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
10:59:17.0702 4720  McComponentHostService - ok
10:59:17.0749 4720  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
10:59:17.0796 4720  megasas - ok
10:59:17.0858 4720  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
10:59:17.0936 4720  MegaSR - ok
10:59:17.0968 4720  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
10:59:18.0124 4720  MMCSS - ok
10:59:18.0155 4720  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
10:59:18.0281 4720  Modem - ok
10:59:18.0374 4720  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
10:59:18.0452 4720  monitor - ok
10:59:18.0499 4720  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\drivers\mouclass.sys
10:59:18.0546 4720  mouclass - ok
10:59:18.0608 4720  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
10:59:18.0686 4720  mouhid - ok
10:59:18.0733 4720  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
10:59:18.0780 4720  mountmgr - ok
10:59:18.0858 4720  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:59:18.0905 4720  MozillaMaintenance - ok
10:59:18.0936 4720  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
10:59:18.0998 4720  mpio - ok
10:59:19.0029 4720  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
10:59:19.0154 4720  mpsdrv - ok
10:59:19.0232 4720  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
10:59:19.0388 4720  MpsSvc - ok
10:59:19.0435 4720  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
10:59:19.0529 4720  MRxDAV - ok
10:59:19.0591 4720  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
10:59:19.0685 4720  mrxsmb - ok
10:59:19.0731 4720  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
10:59:19.0825 4720  mrxsmb10 - ok
10:59:19.0872 4720  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
10:59:19.0950 4720  mrxsmb20 - ok
10:59:19.0997 4720  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
10:59:20.0075 4720  msahci - ok
10:59:20.0153 4720  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
10:59:20.0199 4720  msdsm - ok
10:59:20.0231 4720  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
10:59:20.0324 4720  MSDTC - ok
10:59:20.0387 4720  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
10:59:20.0496 4720  Msfs - ok
10:59:20.0511 4720  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
10:59:20.0636 4720  mshidkmdf - ok
10:59:20.0652 4720  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
10:59:20.0714 4720  msisadrv - ok
10:59:20.0792 4720  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
10:59:20.0917 4720  MSiSCSI - ok
10:59:20.0933 4720  msiserver - ok
10:59:20.0979 4720  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
10:59:21.0135 4720  MSKSSRV - ok
10:59:21.0167 4720  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
10:59:21.0276 4720  MSPCLOCK - ok
10:59:21.0323 4720  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
10:59:21.0447 4720  MSPQM - ok
10:59:21.0479 4720  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
10:59:21.0541 4720  MsRPC - ok
10:59:21.0603 4720  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
10:59:21.0650 4720  mssmbios - ok
10:59:21.0681 4720  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
10:59:21.0775 4720  MSTEE - ok
10:59:21.0806 4720  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
10:59:21.0869 4720  MTConfig - ok
10:59:21.0915 4720  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
10:59:21.0962 4720  Mup - ok
10:59:22.0025 4720  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
10:59:22.0196 4720  napagent - ok
10:59:22.0259 4720  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
10:59:22.0337 4720  NativeWifiP - ok
10:59:22.0399 4720  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
10:59:22.0508 4720  NDIS - ok
10:59:22.0539 4720  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
10:59:22.0664 4720  NdisCap - ok
10:59:22.0711 4720  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
10:59:22.0820 4720  NdisTapi - ok
10:59:22.0883 4720  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
10:59:22.0992 4720  Ndisuio - ok
10:59:23.0070 4720  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
10:59:23.0210 4720  NdisWan - ok
10:59:23.0257 4720  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
10:59:23.0382 4720  NDProxy - ok
10:59:23.0460 4720  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
10:59:23.0491 4720  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:59:23.0491 4720  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:59:23.0553 4720  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
10:59:23.0663 4720  NetBIOS - ok
10:59:23.0787 4720  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
10:59:23.0912 4720  NetBT - ok
10:59:23.0943 4720  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
10:59:23.0990 4720  Netlogon - ok
10:59:24.0084 4720  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
10:59:24.0240 4720  Netman - ok
10:59:24.0302 4720  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
10:59:24.0458 4720  netprofm - ok
10:59:24.0505 4720  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:59:24.0552 4720  NetTcpPortSharing - ok
10:59:24.0614 4720  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
10:59:24.0661 4720  nfrd960 - ok
10:59:24.0723 4720  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\windows\System32\nlasvc.dll
10:59:24.0864 4720  NlaSvc - ok
10:59:24.0911 4720  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
10:59:25.0067 4720  Npfs - ok
10:59:25.0145 4720  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
10:59:25.0269 4720  nsi - ok
10:59:25.0301 4720  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
10:59:25.0410 4720  nsiproxy - ok
10:59:25.0503 4720  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
10:59:25.0644 4720  Ntfs - ok
10:59:25.0737 4720  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
10:59:25.0862 4720  Null - ok
10:59:26.0003 4720  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
10:59:26.0315 4720  nvraid - ok
10:59:26.0361 4720  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
10:59:26.0408 4720  nvstor - ok
10:59:26.0471 4720  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
10:59:26.0517 4720  nv_agp - ok
10:59:26.0564 4720  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
10:59:26.0611 4720  ohci1394 - ok
10:59:26.0689 4720  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:59:26.0736 4720  ose - ok
10:59:26.0954 4720  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:59:27.0391 4720  osppsvc - ok
10:59:27.0453 4720  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
10:59:27.0516 4720  p2pimsvc - ok
10:59:27.0547 4720  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
10:59:27.0641 4720  p2psvc - ok
10:59:27.0672 4720  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
10:59:27.0719 4720  Parport - ok
10:59:27.0765 4720  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
10:59:27.0797 4720  partmgr - ok
10:59:27.0828 4720  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
10:59:27.0890 4720  Parvdm - ok
10:59:27.0937 4720  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
10:59:28.0031 4720  PcaSvc - ok
10:59:28.0109 4720  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
10:59:28.0155 4720  pci - ok
10:59:28.0218 4720  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
10:59:28.0265 4720  pciide - ok
10:59:28.0296 4720  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
10:59:28.0343 4720  pcmcia - ok
10:59:28.0389 4720  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
10:59:28.0436 4720  pcw - ok
10:59:28.0499 4720  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
10:59:28.0670 4720  PEAUTH - ok
10:59:28.0826 4720  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
10:59:29.0045 4720  pla - ok
10:59:29.0138 4720  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
10:59:29.0263 4720  PlugPlay - ok
10:59:29.0325 4720  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
10:59:29.0357 4720  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:59:29.0357 4720  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:59:29.0403 4720  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
10:59:29.0466 4720  PNRPAutoReg - ok
10:59:29.0513 4720  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
10:59:29.0575 4720  PNRPsvc - ok
10:59:29.0637 4720  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
10:59:29.0778 4720  PolicyAgent - ok
10:59:29.0840 4720  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
10:59:29.0965 4720  Power - ok
10:59:30.0027 4720  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
10:59:30.0168 4720  PptpMiniport - ok
10:59:30.0199 4720  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
10:59:30.0277 4720  Processor - ok
10:59:30.0339 4720  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
10:59:30.0449 4720  ProfSvc - ok
10:59:30.0480 4720  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
10:59:30.0527 4720  ProtectedStorage - ok
10:59:30.0605 4720  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
10:59:30.0729 4720  Psched - ok
10:59:30.0807 4720  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
10:59:30.0979 4720  ql2300 - ok
10:59:31.0010 4720  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
10:59:31.0073 4720  ql40xx - ok
10:59:31.0135 4720  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
10:59:31.0244 4720  QWAVE - ok
10:59:31.0275 4720  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
10:59:31.0338 4720  QWAVEdrv - ok
10:59:31.0369 4720  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
10:59:31.0478 4720  RasAcd - ok
10:59:31.0541 4720  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
10:59:31.0634 4720  RasAgileVpn - ok
10:59:31.0681 4720  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
10:59:31.0790 4720  RasAuto - ok
10:59:31.0821 4720  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
10:59:31.0946 4720  Rasl2tp - ok
10:59:32.0024 4720  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
10:59:32.0180 4720  RasMan - ok
10:59:32.0211 4720  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
10:59:32.0367 4720  RasPppoe - ok
10:59:32.0430 4720  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
10:59:32.0555 4720  RasSstp - ok
10:59:32.0601 4720  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
10:59:32.0711 4720  rdbss - ok
10:59:32.0742 4720  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
10:59:32.0789 4720  rdpbus - ok
10:59:32.0851 4720  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
10:59:32.0960 4720  RDPCDD - ok
10:59:33.0007 4720  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
10:59:33.0147 4720  RDPENCDD - ok
10:59:33.0194 4720  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
10:59:33.0272 4720  RDPREFMP - ok
10:59:33.0335 4720  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
10:59:33.0397 4720  RDPWD - ok
10:59:33.0459 4720  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
10:59:33.0522 4720  rdyboost - ok
10:59:33.0553 4720  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
10:59:33.0693 4720  RemoteAccess - ok
10:59:33.0740 4720  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
10:59:33.0881 4720  RemoteRegistry - ok
10:59:33.0943 4720  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
10:59:34.0021 4720  RFCOMM - ok
10:59:34.0115 4720  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
10:59:34.0239 4720  RpcEptMapper - ok
10:59:34.0302 4720  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
10:59:34.0380 4720  RpcLocator - ok
10:59:34.0427 4720  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
10:59:34.0551 4720  RpcSs - ok
10:59:34.0614 4720  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
10:59:34.0754 4720  rspndr - ok
10:59:34.0785 4720  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
10:59:34.0832 4720  SamSs - ok
10:59:34.0910 4720  [ 2A54EFF79B03A8C2389F2BB0F2264F1E ] Samsung UPD Service2 C:\Windows\system32\SUPDSvc2.exe
10:59:34.0973 4720  Samsung UPD Service2 - ok
10:59:35.0019 4720  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
10:59:35.0097 4720  sbp2port - ok
10:59:35.0144 4720  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
10:59:35.0285 4720  SCardSvr - ok
10:59:35.0331 4720  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
10:59:35.0425 4720  scfilter - ok
10:59:35.0503 4720  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
10:59:35.0690 4720  Schedule - ok
10:59:35.0737 4720  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
10:59:35.0846 4720  SCPolicySvc - ok
10:59:35.0893 4720  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
10:59:35.0987 4720  SDRSVC - ok
10:59:36.0080 4720  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
10:59:36.0205 4720  secdrv - ok
10:59:36.0252 4720  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
10:59:36.0392 4720  seclogon - ok
10:59:36.0423 4720  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
10:59:36.0548 4720  SENS - ok
10:59:36.0579 4720  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
10:59:36.0642 4720  Serenum - ok
10:59:36.0673 4720  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
10:59:36.0735 4720  Serial - ok
10:59:36.0782 4720  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
10:59:36.0845 4720  sermouse - ok
10:59:36.0923 4720  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
10:59:37.0047 4720  SessionEnv - ok
10:59:37.0172 4720  [ E372ADC14BB40A2C2A55AC754CE87A8C ] SfCtlCom        C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
10:59:37.0281 4720  SfCtlCom - ok
10:59:37.0328 4720  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
10:59:37.0391 4720  sffdisk - ok
10:59:37.0437 4720  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
10:59:37.0484 4720  sffp_mmc - ok
10:59:37.0531 4720  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
10:59:37.0609 4720  sffp_sd - ok
10:59:37.0656 4720  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
10:59:37.0718 4720  sfloppy - ok
10:59:37.0812 4720  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
10:59:37.0921 4720  Sftfs - ok
10:59:37.0983 4720  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
10:59:38.0093 4720  sftlist - ok
10:59:38.0139 4720  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
10:59:38.0202 4720  Sftplay - ok
10:59:38.0233 4720  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
10:59:38.0264 4720  Sftredir - ok
10:59:38.0295 4720  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
10:59:38.0327 4720  Sftvol - ok
10:59:38.0373 4720  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
10:59:38.0405 4720  sftvsa - ok
10:59:38.0467 4720  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
10:59:38.0592 4720  SharedAccess - ok
10:59:38.0654 4720  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:59:38.0795 4720  ShellHWDetection - ok
10:59:38.0841 4720  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
10:59:38.0888 4720  sisagp - ok
10:59:38.0935 4720  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
10:59:38.0966 4720  SiSRaid2 - ok
10:59:39.0013 4720  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
10:59:39.0075 4720  SiSRaid4 - ok
10:59:39.0138 4720  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
10:59:39.0185 4720  SkypeUpdate - ok
10:59:39.0231 4720  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
10:59:39.0341 4720  Smb - ok
10:59:39.0434 4720  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
10:59:39.0512 4720  SNMPTRAP - ok
10:59:39.0559 4720  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
10:59:39.0606 4720  spldr - ok
10:59:39.0684 4720  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
10:59:39.0777 4720  Spooler - ok
10:59:39.0949 4720  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
10:59:40.0292 4720  sppsvc - ok
10:59:40.0339 4720  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
10:59:40.0479 4720  sppuinotify - ok
10:59:40.0542 4720  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
10:59:40.0635 4720  srv - ok
10:59:40.0682 4720  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
10:59:40.0745 4720  srv2 - ok
10:59:40.0791 4720  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
10:59:40.0869 4720  srvnet - ok
10:59:40.0932 4720  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
10:59:41.0072 4720  SSDPSRV - ok
10:59:41.0135 4720  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
10:59:41.0275 4720  SstpSvc - ok
10:59:41.0322 4720  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
10:59:41.0369 4720  stexstor - ok
10:59:41.0431 4720  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
10:59:41.0540 4720  StiSvc - ok
10:59:41.0603 4720  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
10:59:41.0649 4720  swenum - ok
10:59:41.0696 4720  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
10:59:41.0868 4720  swprv - ok
10:59:41.0946 4720  [ BD8E7F87DE409A745A132A8812DE5A96 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
10:59:41.0993 4720  SynTP - ok
10:59:42.0117 4720  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
10:59:42.0273 4720  SysMain - ok
10:59:42.0336 4720  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
10:59:42.0414 4720  TabletInputService - ok
10:59:42.0461 4720  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
10:59:42.0554 4720  TapiSrv - ok
10:59:42.0585 4720  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
10:59:42.0711 4720  TBS - ok
10:59:42.0820 4720  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\windows\system32\drivers\tcpip.sys
10:59:42.0945 4720  Tcpip - ok
10:59:43.0039 4720  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
10:59:43.0132 4720  TCPIP6 - ok
10:59:43.0179 4720  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
10:59:43.0288 4720  tcpipreg - ok
10:59:43.0335 4720  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
10:59:43.0413 4720  TDPIPE - ok
10:59:43.0460 4720  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
10:59:43.0507 4720  TDTCP - ok
10:59:43.0554 4720  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
10:59:43.0632 4720  tdx - ok
10:59:43.0678 4720  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
10:59:43.0710 4720  TermDD - ok
10:59:43.0788 4720  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
10:59:43.0897 4720  TermService - ok
10:59:43.0944 4720  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
10:59:44.0053 4720  Themes - ok
10:59:44.0084 4720  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
10:59:44.0178 4720  THREADORDER - ok
10:59:44.0240 4720  [ CA9E9C2C04A198ED345C1752222A5F3E ] tmactmon        C:\windows\system32\DRIVERS\tmactmon.sys
10:59:44.0271 4720  tmactmon - ok
10:59:44.0302 4720  [ B365E817E398FF2AC5706EAB232EF6C1 ] TMBMServer      C:\Program Files\Trend Micro\BM\TMBMSRV.exe
10:59:44.0380 4720  TMBMServer - ok
10:59:44.0412 4720  [ A3D20789B3FF0576A29462BEF25BCFCC ] tmcomm          C:\windows\system32\DRIVERS\tmcomm.sys
10:59:44.0458 4720  tmcomm - ok
10:59:44.0536 4720  [ 21F215E54770C4BF93EFAF63F58FE57E ] tmevtmgr        C:\windows\system32\DRIVERS\tmevtmgr.sys
10:59:44.0583 4720  tmevtmgr - ok
10:59:44.0646 4720  [ AC88B1E97A3EADE322EDA84E69967341 ] tmlwf           C:\windows\system32\DRIVERS\tmlwf.sys
10:59:44.0692 4720  tmlwf - ok
10:59:44.0739 4720  [ 255328CF08D602368B69FF1F55EBD93E ] TmPfw           C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
10:59:44.0848 4720  TmPfw - ok
10:59:44.0895 4720  [ 9CBBE54780770FDB7AAA73BE530E4D80 ] tmpreflt        C:\windows\system32\DRIVERS\tmpreflt.sys
10:59:44.0926 4720  tmpreflt - ok
10:59:44.0973 4720  [ 0FEC6C50B2BE07C57651573CDD1C721F ] TmProxy         C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
10:59:45.0082 4720  TmProxy - ok
10:59:45.0145 4720  [ 44C262C1B2412DED35078B6166D2ACC2 ] tmtdi           C:\windows\system32\DRIVERS\tmtdi.sys
10:59:45.0176 4720  tmtdi - ok
10:59:45.0223 4720  [ 95DC30A928F5FCEE5D30A191BF058146 ] tmwfp           C:\windows\system32\DRIVERS\tmwfp.sys
10:59:45.0270 4720  tmwfp - ok
10:59:45.0316 4720  [ 6CC393305BD60056CA09A4C8032A169A ] tmxpflt         C:\windows\system32\DRIVERS\tmxpflt.sys
10:59:45.0379 4720  tmxpflt - ok
10:59:45.0426 4720  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
10:59:45.0566 4720  TrkWks - ok
10:59:45.0644 4720  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
10:59:45.0753 4720  TrustedInstaller - ok
10:59:45.0816 4720  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
10:59:45.0940 4720  tssecsrv - ok
10:59:46.0003 4720  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
10:59:46.0096 4720  TsUsbFlt - ok
10:59:46.0159 4720  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
10:59:46.0284 4720  tunnel - ok
10:59:46.0330 4720  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
10:59:46.0377 4720  uagp35 - ok
10:59:46.0440 4720  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
10:59:46.0580 4720  udfs - ok
10:59:46.0658 4720  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
10:59:46.0736 4720  UI0Detect - ok
10:59:46.0783 4720  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
10:59:46.0830 4720  uliagpkx - ok
10:59:46.0892 4720  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\drivers\umbus.sys
10:59:46.0954 4720  umbus - ok
10:59:47.0001 4720  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
10:59:47.0079 4720  UmPass - ok
10:59:47.0142 4720  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
10:59:47.0298 4720  upnphost - ok
10:59:47.0360 4720  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\windows\system32\Drivers\usbaapl.sys
10:59:47.0438 4720  USBAAPL - ok
10:59:47.0500 4720  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
10:59:47.0594 4720  usbccgp - ok
10:59:47.0641 4720  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
10:59:47.0703 4720  usbcir - ok
10:59:47.0734 4720  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\drivers\usbehci.sys
10:59:47.0797 4720  usbehci - ok
10:59:47.0828 4720  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
10:59:47.0890 4720  usbhub - ok
10:59:47.0922 4720  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\windows\system32\drivers\usbohci.sys
10:59:47.0968 4720  usbohci - ok
10:59:48.0046 4720  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
10:59:48.0109 4720  usbprint - ok
10:59:48.0140 4720  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
10:59:48.0234 4720  USBSTOR - ok
10:59:48.0265 4720  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
10:59:48.0327 4720  usbuhci - ok
10:59:48.0390 4720  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
10:59:48.0468 4720  usbvideo - ok
10:59:48.0514 4720  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
10:59:48.0624 4720  UxSms - ok
10:59:48.0655 4720  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
10:59:48.0702 4720  VaultSvc - ok
10:59:48.0733 4720  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
10:59:48.0780 4720  vdrvroot - ok
10:59:48.0842 4720  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
10:59:48.0982 4720  vds - ok
10:59:49.0045 4720  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
10:59:49.0170 4720  vga - ok
10:59:49.0201 4720  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
10:59:49.0310 4720  VgaSave - ok
10:59:49.0357 4720  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
10:59:49.0435 4720  vhdmp - ok
10:59:49.0497 4720  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
10:59:49.0544 4720  viaagp - ok
10:59:49.0606 4720  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
10:59:49.0684 4720  ViaC7 - ok
10:59:49.0716 4720  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
10:59:49.0778 4720  viaide - ok
10:59:49.0809 4720  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
10:59:49.0856 4720  volmgr - ok
10:59:49.0887 4720  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
10:59:49.0950 4720  volmgrx - ok
10:59:49.0981 4720  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
10:59:50.0059 4720  volsnap - ok
10:59:50.0168 4720  [ BBDD84CA629C1F7C8172B4405867F196 ] vsapint         C:\windows\system32\DRIVERS\vsapint.sys
10:59:50.0308 4720  vsapint - ok
10:59:50.0371 4720  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
10:59:50.0433 4720  vsmraid - ok
10:59:50.0527 4720  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
10:59:50.0745 4720  VSS - ok
10:59:50.0776 4720  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
10:59:50.0854 4720  vwifibus - ok
10:59:50.0886 4720  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
10:59:50.0979 4720  vwififlt - ok
10:59:51.0026 4720  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
10:59:51.0120 4720  vwifimp - ok
10:59:51.0166 4720  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
10:59:51.0369 4720  W32Time - ok
10:59:51.0432 4720  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
10:59:51.0494 4720  WacomPen - ok
10:59:51.0541 4720  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
10:59:51.0650 4720  WANARP - ok
10:59:51.0666 4720  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
10:59:51.0775 4720  Wanarpv6 - ok
10:59:51.0853 4720  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
10:59:52.0056 4720  wbengine - ok
10:59:52.0149 4720  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
10:59:52.0258 4720  WbioSrvc - ok
10:59:52.0305 4720  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
10:59:52.0430 4720  wcncsvc - ok
10:59:52.0461 4720  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
10:59:52.0539 4720  WcsPlugInService - ok
10:59:52.0586 4720  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
10:59:52.0617 4720  Wd - ok
10:59:52.0664 4720  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
10:59:52.0758 4720  Wdf01000 - ok
10:59:52.0789 4720  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
10:59:52.0960 4720  WdiServiceHost - ok
10:59:52.0976 4720  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
10:59:53.0070 4720  WdiSystemHost - ok
10:59:53.0163 4720  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
10:59:53.0241 4720  WebClient - ok
10:59:53.0288 4720  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
10:59:53.0444 4720  Wecsvc - ok
10:59:53.0491 4720  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
10:59:53.0600 4720  wercplsupport - ok
10:59:53.0662 4720  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
10:59:53.0740 4720  WerSvc - ok
10:59:53.0803 4720  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
10:59:53.0896 4720  WfpLwf - ok
10:59:53.0912 4720  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
10:59:53.0959 4720  WIMMount - ok
10:59:54.0052 4720  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:59:54.0162 4720  WinDefend - ok
10:59:54.0193 4720  WinHttpAutoProxySvc - ok
10:59:54.0271 4720  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
10:59:54.0396 4720  Winmgmt - ok
10:59:54.0489 4720  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
10:59:54.0739 4720  WinRM - ok
10:59:54.0817 4720  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
10:59:54.0895 4720  WinUsb - ok
10:59:54.0973 4720  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
10:59:55.0129 4720  Wlansvc - ok
10:59:55.0176 4720  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
10:59:55.0254 4720  WmiAcpi - ok
10:59:55.0316 4720  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
10:59:55.0394 4720  wmiApSrv - ok
10:59:55.0519 4720  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:59:55.0690 4720  WMPNetworkSvc - ok
10:59:55.0737 4720  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
10:59:55.0831 4720  WPCSvc - ok
10:59:55.0893 4720  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
10:59:55.0987 4720  WPDBusEnum - ok
10:59:56.0034 4720  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
10:59:56.0158 4720  ws2ifsl - ok
10:59:56.0190 4720  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
10:59:56.0283 4720  wscsvc - ok
10:59:56.0299 4720  WSearch - ok
10:59:56.0424 4720  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
10:59:56.0642 4720  wuauserv - ok
10:59:56.0658 4720  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
10:59:56.0782 4720  WudfPf - ok
10:59:56.0829 4720  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
10:59:56.0938 4720  WUDFRd - ok
10:59:57.0016 4720  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
10:59:57.0157 4720  wudfsvc - ok
10:59:57.0188 4720  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
10:59:57.0297 4720  WwanSvc - ok
10:59:57.0375 4720  ================ Scan global ===============================
10:59:57.0422 4720  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
10:59:57.0469 4720  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
10:59:57.0531 4720  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
10:59:57.0578 4720  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
10:59:57.0609 4720  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
10:59:57.0640 4720  [Global] - ok
10:59:57.0640 4720  ================ Scan MBR ==================================
10:59:57.0672 4720  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:59:58.0062 4720  \Device\Harddisk0\DR0 - ok
10:59:58.0093 4720  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:59:58.0452 4720  \Device\Harddisk1\DR1 - ok
10:59:58.0467 4720  ================ Scan VBR ==================================
10:59:58.0467 4720  [ 86BB7DBAB286368AC9E85F7F33A0E3D3 ] \Device\Harddisk0\DR0\Partition1
10:59:58.0483 4720  \Device\Harddisk0\DR0\Partition1 - ok
10:59:58.0561 4720  [ 512744C0235B96621820344228FA735E ] \Device\Harddisk0\DR0\Partition2
10:59:58.0561 4720  \Device\Harddisk0\DR0\Partition2 - ok
10:59:58.0576 4720  [ 9A17773264CD8111E7E4369AE7BDC6FE ] \Device\Harddisk1\DR1\Partition1
10:59:58.0592 4720  \Device\Harddisk1\DR1\Partition1 - ok
10:59:58.0592 4720  ============================================================
10:59:58.0592 4720  Scan finished
10:59:58.0592 4720  ============================================================
10:59:58.0639 5116  Detected object count: 3
10:59:58.0639 5116  Actual detected object count: 3
11:00:47.0577 5116  AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:47.0577 5116  AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:00:47.0577 5116  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:47.0577 5116  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:00:47.0593 5116  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:47.0593 5116  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:01:41.0476 1260  Deinitialize success
         
GRuß
kkjoky

Alt 17.09.2012, 12:17   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.09.2012, 16:08   #25
kkjoky
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Hier der nächste Post, habe ComboFix durchlaufen lassen und der LOg-File sieht wie folgt aus:
[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-09-16.01 - *** 17.09.2012  16:31:06.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.245 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\service
c:\windows\system32\service\01052012_TIS17_SfFniAU.log
c:\windows\system32\service\02062012_TIS17_SfFniAU.log
c:\windows\system32\service\10012011_TIS17_SfFniAU.log
c:\windows\system32\service\13062012_TIS17_SfFniAU.log
c:\windows\system32\service\14092012_TIS17_SfFniAU.log
c:\windows\system32\service\14122011_TIS17_SfFniAU.log
c:\windows\system32\service\15082012_TIS17_SfFniAU.log
c:\windows\system32\service\17012011_TIS17_SfFniAU.log
c:\windows\system32\service\18082011_TIS17_SfFniAU.log
c:\windows\system32\service\23102011_TIS17_SfFniAU.log
c:\windows\system32\service\24112010_TIS17_SfFniAU.log
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-17 bis 2012-09-17  ))))))))))))))))))))))))))))))
.
.
2030-01-01 12:31 . 2011-06-28 20:25	--------	d-----w-	C:\Boot
2012-09-17 14:49 . 2012-09-17 14:49	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-09-17 14:49 . 2012-09-17 14:49	--------	d-----w-	c:\users\TEMP\AppData\Local\temp
2012-09-17 14:49 . 2012-09-17 14:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-14 19:41 . 2012-08-23 07:15	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8912A15F-766B-4673-91CC-87F8CC4167B7}\mpengine.dll
2012-09-13 22:39 . 2012-09-13 22:40	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-13 22:35 . 2012-09-13 22:35	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 22:31 . 2012-08-22 17:16	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-13 22:31 . 2012-07-04 19:45	33280	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 22:31 . 2012-08-22 17:16	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-13 22:31 . 2012-08-22 17:16	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-13 22:31 . 2012-08-22 17:16	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 22:31 . 2012-08-02 16:57	490496	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-11 05:12 . 2012-09-11 05:12	--------	d-----w-	C:\_OTL
2012-09-07 08:22 . 2012-09-15 18:27	--------	d-----w-	C:\trojaner
2012-09-07 06:25 . 2012-09-07 06:25	--------	d-----w-	c:\program files\ESET
2012-09-07 06:02 . 2012-09-07 06:02	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-09-07 06:01 . 2012-09-07 06:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-07 06:01 . 2012-09-13 22:39	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-07 06:01 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-05 19:38 . 2012-09-05 19:38	--------	d-----w-	c:\program files\Common Files\Skype
2012-09-05 19:38 . 2012-09-05 19:38	--------	d-----r-	c:\program files\Skype
2012-08-25 18:31 . 2012-08-25 18:31	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-08-25 18:31 . 2012-08-25 18:31	--------	d-----w-	c:\programdata\McAfee
2012-08-25 18:31 . 2012-08-29 18:31	--------	d-----w-	c:\program files\McAfee Security Scan
2012-08-19 11:27 . 2012-08-19 11:27	--------	d-----w-	c:\program files\Common Files\Java
2012-08-19 11:27 . 2012-09-13 22:35	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 22:35 . 2011-08-06 15:22	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-26 13:58 . 2012-06-07 08:23	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-26 13:58 . 2011-05-20 10:58	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 17:47 . 2012-08-15 17:01	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-06 19:23 . 2012-08-16 15:11	393728	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14 . 2012-08-15 17:01	41984	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 17:01	102912	----a-w-	c:\windows\system32\browser.dll
2012-06-27 05:53 . 2012-08-15 17:01	981504	----a-w-	c:\windows\system32\wininet.dll
2012-06-27 04:10 . 2012-08-15 17:01	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\system32\msxml4.dll
2012-07-29 10:52 . 2012-01-08 18:16	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"LiveUpdate"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-03-29 415920]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1024368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9177632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-13 1594664]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-24 2429]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-13 83240]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-06-24 2018032]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 795936]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\system32\SUPDSvc2.exe [x]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
R3 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [x]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x]
R3 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 25857604
*NewlyCreated* - 86407300
*Deregistered* - 25857604
*Deregistered* - 86407300
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 13:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\w4o5j7xp.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE - c:\progra~1\DIFX\7F01D4C0B2897E27\DPInst.exe
AddRemove-B5C82F3814F82FB37F1513B3185399BD88892B08 - c:\progra~1\DIFX\7F01D4C0B2897E27\DPInst.exe
AddRemove-BF20603967CFDCB2BBF91950E8A56DFBC5C833FE - c:\progra~1\DIFX\7F01D4C0B2897E27\DPInst.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3367599154-1114224893-2574791284-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3367599154-1114224893-2574791284-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-17  16:56:42
ComboFix-quarantined-files.txt  2012-09-17 14:56
.
Vor Suchlauf: 1.672.663.040 Bytes frei
Nach Suchlauf: 1.575.870.464 Bytes frei
.
- - End Of File - - CC09E089EED99A03CC3395B51E01F45E
         
--- --- ---

hoffe doch, dass alles richtig geworden ist und alles 'gut' aussieht.
gab nach dem Hinweis "...Die Scanzeit...verdoppeln." zwischendurch die Meldung:
"R6025
-pure virtual function call"

Lief aber problemlos bis zum Schluß.
Programme laufen auch ohne Probleme.

gruß
kkjoky

Alt 17.09.2012, 20:25   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.09.2012, 06:35   #27
kkjoky
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Puuhh, vor allem GMER hat ganz schön lange gedauert.
Hoffe, dass ich alles korrekt durchgeführt habe.
Es gab jedenfalls keine Fehlermeldungen oder 'Holper' in der Durchführung.

Hier nun die Log-Files.

GMER:
[code]
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-18 01:07:52
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0002
Running: wqf9mfn3.exe; Driver: C:\Users\***~1\AppData\Local\Temp\uxdiyuoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                                                                                           81E8F3C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                                             81EC8D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               C:\windows\system32\Drivers\PROCEXP113.SYS                                                                                                                                                                                         Das System kann die angegebene Datei nicht finden. !
?               C:\Users\***~1\AppData\Local\Temp\catchme.sys                                                                                                                                                                                   Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtClose                                                                                                                       775754C8 5 Bytes  JMP 5C02FFC0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtCreateFile                                                                                                                  775755C8 5 Bytes  JMP 5C02EC96 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtCreateKey                                                                                                                   77575608 5 Bytes  JMP 5C02B6DC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtDeleteFile                                                                                                                  77575808 5 Bytes  JMP 5C02EAB3 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtDeleteKey                                                                                                                   77575818 5 Bytes  JMP 5C02AF5D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtDeleteValueKey                                                                                                              77575848 5 Bytes  JMP 5C02B220 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtDuplicateObject                                                                                                             77575898 5 Bytes  JMP 5C030096 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtEnumerateKey                                                                                                                775758E8 5 Bytes  JMP 5C02B001 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtEnumerateValueKey                                                                                                           77575918 5 Bytes  JMP 5C02B17A C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtFlushKey                                                                                                                    77575988 5 Bytes  JMP 5C02AFAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtNotifyChangeKey                                                                                                             77575C68 5 Bytes  JMP 5C02B2CE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                    77575C78 5 Bytes  JMP 5C02B35C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtOpenFile                                                                                                                    77575CD8 5 Bytes  JMP 5C02EE21 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtOpenKey                                                                                                                     77575D08 5 Bytes  JMP 5C02B5ED C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtOpenKeyEx                                                                                                                   77575D18 5 Bytes  JMP 5C02B660 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryAttributesFile                                                                                                         77575F38 5 Bytes  JMP 5C02EB1E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryDirectoryFile                                                                                                          77575F98 5 Bytes  JMP 5C02D81E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryFullAttributesFile                                                                                                     77575FE8 5 Bytes  JMP 5C02EB8E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryKey                                                                                                                    775760E8 5 Bytes  JMP 5C02B054 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryMultipleValueKey                                                                                                       77576108 5 Bytes  JMP 5C02B27B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryObject                                                                                                                 77576128 5 Bytes  JMP 5C0300EC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQuerySecurityObject                                                                                                         775761A8 5 Bytes  JMP 5C030030 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryValueKey                                                                                                               77576248 5 Bytes  JMP 5C02B127 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtRenameKey                                                                                                                   775763C8 5 Bytes  JMP 5C02B751 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtSetInformationFile                                                                                                          77576638 5 Bytes  JMP 5C02EBFE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtSetInformationKey                                                                                                           77576658 5 Bytes  JMP 5C02B0BA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtSetSecurityObject                                                                                                           77576758 5 Bytes  JMP 5C030149 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtSetValueKey                                                                                                                 77576808 5 Bytes  JMP 5C02B1CD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!CreateProcessW                                                                                                             7767204D 5 Bytes  JMP 5C008C27 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!CreateProcessA                                                                                                             77672082 5 Bytes  JMP 5C008D65 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!CreateProcessAsUserW                                                                                                       776A59AF 5 Bytes  JMP 5C008F9B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!SetDllDirectoryW                                                                                                           776FD773 5 Bytes  JMP 5C00977C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!SetDllDirectoryA                                                                                                           776FD81C 5 Bytes  JMP 5C009AAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!WinExec                                                                                                                    776FEDB2 5 Bytes  JMP 5C00931E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!AllocConsole                                                                                                               7771C67D 5 Bytes  JMP 5C031210 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!AttachConsole                                                                                                              7771C74B 5 Bytes  JMP 5C031222 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] USER32.dll!CreateWindowExA                                                                                                              762FBF40 5 Bytes  JMP 5C0311E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] USER32.dll!CreateWindowExW                                                                                                              762FEC7C 5 Bytes  JMP 5C0311F8 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] GDI32.dll!AddFontResourceW                                                                                                              75A8EC13 5 Bytes  JMP 5C016800 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] GDI32.dll!AddFontResourceA                                                                                                              75A8EFA7 5 Bytes  JMP 5C0167E4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumDependentServicesW                                                                                                     75FF1E3A 7 Bytes  JMP 5C01956C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumServicesStatusExW                                                                                                      75FFB466 7 Bytes  JMP 5C01A48D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!GetServiceKeyNameW                                                                                                         760178FF 7 Bytes  JMP 5C019C13 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!GetServiceDisplayNameW                                                                                                     760179BB 7 Bytes  JMP 5C019DC4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumServicesStatusExA                                                                                                      7601A3E2 7 Bytes  JMP 5C01A553 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!CreateProcessAsUserA                                                                                                       76032538 5 Bytes  JMP 5C0090DD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!GetServiceKeyNameA                                                                                                         76051B94 7 Bytes  JMP 5C019CCB C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!GetServiceDisplayNameA                                                                                                     76051C31 7 Bytes  JMP 5C019E7C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumServicesStatusA                                                                                                        76052021 7 Bytes  JMP 5C01A3CF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumDependentServicesA                                                                                                     76052104 7 Bytes  JMP 5C019623 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumServicesStatusW                                                                                                        76052221 5 Bytes  JMP 5C01A311 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoRegisterPSClsid                                                                                                             75E9C56E 5 Bytes  JMP 5C01FFF5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoResumeClassObjects + 7                                                                                                      75E9EA09 7 Bytes  JMP 5C0205C6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!OleRun                                                                                                                        75EA07DE 5 Bytes  JMP 5C020481 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoRegisterClassObject                                                                                                         75EA21E1 5 Bytes  JMP 5C0210F6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!OleUninitialize                                                                                                               75EAEBA1 6 Bytes  JMP 5C0203A0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!OleInitialize                                                                                                                 75EAEFD7 5 Bytes  JMP 5C020330 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoGetPSClsid                                                                                                                  75EB26B9 5 Bytes  JMP 5C02016D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoGetClassObject                                                                                                              75EC54AD 5 Bytes  JMP 5C021684 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoInitializeEx                                                                                                                75ED09AD 5 Bytes  JMP 5C0201E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoUninitialize                                                                                                                75ED86D3 5 Bytes  JMP 5C020262 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoCreateInstance                                                                                                              75ED9D0B 5 Bytes  JMP 5C022952 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoCreateInstanceEx                                                                                                            75ED9D4E 5 Bytes  JMP 5C020A8D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoSuspendClassObjects + 7                                                                                                     75EFBB09 7 Bytes  JMP 5C0204F1 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoRevokeClassObject                                                                                                           75F1EACF 5 Bytes  JMP 5C01FA52 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoGetInstanceFromFile                                                                                                         75F5340B 5 Bytes  JMP 5C021B44 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!OleRegEnumFormatEtc                                                                                                           75F9CFD9 5 Bytes  JMP 5C02040B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\windows\System32\rundll32.exe[684] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                                                                                                               [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\windows\System32\rundll32.exe[684] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                                                                                                                [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\windows\System32\rundll32.exe[684] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                                                                                                             [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\windows\System32\rundll32.exe[684] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                                                                                                              [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                                                                                               [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                                                                                                [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                                                                                              [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                                                                                              [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                                                                                             [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                                                                                                              [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000050                                                                                                                                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                                                                                            tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                                                                                                            tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                           fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6048c8d                                                                                                                                                        
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6048c8d (not active ControlSet)                                                                                                                                    
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk  1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk                          1
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=8D01C00 CLICK & LEARN DiDi 360\xb0\ComponentInstall.exe                                                              1

---- EOF - GMER 1.0.15 ----
         
--- --- ---


und jetzt OSAM:
Code:
ATTFilter
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 01:37:44 on 18.09.2012

OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AsUpIO" (AsUpIO) - ? - C:\windows\System32\drivers\AsUpIO.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\Users\***~1\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbamswissarmy.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftvollh.sys
"tmactmon" (tmactmon) - "Trend Micro Inc." - C:\windows\System32\DRIVERS\tmactmon.sys
"tmcomm" (tmcomm) - "Trend Micro Inc." - C:\windows\System32\DRIVERS\tmcomm.sys
"tmevtmgr" (tmevtmgr) - "Trend Micro Inc." - C:\windows\System32\DRIVERS\tmevtmgr.sys
"tmpreflt" (tmpreflt) - "Trend Micro Inc." - C:\windows\System32\DRIVERS\tmpreflt.sys
"tmxpflt" (tmxpflt) - "Trend Micro Inc." - C:\windows\System32\DRIVERS\tmxpflt.sys
"uxdiyuoc" (uxdiyuoc) - ? - C:\Users\***~1\AppData\Local\Temp\uxdiyuoc.sys  (Hidden registry entry, rootkit activity | File not found)
"vsapint" (vsapint) - "Trend Micro Inc." - C:\windows\System32\DRIVERS\vsapint.sys

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)
{48F45200-91E6-11CE-8A4F-0080C81A28D4} "TMD Shell Extension" - "Trend Micro Inc." - C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll
{771A9DA0-731A-11CE-993C-00AA004ADB6C} "VBPropSheet" - "Trend Micro Inc." - C:\Program Files\Trend Micro\Internet Security\VBProp.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ASUSPRP" - "ASUSTek Computer Inc." - C:\Program Files\ASUS\APRP\APRP.EXE
"ASUSWebStorage" - "ecareme" - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
"Boingo Wi-Fi" - ? - "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
"CapsHook" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
"Eee Docking" - ? - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
"HotkeyMon" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
"HotkeyService" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LiveUpdate" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SuperHybridEngine" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
"UfSeAgnt.exe" - "Trend Micro Inc." - "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"spd__ Langmon" - ? - C:\windows\system32\spd__l.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"Asus Launcher Service" (AsusService) - ? - C:\Windows\System32\AsusService.exe  (File found, but it contains no detailed information)
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe  (File not found)
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll
"Samsung UPD Service2" (Samsung UPD Service2) - "Samsung Electronics" - C:\Windows\system32\SUPDSvc2.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Trend Micro Central Control Component" (SfCtlCom) - "Trend Micro Inc." - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
"Trend Micro Personal Firewall" (TmPfw) - "Trend Micro Inc." - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
"Trend Micro Proxy Service" (TmProxy) - "Trend Micro Inc." - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
"Trend Micro Unauthorized Change Prevention Service" (TMBMServer) - "Trend Micro Inc." - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
und zum Schluß noch aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 01:39:35
-----------------------------
01:39:35.701    OS Version: Windows 6.1.7601 Service Pack 1
01:39:35.701    Number of processors: 2 586 0x1C0A
01:39:35.716    ComputerName: ***-PC  UserName: ***
01:39:44.452    Initialize success
01:42:29.363    AVAST engine defs: 12091400
01:42:46.586    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:42:46.586    Disk 0 Vendor: ST916031 0002 Size: 152627MB BusType: 3
01:42:46.742    Disk 0 MBR read successfully
01:42:46.757    Disk 0 MBR scan
01:42:46.882    Disk 0 Windows 7 default MBR code
01:42:46.960    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        81921 MB offset 2048
01:42:47.069    Disk 0 Partition 2 00     1B   Hidd FAT32 MSDOS5.0    15360 MB offset 167776256
01:42:47.100    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        55325 MB offset 199233536
01:42:47.210    Disk 0 Partition 4 00     EF      EFI FAT                20 MB offset 312539136
01:42:47.303    Disk 0 scanning sectors +312581808
01:42:47.771    Disk 0 scanning C:\windows\system32\drivers
01:44:40.234    Service scanning
01:45:30.604    Modules scanning
01:48:22.251    Disk 0 trace - called modules:
01:48:22.361    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
01:48:22.376    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c62030]
01:48:22.392    3 CLASSPNP.SYS[86b9059e] -> nt!IofCallDriver -> [0x8426f388]
01:48:22.407    5 ACPI.sys[864bb3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83e5b028]
01:48:23.156    AVAST engine scan C:\windows
01:49:24.386    AVAST engine scan C:\windows\system32
02:28:10.673    AVAST engine scan C:\windows\system32\drivers
02:33:01.450    AVAST engine scan C:\Users\***
04:06:41.722    AVAST engine scan C:\ProgramData
04:16:36.848    Scan finished successfully
07:20:10.395    Disk 0 MBR has been saved successfully to "C:\trojaner\MBR.dat"
07:20:10.582    The log file has been saved successfully to "C:\trojaner\aswMBR 2012-09-18.txt"
         

und??
Stimmt alles?
Ich hoffe es?

Nachtrag:
Startet normal und ohne Fehler.
Keine Unregelmäßigkeiten, leere Ordner o.ä. zu finden.

Gruß und Danke
kkjoky

Geändert von kkjoky (18.09.2012 um 06:42 Uhr) Grund: Startverhalten

Alt 19.09.2012, 11:16   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.09.2012, 20:21   #29
kkjoky
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Hier kommen sie, die beiden Scan-Logs.

Malware ist hier:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.19.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [Administrator]

19.09.2012 14:53:18
mbam-log-2012-09-19 (14-53-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382273
Laufzeit: 2 Stunde(n), 7 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
SASS hat einen Schwung cookies gefunden:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/19/2012 at 09:01 PM

Application Version : 5.5.1016

Core Rules Database Version : 9252
Trace Rules Database Version: 7064

Scan type       : Complete Scan
Total Scan Time : 02:54:07

Operating System Information
Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 774
Memory threats detected   : 0
Registry items scanned    : 33990
Registry threats detected : 0
File items scanned        : 159477
File threats detected     : 50

Adware.Tracking Cookie
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[1].txt [ /content.yieldmanager ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[2].txt [ /content.yieldmanager ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[4].txt [ /content.yieldmanager ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[1].txt [ /tradedoubler ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zbox.zanox[1].txt [ /zbox.zanox ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\11PYC73U.txt [ /tradedoubler.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1BVVGULN.txt [ /ads.creative-serving.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\TXZSCROH.txt [ /ad.ad-srv.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\HJ18AUOL.txt [ /ad.yieldmanager.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\SYJA2QEG.txt [ /atdmt.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\H0E9R5BD.txt [ /apmebf.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\IGMJTZ57.txt [ /adfarm1.adition.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\T2S7I35J.txt [ /webmasterplan.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WSWT1Z1J.txt [ /serving-sys.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\13VM8B6T.txt [ /invitemedia.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\7EQ133AI.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\U180J257.txt [ /doubleclick.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\293BAPQF.txt [ /fastclick.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\2C53EH54.txt [ /eyewonder.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\GU043UMW.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WGUYHSSA.txt [ /dyntracker.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\ZSJ6JUYC.txt [ /c.atdmt.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\IU4BRWPL.txt [ /imrworldwide.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\J84IXXM5.txt [ /revsci.net ]
	C:\USERS\***\Cookies\11PYC73U.txt [ Cookie:***@tradedoubler.com/ ]
	C:\USERS\***\Cookies\HJ18AUOL.txt [ Cookie:***@ad.yieldmanager.com/ ]
	C:\USERS\***\Cookies\H0E9R5BD.txt [ Cookie:***@apmebf.com/ ]
	C:\USERS\***\Cookies\IGMJTZ57.txt [ Cookie:***@adfarm1.adition.com/ ]
	C:\USERS\***\Cookies\***@ad.yieldmanager[1].txt [ Cookie:***@ad.yieldmanager.com/ ]
	C:\USERS\***\Cookies\13VM8B6T.txt [ Cookie:***@invitemedia.com/ ]
	C:\USERS\***\Cookies\7EQ133AI.txt [ Cookie:***@ad3.adfarm1.adition.com/ ]
	C:\USERS\***\Cookies\U180J257.txt [ Cookie:***@doubleclick.net/ ]
	C:\USERS\***\Cookies\293BAPQF.txt [ Cookie:***@fastclick.net/ ]
	C:\USERS\***\Cookies\GU043UMW.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
	C:\USERS\***\Cookies\WGUYHSSA.txt [ Cookie:***@dyntracker.com/ ]
	C:\USERS\***\Cookies\ZSJ6JUYC.txt [ Cookie:***@c.atdmt.com/ ]
	C:\USERS\***\Cookies\J84IXXM5.txt [ Cookie:***@revsci.net/ ]
	.apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
         
Die scheinen auf den ersten Blick ganz schön viel zu sein...

Danke für den Tipp wie es weitergeht, Cosinus.

Gruß und
kkjoky

Alt 20.09.2012, 11:22   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Phex.THAGen9 - eeePC - Win7 - Standard

Trojan.Phex.THAGen9 - eeePC - Win7



Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojan.Phex.THAGen9 - eeePC - Win7
abgesicherten, administrator, adobe, adobe flash player, anti-malware, autostart, bho, bingbar, bonjour, bundestrojaner, bundestrojaner eingefangen, code, converter, dateien, defender, download, eeepc, eset-online, explorer, file, firefox, flash player, folge, format, google, helper, icq, index, kurze, logfile, malwarebytes, microsoft, mozilla, mp3, plug-in, quarantäne, registry, registry value, scan, scanner, security, service, software, speicher, starten, trojan.phex.thagen, version, win, win7, word starter



Ähnliche Themen: Trojan.Phex.THAGen9 - eeePC - Win7


  1. Nach spontanen mbam scan: Trojan.Phex.THAGen6 und Trojan.Ransom.ED
    Log-Analyse und Auswertung - 22.12.2013 (1)
  2. trojan.phex.thagen1 und 2
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (23)
  3. PWS:Win32/Zbot malware : Trojan.Phex.TGen (File) und Trojan.Agent.IET (Registry Value und File)
    Log-Analyse und Auswertung - 16.01.2013 (15)
  4. Trojan.phex.tgen
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (3)
  5. Trojaner Trojan.Phex.THAGen6
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (3)
  6. Trojaner Trojan.Phex.THAGen6
    Log-Analyse und Auswertung - 20.11.2012 (30)
  7. Fund: Trojan.Phex.THAGen9 Sperrt System
    Log-Analyse und Auswertung - 13.10.2012 (8)
  8. Trojan.Phex.THAGen6, RootKit.0Access, Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (29)
  9. Trjan.Phex.THAGen9 + Rootkit.oAccess + Trojan.0Access
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (3)
  10. Trojan.Phex.THAGen9 + Trojan.0Access + Sirefef.AH + Sirefef.AL
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  11. Trojan.Phex.THAGen6 mit mbam bekämpft - was nun?
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (6)
  12. Trojan.Phex.THAGen6 + Canadian Pharmacy Spam
    Log-Analyse und Auswertung - 20.08.2012 (7)
  13. Windows Update Trojaner/Trojan.Agent.H/Trojan.Phex.THAGen4
    Log-Analyse und Auswertung - 19.08.2012 (12)
  14. Gesperrt durch Bundespolizei (Trojan.Phex.THAGen7 gefunden)
    Log-Analyse und Auswertung - 06.08.2012 (11)
  15. Trojan.Agent und Trojan.Phex.THA.Gen1, Avira Antivir Echtzeitscanner geblockt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  16. DVU Trojaner auf eeePC/Windows 7 Starter (Trojan.Ransom.Gen)
    Log-Analyse und Auswertung - 19.07.2012 (5)
  17. BKA-Trojaner 1.03? Trojan.Phex.THAGen1
    Mülltonne - 10.07.2012 (1)

Zum Thema Trojan.Phex.THAGen9 - eeePC - Win7 - Bitte besser aufpassen und sorgfältiger arbeiten! Du hast ein adwCleaner Log bei OTL eingefügt, das kann so nichts werden! - Trojan.Phex.THAGen9 - eeePC - Win7...
Archiv
Du betrachtest: Trojan.Phex.THAGen9 - eeePC - Win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.