| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Adware Tracking Cookie und Security HiJackWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.10.2012, 17:48
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Adware Tracking Cookie und Security HiJack Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O3 - HKU\S-1-5-21-3094054634-324839966-1081519958-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-3094054634-324839966-1081519958-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O32 - HKLM CDRom: AutoRun - 1
SafeBootMin:64bit: 47384861.sys - Driver
SafeBootMin:64bit: 90498078.sys - Driver
SafeBootMin: 47384861.sys - Driver
SafeBootMin: 90498078.sys - Driver
SafeBootNet:64bit: 47384861.sys - Driver
SafeBootNet:64bit: 90498078.sys - Driver
SafeBootNet: 47384861.sys - Driver
SafeBootNet: 90498078.sys - Driver
@Alternate Data Stream - 1066 bytes -> C:\Users\***\AppData\Local\q2bsBceWgFnU:ykvdxK6K31oFKnig7764yEl2VCz2
:Files
C:\Users\***\AppData\Local\q2bsBceWgFnU
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.10.2012, 22:39
| #17 |
 | Adware Tracking Cookie und Security HiJackCode:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 47384861.sys\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 90498078.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47384861.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90498078.sys\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 47384861.sys\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 90498078.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47384861.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90498078.sys\ deleted successfully.
ADS C:\Users\*\AppData\Local\q2bsBceWgFnU:ykvdxK6K31oFKnig7764yEl2VCz2 deleted successfully.
========== FILES ==========
C:\Users\*\AppData\Local\q2bsBceWgFnU folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*\Desktop\cmd.bat deleted successfully.
C:\Users\*\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56472 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: *
->Temp folder emptied: 17929496 bytes
->Temporary Internet Files folder emptied: 591067 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50333337 bytes
->Google Chrome cache emptied: 8049466 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3237984 bytes
%systemroot%\System32 (64bit) .tmp files removed: 35648 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4272 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 375261 bytes
Total Files Cleaned = 77,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10052012_232554
Files\Folders moved on Reboot...
C:\Users\*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\*\AppData\Local\Temp\SAS97B0.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
07.10.2012, 05:26
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Tracking Cookie und Security HiJack Was hast du denn da schon mit dem TDSS-Killer gemacht? Hab ich das für diesen Rechner schon aufgegeben? Wo ist das Log?
__________________
__________________ |
|
07.10.2012, 13:34
| #19 |
| | Adware Tracking Cookie und Security HiJack Das war bevor ich das Thema eröffnet habe. Hier das Log: Code:
ATTFilter 16:48:55.0967 4848 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:48:55.0999 4848 ============================================================
16:48:55.0999 4848 Current date / time: 2012/09/25 16:48:55.0999
16:48:55.0999 4848 SystemInfo:
16:48:55.0999 4848
16:48:55.0999 4848 OS Version: 6.1.7601 ServicePack: 1.0
16:48:55.0999 4848 Product type: Workstation
16:48:55.0999 4848 ComputerName:
16:48:55.0999 4848 UserName:
16:48:55.0999 4848 Windows directory: C:\Windows
16:48:55.0999 4848 System windows directory: C:\Windows
16:48:55.0999 4848 Running under WOW64
16:48:55.0999 4848 Processor architecture: Intel x64
16:48:55.0999 4848 Number of processors: 4
16:48:55.0999 4848 Page size: 0x1000
16:48:55.0999 4848 Boot type: Normal boot
16:48:55.0999 4848 ============================================================
16:48:56.0435 4848 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:48:56.0451 4848 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:49:04.0220 4848 ============================================================
16:49:04.0220 4848 \Device\Harddisk0\DR0:
16:49:04.0251 4848 MBR partitions:
16:49:04.0251 4848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:49:04.0251 4848 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x25990000
16:49:04.0251 4848 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x259C2800, BlocksNum 0x4ED43800
16:49:04.0251 4848 \Device\Harddisk1\DR1:
16:49:04.0251 4848 MBR partitions:
16:49:04.0251 4848 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x322000, BlocksNum 0xC150A000
16:49:04.0251 4848 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC182C000, BlocksNum 0x275DC000
16:49:04.0251 4848 ============================================================
16:49:04.0298 4848 C: <-> \Device\Harddisk0\DR0\Partition2
16:49:04.0329 4848 D: <-> \Device\Harddisk0\DR0\Partition3
16:49:04.0360 4848 T: <-> \Device\Harddisk1\DR1\Partition2
16:49:04.0407 4848 I: <-> \Device\Harddisk1\DR1\Partition1
16:49:04.0407 4848 ============================================================
16:49:04.0407 4848 Initialize success
16:49:04.0407 4848 ============================================================
16:49:20.0912 4104 ============================================================
16:49:20.0912 4104 Scan started
16:49:20.0912 4104 Mode: Manual; SigCheck; TDLFS;
16:49:20.0912 4104 ============================================================
16:49:21.0177 4104 ================ Scan system memory ========================
16:49:21.0177 4104 System memory - ok
16:49:21.0177 4104 ================ Scan services =============================
16:49:21.0411 4104 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:49:21.0505 4104 1394ohci - ok
16:49:21.0520 4104 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:49:21.0536 4104 ACPI - ok
16:49:21.0567 4104 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:49:21.0614 4104 AcpiPmi - Hok
16:49:21.0676 4104 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:49:21.0692 4104 AdobeARMservice - ok
16:49:21.0801 4104 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:49:21.0817 4104 AdobeFlashPlayerUpdateSvc - ok
16:49:21.0848 4104 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:49:21.0864 4104 adp94xx - ok
16:49:21.0910 4104 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:49:21.0957 4104 adpahci - ok
16:49:21.0957 4104 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:49:21.0973 4104 adpu320 - ok
16:49:22.0020 4104 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:49:22.0082 4104 AeLookupSvc - ok
16:49:22.0113 4104 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:49:22.0144 4104 AFD - ok
16:49:22.0176 4104 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:49:22.0191 4104 agp440 - ok
16:49:22.0207 4104 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:49:22.0254 4104 ALG - ok
16:49:22.0269 4104 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:49:22.0285 4104 aliide - ok
16:49:22.0316 4104 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:49:22.0363 4104 AMD External Events Utility - ok
16:49:22.0363 4104 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:49:22.0378 4104 amdide - ok
16:49:22.0410 4104 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:49:22.0441 4104 AmdK8 - ok
16:49:22.0644 4104 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:49:22.0909 4104 amdkmdag - ok
16:49:22.0940 4104 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:49:22.0956 4104 amdkmdap - ok
16:49:23.0002 4104 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:49:23.0034 4104 AmdPPM - ok
16:49:23.0065 4104 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:49:23.0080 4104 amdsata - ok
16:49:23.0080 4104 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:49:23.0096 4104 amdsbs - ok
16:49:23.0112 4104 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:49:23.0127 4104 amdxata - ok
16:49:23.0143 4104 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:49:23.0190 4104 AppID - ok
16:49:23.0221 4104 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:49:23.0268 4104 AppIDSvc - ok
16:49:23.0283 4104 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:49:23.0330 4104 Appinfo - ok
16:49:23.0361 4104 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:49:23.0377 4104 arc - ok
16:49:23.0377 4104 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:49:23.0392 4104 arcsas - ok
16:49:23.0408 4104 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:49:23.0424 4104 aswFsBlk - ok
16:49:23.0439 4104 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:49:23.0455 4104 aswMonFlt - ok
16:49:23.0455 4104 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
16:49:23.0470 4104 aswRdr - ok
16:49:23.0486 4104 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:49:23.0533 4104 aswSnx - ok
16:49:23.0564 4104 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:49:23.0580 4104 aswSP - ok
16:49:23.0595 4104 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:49:23.0611 4104 aswTdi - ok
16:49:23.0611 4104 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:49:23.0658 4104 AsyncMac - ok
16:49:23.0673 4104 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:49:23.0689 4104 atapi - ok
16:49:23.0720 4104 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:49:23.0736 4104 AtiHDAudioService - ok
16:49:23.0907 4104 [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:49:24.0048 4104 atikmdag - ok
16:49:24.0063 4104 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:49:24.0141 4104 AudioEndpointBuilder - ok
16:49:24.0157 4104 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:49:24.0204 4104 AudioSrv - ok
16:49:24.0250 4104 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:49:24.0266 4104 avast! Antivirus - ok
16:49:24.0282 4104 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:49:24.0328 4104 AxInstSV - ok
16:49:24.0360 4104 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:49:24.0391 4104 b06bdrv - ok
16:49:24.0422 4104 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:49:24.0438 4104 b57nd60a - ok
16:49:24.0469 4104 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:49:24.0500 4104 BDESVC - ok
16:49:24.0531 4104 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:49:24.0594 4104 Beep - ok
16:49:24.0625 4104 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:49:24.0687 4104 BFE - ok
16:49:24.0734 4104 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:49:24.0828 4104 BITS - ok
16:49:24.0843 4104 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:49:24.0859 4104 blbdrive - ok
16:49:24.0937 4104 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:49:24.0952 4104 Bonjour Service - ok
16:49:24.0984 4104 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:49:25.0015 4104 bowser - ok
16:49:25.0030 4104 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:49:25.0046 4104 BrFiltLo - ok
16:49:25.0062 4104 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:49:25.0093 4104 BrFiltUp - ok
16:49:25.0124 4104 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:49:25.0155 4104 Browser - ok
16:49:25.0171 4104 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:49:25.0218 4104 Brserid - ok
16:49:25.0218 4104 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:49:25.0233 4104 BrSerWdm - ok
16:49:25.0249 4104 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:49:25.0264 4104 BrUsbMdm - ok
16:49:25.0264 4104 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:49:25.0296 4104 BrUsbSer - ok
16:49:25.0296 4104 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:49:25.0327 4104 BTHMODEM - ok
16:49:25.0358 4104 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:49:25.0405 4104 bthserv - ok
16:49:25.0420 4104 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:49:25.0467 4104 cdfs - ok
16:49:25.0498 4104 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:49:25.0530 4104 cdrom - ok
16:49:25.0545 4104 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:49:25.0592 4104 CertPropSvc - ok
16:49:25.0686 4104 [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
16:49:25.0764 4104 CGVPNCliSrvc - ok
16:49:25.0795 4104 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:49:25.0826 4104 circlass - ok
16:49:25.0842 4104 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:49:25.0857 4104 CLFS - ok
16:49:25.0920 4104 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:49:25.0935 4104 clr_optimization_v2.0.50727_32 - ok
16:49:25.0951 4104 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:49:25.0966 4104 clr_optimization_v2.0.50727_64 - ok
16:49:26.0013 4104 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:49:26.0029 4104 clr_optimization_v4.0.30319_32 - ok
16:49:26.0060 4104 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:49:26.0076 4104 clr_optimization_v4.0.30319_64 - ok
16:49:26.0091 4104 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:49:26.0107 4104 CmBatt - ok
16:49:26.0122 4104 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:49:26.0138 4104 cmdide - ok
16:49:26.0169 4104 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:49:26.0200 4104 CNG - ok
16:49:26.0200 4104 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:49:26.0216 4104 Compbatt - ok
16:49:26.0232 4104 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:49:26.0263 4104 CompositeBus - ok
16:49:26.0263 4104 COMSysApp - ok
16:49:26.0278 4104 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:49:26.0294 4104 crcdisk - ok
16:49:26.0325 4104 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:49:26.0356 4104 CryptSvc - ok
16:49:26.0388 4104 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:49:26.0450 4104 DcomLaunch - ok
16:49:26.0481 4104 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:49:26.0544 4104 defragsvc - ok
16:49:26.0559 4104 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:49:26.0622 4104 DfsC - ok
16:49:26.0653 4104 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:49:26.0715 4104 Dhcp - ok
16:49:26.0731 4104 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:49:26.0793 4104 discache - ok
16:49:26.0809 4104 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:49:26.0809 4104 Disk - ok
16:49:26.0840 4104 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:49:26.0871 4104 Dnscache - ok
16:49:26.0902 4104 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:49:26.0934 4104 dot3svc - ok
16:49:26.0965 4104 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:49:27.0027 4104 DPS - ok
16:49:27.0027 4104 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:49:27.0058 4104 drmkaud - ok
16:49:27.0105 4104 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:49:27.0152 4104 DXGKrnl - ok
16:49:27.0183 4104 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:49:27.0230 4104 EapHost - ok
16:49:27.0308 4104 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:49:27.0402 4104 ebdrv - ok
16:49:27.0433 4104 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:49:27.0480 4104 EFS - ok
16:49:27.0526 4104 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:49:27.0558 4104 ehRecvr - ok
16:49:27.0573 4104 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:49:27.0620 4104 ehSched - ok
16:49:27.0651 4104 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:49:27.0682 4104 elxstor - ok
16:49:27.0714 4104 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:49:27.0745 4104 ErrDev - ok
16:49:27.0838 4104 esihdrv - ok
16:49:27.0870 4104 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:49:27.0932 4104 EventSystem - ok
16:49:27.0963 4104 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:49:28.0010 4104 exfat - ok
16:49:28.0010 4104 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:49:28.0057 4104 fastfat - ok
16:49:28.0104 4104 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:49:28.0135 4104 Fax - ok
16:49:28.0166 4104 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:49:28.0197 4104 fdc - ok
16:49:28.0213 4104 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:49:28.0260 4104 fdPHost - ok
16:49:28.0275 4104 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:49:28.0322 4104 FDResPub - ok
16:49:28.0322 4104 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:49:28.0338 4104 FileInfo - ok
16:49:28.0353 4104 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:49:28.0400 4104 Filetrace - ok
16:49:28.0431 4104 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:49:28.0447 4104 flpydisk - ok
16:49:28.0478 4104 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:49:28.0494 4104 FltMgr - ok
16:49:28.0525 4104 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:49:28.0556 4104 FontCache - ok
16:49:28.0618 4104 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:49:28.0634 4104 FontCache3.0.0.0 - ok
16:49:28.0650 4104 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:49:28.0665 4104 FsDepends - ok
16:49:28.0681 4104 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:49:28.0696 4104 Fs_Rec - ok
16:49:28.0712 4104 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:49:28.0743 4104 fvevol - ok
16:49:28.0743 4104 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:49:28.0759 4104 gagp30kx - ok
16:49:28.0790 4104 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:49:28.0868 4104 gpsvc - ok
16:49:28.0915 4104 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:49:28.0915 4104 gupdate - ok
16:49:28.0930 4104 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:49:28.0930 4104 gupdatem - ok
16:49:28.0962 4104 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:49:28.0977 4104 gusvc - ok
16:49:28.0993 4104 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:49:29.0024 4104 hcw85cir - ok
16:49:29.0055 4104 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:49:29.0071 4104 HdAudAddService - ok
16:49:29.0102 4104 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:49:29.0133 4104 HDAudBus - ok
16:49:29.0149 4104 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:49:29.0164 4104 HECIx64 - ok
16:49:29.0196 4104 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:49:29.0211 4104 HidBatt - ok
16:49:29.0227 4104 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:49:29.0242 4104 HidBth - ok
16:49:29.0258 4104 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:49:29.0274 4104 HidIr - ok
16:49:29.0289 4104 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:49:29.0352 4104 hidserv - ok
16:49:29.0367 4104 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:49:29.0383 4104 HidUsb - ok
16:49:29.0398 4104 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:49:29.0461 4104 hkmsvc - ok
16:49:29.0492 4104 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:49:29.0508 4104 HomeGroupListener - ok
16:49:29.0523 4104 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:49:29.0554 4104 HomeGroupProvider - ok
16:49:29.0586 4104 [ 987CE6F69764B66D8026518AEFEDB508 ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys
16:49:29.0601 4104 hotcore3 - ok
16:49:29.0632 4104 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:49:29.0648 4104 HpSAMD - ok
16:49:29.0679 4104 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:49:29.0757 4104 HTTP - ok
16:49:29.0773 4104 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:49:29.0788 4104 hwpolicy - ok
16:49:29.0804 4104 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:49:29.0820 4104 i8042prt - ok
16:49:29.0866 4104 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:49:29.0882 4104 iaStor - ok
16:49:29.0898 4104 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:49:29.0929 4104 iaStorV - ok
16:49:29.0991 4104 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:49:30.0022 4104 idsvc - ok
16:49:30.0069 4104 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:49:30.0085 4104 iirsp - ok
16:49:30.0116 4104 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:49:30.0194 4104 IKEEXT - ok
16:49:30.0241 4104 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
16:49:30.0272 4104 Impcd - ok
16:49:30.0319 4104 [ 59B0BBA422F04467E8C89B7CE6AE95E1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:49:30.0381 4104 IntcAzAudAddService - ok
16:49:30.0397 4104 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:49:30.0412 4104 intelide - ok
16:49:30.0428 4104 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:49:30.0444 4104 intelppm - ok
16:49:30.0459 4104 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:49:30.0522 4104 IPBusEnum - ok
16:49:30.0537 4104 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:49:30.0600 4104 IpFilterDriver - ok
16:49:30.0631 4104 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:49:30.0709 4104 iphlpsvc - ok
16:49:30.0724 4104 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:49:30.0756 4104 IPMIDRV - ok
16:49:30.0771 4104 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:49:30.0834 4104 IPNAT - ok
16:49:30.0834 4104 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:49:30.0865 4104 IRENUM - ok
16:49:30.0896 4104 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:49:30.0912 4104 isapnp - ok
16:49:30.0943 4104 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:49:30.0958 4104 iScsiPrt - ok
16:49:30.0990 4104 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:49:30.0990 4104 kbdclass - ok
16:49:31.0021 4104 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:49:31.0036 4104 kbdhid - ok
16:49:31.0052 4104 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:49:31.0068 4104 KeyIso - ok
16:49:31.0099 4104 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:49:31.0114 4104 KSecDD - ok
16:49:31.0114 4104 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:49:31.0130 4104 KSecPkg - ok
16:49:31.0146 4104 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:49:31.0192 4104 ksthunk - ok
16:49:31.0224 4104 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:49:31.0286 4104 KtmRm - ok
16:49:31.0302 4104 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:49:31.0348 4104 LanmanServer - ok
16:49:31.0380 4104 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:49:31.0426 4104 LanmanWorkstation - ok
16:49:31.0442 4104 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:49:31.0473 4104 lltdio - ok
16:49:31.0520 4104 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:49:31.0582 4104 lltdsvc - ok
16:49:31.0598 4104 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:49:31.0645 4104 lmhosts - ok
16:49:31.0660 4104 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:49:31.0676 4104 LSI_FC - ok
16:49:31.0692 4104 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:49:31.0707 4104 LSI_SAS - ok
16:49:31.0707 4104 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:49:31.0723 4104 LSI_SAS2 - ok
16:49:31.0723 4104 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:49:31.0738 4104 LSI_SCSI - ok
16:49:31.0754 4104 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:49:31.0801 4104 luafv - ok
16:49:31.0832 4104 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:49:31.0848 4104 MBAMProtector - ok
16:49:31.0894 4104 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:49:31.0926 4104 MBAMScheduler - ok
16:49:31.0972 4104 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:49:31.0988 4104 MBAMService - ok
16:49:32.0019 4104 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:49:32.0035 4104 Mcx2Svc - ok
16:49:32.0066 4104 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:49:32.0082 4104 megasas - ok
16:49:32.0082 4104 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:49:32.0097 4104 MegaSR - ok
16:49:32.0160 4104 Microsoft SharePoint Workspace Audit Service - ok
16:49:32.0191 4104 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:49:32.0238 4104 MMCSS - ok
16:49:32.0253 4104 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:49:32.0316 4104 Modem - ok
16:49:32.0331 4104 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:49:32.0347 4104 monitor - ok
16:49:32.0378 4104 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:49:32.0378 4104 mouclass - ok
16:49:32.0409 4104 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:49:32.0425 4104 mouhid - ok
16:49:32.0456 4104 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:49:32.0472 4104 mountmgr - ok
16:49:32.0487 4104 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:49:32.0503 4104 mpio - ok
16:49:32.0534 4104 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:49:32.0581 4104 mpsdrv - ok
16:49:32.0628 4104 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:49:32.0706 4104 MpsSvc - ok
16:49:32.0721 4104 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:49:32.0752 4104 MRxDAV - ok
16:49:32.0784 4104 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:49:32.0799 4104 mrxsmb - ok
16:49:32.0815 4104 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:49:32.0830 4104 mrxsmb10 - ok
16:49:32.0830 4104 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:49:32.0862 4104 mrxsmb20 - ok
16:49:32.0862 4104 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:49:32.0877 4104 msahci - ok
16:49:32.0908 4104 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:49:32.0924 4104 msdsm - ok
16:49:32.0940 4104 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:49:32.0971 4104 MSDTC - ok
16:49:33.0002 4104 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:49:33.0033 4104 Msfs - ok
16:49:33.0049 4104 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:49:33.0111 4104 mshidkmdf - ok
16:49:33.0111 4104 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:49:33.0127 4104 msisadrv - ok
16:49:33.0158 4104 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:49:33.0205 4104 MSiSCSI - ok
16:49:33.0205 4104 msiserver - ok
16:49:33.0220 4104 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:49:33.0267 4104 MSKSSRV - ok
16:49:33.0283 4104 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:49:33.0330 4104 MSPCLOCK - ok
16:49:33.0345 4104 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:49:33.0392 4104 MSPQM - ok
16:49:33.0423 4104 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:49:33.0439 4104 MsRPC - ok
16:49:33.0470 4104 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:49:33.0486 4104 mssmbios - ok
16:49:33.0501 4104 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:49:33.0548 4104 MSTEE - ok
16:49:33.0564 4104 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:49:33.0564 4104 MTConfig - ok
16:49:33.0579 4104 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:49:33.0595 4104 Mup - ok
16:49:33.0657 4104 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:49:33.0720 4104 napagent - ok
16:49:33.0766 4104 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:49:33.0813 4104 NativeWifiP - ok
16:49:33.0844 4104 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:49:33.0891 4104 NDIS - ok
16:49:33.0907 4104 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:49:33.0954 4104 NdisCap - ok
16:49:33.0985 4104 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:49:34.0032 4104 NdisTapi - ok
16:49:34.0047 4104 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:49:34.0110 4104 Ndisuio - ok
16:49:34.0110 4104 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:49:34.0156 4104 NdisWan - ok
16:49:34.0188 4104 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:49:34.0250 4104 NDProxy - ok
16:49:34.0266 4104 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:49:34.0312 4104 NetBIOS - ok
16:49:34.0328 4104 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:49:34.0375 4104 NetBT - ok
16:49:34.0406 4104 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:49:34.0422 4104 Netlogon - ok
16:49:34.0437 4104 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:49:34.0500 4104 Netman - ok
16:49:34.0515 4104 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:49:34.0578 4104 netprofm - ok
16:49:34.0593 4104 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:49:34.0609 4104 NetTcpPortSharing - ok
16:49:34.0624 4104 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:49:34.0640 4104 nfrd960 - ok
16:49:34.0671 4104 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:49:34.0734 4104 NlaSvc - ok
16:49:34.0749 4104 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:49:34.0796 4104 Npfs - ok
16:49:34.0827 4104 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:49:34.0874 4104 nsi - ok
16:49:34.0905 4104 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:49:34.0936 4104 nsiproxy - ok
16:49:34.0983 4104 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:49:35.0046 4104 Ntfs - ok
16:49:35.0061 4104 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:49:35.0124 4104 Null - ok
16:49:35.0139 4104 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:49:35.0155 4104 nvraid - ok
16:49:35.0170 4104 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:49:35.0186 4104 nvstor - ok
16:49:35.0217 4104 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:49:35.0233 4104 nv_agp - ok
16:49:35.0264 4104 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:49:35.0295 4104 ohci1394 - ok
16:49:35.0326 4104 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:49:35.0342 4104 ose64 - ok
16:49:35.0451 4104 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:49:35.0529 4104 osppsvc - ok
16:49:35.0560 4104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:49:35.0592 4104 p2pimsvc - ok
16:49:35.0607 4104 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:49:35.0638 4104 p2psvc - ok
16:49:35.0670 4104 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:49:35.0685 4104 Parport - ok
16:49:35.0701 4104 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:49:35.0716 4104 partmgr - ok
16:49:35.0732 4104 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:49:35.0763 4104 PcaSvc - ok
16:49:35.0779 4104 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:49:35.0794 4104 pci - ok
16:49:35.0826 4104 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:49:35.0826 4104 pciide - ok
16:49:35.0857 4104 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:49:35.0872 4104 pcmcia - ok
16:49:35.0888 4104 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:49:35.0904 4104 pcw - ok
16:49:35.0935 4104 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:49:35.0997 4104 PEAUTH - ok
16:49:36.0075 4104 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:49:36.0091 4104 PerfHost - ok
16:49:36.0138 4104 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
16:49:36.0153 4104 PGEffect - ok
16:49:36.0216 4104 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:49:36.0278 4104 pla - ok
16:49:36.0325 4104 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:49:36.0340 4104 PlugPlay - ok
16:49:36.0372 4104 PnkBstrA - ok
16:49:36.0403 4104 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:49:36.0434 4104 PNRPAutoReg - ok
16:49:36.0450 4104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:49:36.0465 4104 PNRPsvc - ok
16:49:36.0481 4104 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:49:36.0543 4104 PolicyAgent - ok
16:49:36.0574 4104 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:49:36.0637 4104 Power - ok
16:49:36.0652 4104 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:49:36.0684 4104 PptpMiniport - ok
16:49:36.0715 4104 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:49:36.0730 4104 Processor - ok
16:49:36.0746 4104 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:49:36.0777 4104 ProfSvc - ok
16:49:36.0793 4104 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:49:36.0808 4104 ProtectedStorage - ok
16:49:36.0840 4104 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:49:36.0886 4104 Psched - ok
16:49:36.0902 4104 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:49:36.0918 4104 PxHlpa64 - ok
16:49:36.0949 4104 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:49:37.0011 4104 ql2300 - ok
16:49:37.0027 4104 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:49:37.0042 4104 ql40xx - ok
16:49:37.0058 4104 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:49:37.0089 4104 QWAVE - ok
16:49:37.0089 4104 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:49:37.0105 4104 QWAVEdrv - ok
16:49:37.0120 4104 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:49:37.0167 4104 RasAcd - ok
16:49:37.0183 4104 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:49:37.0214 4104 RasAgileVpn - ok
16:49:37.0230 4104 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:49:37.0292 4104 RasAuto - ok
16:49:37.0308 4104 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:49:37.0354 4104 Rasl2tp - ok
16:49:37.0370 4104 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:49:37.0417 4104 RasMan - ok
16:49:37.0432 4104 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:49:37.0479 4104 RasPppoe - ok
16:49:37.0479 4104 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:49:37.0542 4104 RasSstp - ok
16:49:37.0557 4104 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:49:37.0604 4104 rdbss - ok
16:49:37.0620 4104 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:49:37.0651 4104 rdpbus - ok
16:49:37.0666 4104 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:49:37.0713 4104 RDPCDD - ok
16:49:37.0729 4104 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:49:37.0776 4104 RDPENCDD - ok
16:49:37.0776 4104 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:49:37.0822 4104 RDPREFMP - ok
16:49:37.0838 4104 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:49:37.0869 4104 RDPWD - ok
16:49:37.0900 4104 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:49:37.0916 4104 rdyboost - ok
16:49:37.0947 4104 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:49:38.0010 4104 RemoteAccess - ok
16:49:38.0041 4104 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:49:38.0088 4104 RemoteRegistry - ok
16:49:38.0119 4104 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:49:38.0166 4104 RpcEptMapper - ok
16:49:38.0197 4104 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:49:38.0212 4104 RpcLocator - ok
16:49:38.0244 4104 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:49:38.0290 4104 RpcSs - ok
16:49:38.0306 4104 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:49:38.0353 4104 rspndr - ok
16:49:38.0400 4104 [ 483C537E69FA97C77F7FE0E2E1C1F102 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
16:49:38.0415 4104 RTHDMIAzAudService - ok
16:49:38.0446 4104 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:49:38.0462 4104 RTL8167 - ok
16:49:38.0493 4104 [ A8ED9726734D403217A4861A6788B144 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
16:49:38.0540 4104 rtl8192se - ok
16:49:38.0556 4104 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:49:38.0571 4104 SamSs - ok
16:49:38.0602 4104 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:49:38.0618 4104 sbp2port - ok
16:49:38.0665 4104 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:49:38.0680 4104 SBSDWSCService - ok
16:49:38.0712 4104 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:49:38.0758 4104 SCardSvr - ok
16:49:38.0774 4104 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:49:38.0836 4104 scfilter - ok
16:49:38.0868 4104 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:49:38.0946 4104 Schedule - ok
16:49:38.0977 4104 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:49:39.0008 4104 SCPolicySvc - ok
16:49:39.0039 4104 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:49:39.0070 4104 SDRSVC - ok
16:49:39.0102 4104 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:49:39.0148 4104 secdrv - ok
16:49:39.0164 4104 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:49:39.0195 4104 seclogon - ok
16:49:39.0211 4104 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:49:39.0273 4104 SENS - ok
16:49:39.0289 4104 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:49:39.0320 4104 SensrSvc - ok
16:49:39.0336 4104 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:49:39.0367 4104 Serenum - ok
16:49:39.0382 4104 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:49:39.0398 4104 Serial - ok
16:49:39.0429 4104 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:49:39.0445 4104 sermouse - ok
16:49:39.0476 4104 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:49:39.0538 4104 SessionEnv - ok
16:49:39.0554 4104 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:49:39.0570 4104 sffdisk - ok
16:49:39.0585 4104 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:49:39.0616 4104 sffp_mmc - ok
16:49:39.0616 4104 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:49:39.0632 4104 sffp_sd - ok
16:49:39.0648 4104 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:49:39.0679 4104 sfloppy - ok
16:49:39.0726 4104 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:49:39.0772 4104 SharedAccess - ok
16:49:39.0804 4104 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:49:39.0850 4104 ShellHWDetection - ok
16:49:39.0882 4104 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:49:39.0897 4104 SiSRaid2 - ok
16:49:39.0897 4104 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:49:39.0913 4104 SiSRaid4 - ok
16:49:39.0944 4104 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:49:39.0944 4104 SkypeUpdate - ok
16:49:39.0975 4104 [ 544788D536087DAF32B846F10D8392F5 ] SLEE_17_DRIVER C:\Windows\Sleen1764.sys
16:49:39.0991 4104 SLEE_17_DRIVER - ok
16:49:40.0006 4104 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:49:40.0069 4104 Smb - ok
16:49:40.0100 4104 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:49:40.0131 4104 SNMPTRAP - ok
16:49:40.0147 4104 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:49:40.0162 4104 spldr - ok
16:49:40.0209 4104 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:49:40.0256 4104 Spooler - ok
16:49:40.0334 4104 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:49:40.0459 4104 sppsvc - ok
16:49:40.0490 4104 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:49:40.0537 4104 sppuinotify - ok
16:49:40.0568 4104 [ 4C33F139236FD9BD14A920F60C1CB072 ] sptd C:\Windows\system32\Drivers\sptd.sys
16:49:40.0568 4104 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 4C33F139236FD9BD14A920F60C1CB072
16:49:40.0584 4104 sptd ( LockedFile.Multi.Generic ) - warning
16:49:40.0584 4104 sptd - detected LockedFile.Multi.Generic (1)
16:49:40.0615 4104 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:49:40.0646 4104 srv - ok
16:49:40.0646 4104 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:49:40.0677 4104 srv2 - ok
16:49:40.0708 4104 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:49:40.0740 4104 srvnet - ok
16:49:40.0755 4104 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:49:40.0818 4104 SSDPSRV - ok
16:49:40.0818 4104 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:49:40.0880 4104 SstpSvc - ok
16:49:40.0911 4104 Steam Client Service - ok
16:49:40.0942 4104 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:49:40.0958 4104 stexstor - ok
16:49:40.0989 4104 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:49:41.0036 4104 stisvc - ok
16:49:41.0067 4104 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:49:41.0083 4104 swenum - ok
16:49:41.0130 4104 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:49:41.0161 4104 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:49:41.0161 4104 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:49:41.0192 4104 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:49:41.0254 4104 swprv - ok
16:49:41.0286 4104 [ E28CA52ECF8CB6EB04B34DE440BA260E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:49:41.0301 4104 SynTP - ok
16:49:41.0332 4104 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:49:41.0410 4104 SysMain - ok
16:49:41.0442 4104 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:49:41.0473 4104 TabletInputService - ok
16:49:41.0488 4104 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
16:49:41.0520 4104 tap0901 - ok
16:49:41.0535 4104 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:49:41.0598 4104 TapiSrv - ok
16:49:41.0644 4104 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:49:41.0676 4104 TBS - ok
16:49:41.0722 4104 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:49:41.0785 4104 Tcpip - ok
16:49:41.0832 4104 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:49:41.0863 4104 TCPIP6 - ok
16:49:41.0894 4104 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:49:41.0941 4104 tcpipreg - ok
16:49:41.0972 4104 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:49:42.0003 4104 TDPIPE - ok
16:49:42.0019 4104 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:49:42.0050 4104 TDTCP - ok
16:49:42.0066 4104 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:49:42.0112 4104 tdx - ok
16:49:42.0175 4104 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:49:42.0222 4104 TeamViewer7 - ok
16:49:42.0253 4104 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:49:42.0268 4104 TermDD - ok
16:49:42.0300 4104 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:49:42.0362 4104 TermService - ok
16:49:42.0378 4104 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:49:42.0409 4104 Themes - ok
16:49:42.0424 4104 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:49:42.0456 4104 THREADORDER - ok
16:49:42.0487 4104 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
16:49:42.0502 4104 tos_sps64 - ok
16:49:42.0518 4104 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:49:42.0565 4104 TrkWks - ok
16:49:42.0612 4104 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:49:42.0658 4104 TrustedInstaller - ok
16:49:42.0690 4104 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:49:42.0721 4104 tssecsrv - ok
16:49:42.0736 4104 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:49:42.0752 4104 TsUsbFlt - ok
16:49:42.0830 4104 [ 4BA2126EEB1B5B2A1103284C55CCE0EB ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
16:49:42.0877 4104 TuneUp.UtilitiesSvc - ok
16:49:42.0877 4104 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
16:49:42.0892 4104 TuneUpUtilitiesDrv - ok
16:49:42.0908 4104 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:49:42.0955 4104 tunnel - ok
16:49:42.0970 4104 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
16:49:42.0986 4104 TVALZ - ok
16:49:43.0002 4104 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:49:43.0017 4104 uagp35 - ok
16:49:43.0033 4104 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:49:43.0080 4104 udfs - ok
16:49:43.0111 4104 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:49:43.0126 4104 UI0Detect - ok
16:49:43.0158 4104 [ 5357F9507B59C831C5CD79F1F6374A5E ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
16:49:43.0173 4104 UimBus - ok
16:49:43.0189 4104 [ 001402EA0FB543F77F91090130FD029D ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys
16:49:43.0220 4104 Uim_IM - ok
16:49:43.0236 4104 [ E75B35EEBC923B6DB2DBEA52E71A7892 ] Uim_VIM C:\Windows\system32\Drivers\uim_vimx64.sys
16:49:43.0251 4104 Uim_VIM - ok
16:49:43.0282 4104 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:49:43.0298 4104 uliagpkx - ok
16:49:43.0314 4104 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:49:43.0345 4104 umbus - ok
16:49:43.0376 4104 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:49:43.0392 4104 UmPass - ok
16:49:43.0423 4104 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
16:49:43.0438 4104 UnlockerDriver5 - ok
16:49:43.0454 4104 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:49:43.0501 4104 upnphost - ok
16:49:43.0516 4104 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:43.0532 4104 usbccgp - ok
16:49:43.0563 4104 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:49:43.0579 4104 usbcir - ok
16:49:43.0594 4104 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:49:43.0610 4104 usbehci - ok
16:49:43.0626 4104 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:49:43.0657 4104 usbhub - ok
16:49:43.0672 4104 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:49:43.0688 4104 usbohci - ok
16:49:43.0719 4104 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:49:43.0735 4104 usbprint - ok
16:49:43.0766 4104 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:43.0782 4104 USBSTOR - ok
16:49:43.0797 4104 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:49:43.0828 4104 usbuhci - ok
16:49:43.0860 4104 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:49:43.0891 4104 usbvideo - ok
16:49:43.0922 4104 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:49:43.0969 4104 UxSms - ok
16:49:43.0984 4104 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:49:43.0984 4104 VaultSvc - ok
16:49:44.0016 4104 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:49:44.0031 4104 vdrvroot - ok
16:49:44.0062 4104 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:49:44.0109 4104 vds - ok
16:49:44.0140 4104 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:44.0156 4104 vga - ok
16:49:44.0172 4104 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:49:44.0218 4104 VgaSave - ok
16:49:44.0250 4104 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:49:44.0265 4104 vhdmp - ok
16:49:44.0281 4104 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:49:44.0281 4104 viaide - ok
16:49:44.0296 4104 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:49:44.0312 4104 volmgr - ok
16:49:44.0328 4104 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:49:44.0343 4104 volmgrx - ok
16:49:44.0343 4104 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:49:44.0374 4104 volsnap - ok
16:49:44.0390 4104 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:49:44.0406 4104 vsmraid - ok
16:49:44.0452 4104 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:49:44.0530 4104 VSS - ok
16:49:44.0530 4104 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:49:44.0562 4104 vwifibus - ok
16:49:44.0577 4104 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:49:44.0608 4104 vwififlt - ok
16:49:44.0624 4104 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:49:44.0671 4104 W32Time - ok
16:49:44.0702 4104 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:49:44.0718 4104 WacomPen - ok
16:49:44.0749 4104 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:49:44.0796 4104 WANARP - ok
16:49:44.0796 4104 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:49:44.0842 4104 Wanarpv6 - ok
16:49:44.0889 4104 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:49:44.0952 4104 wbengine - ok
16:49:44.0983 4104 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:49:44.0998 4104 WbioSrvc - ok
16:49:45.0030 4104 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:49:45.0061 4104 wcncsvc - ok
16:49:45.0061 4104 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:49:45.0092 4104 WcsPlugInService - ok
16:49:45.0108 4104 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:49:45.0123 4104 Wd - ok
16:49:45.0139 4104 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:49:45.0186 4104 Wdf01000 - ok
16:49:45.0201 4104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:49:45.0232 4104 WdiServiceHost - ok
16:49:45.0232 4104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:49:45.0264 4104 WdiSystemHost - ok
16:49:45.0279 4104 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:49:45.0310 4104 WebClient - ok
16:49:45.0326 4104 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:49:45.0388 4104 Wecsvc - ok
16:49:45.0404 4104 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:49:45.0435 4104 wercplsupport - ok
16:49:45.0451 4104 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:49:45.0498 4104 WerSvc - ok
16:49:45.0513 4104 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:49:45.0544 4104 WfpLwf - ok
16:49:45.0560 4104 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:49:45.0576 4104 WIMMount - ok
16:49:45.0591 4104 WinDefend - ok
16:49:45.0591 4104 WinHttpAutoProxySvc - ok
16:49:45.0638 4104 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:49:45.0700 4104 Winmgmt - ok
16:49:45.0747 4104 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:49:45.0841 4104 WinRM - ok
16:49:45.0888 4104 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:49:45.0903 4104 WinUsb - ok
16:49:45.0950 4104 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:49:46.0012 4104 Wlansvc - ok
16:49:46.0137 4104 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:49:46.0246 4104 wlidsvc - ok
16:49:46.0262 4104 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:49:46.0293 4104 WmiAcpi - ok
16:49:46.0324 4104 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:49:46.0356 4104 wmiApSrv - ok
16:49:46.0371 4104 WMPNetworkSvc - ok
16:49:46.0387 4104 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:49:46.0402 4104 WPCSvc - ok
16:49:46.0418 4104 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:49:46.0449 4104 WPDBusEnum - ok
16:49:46.0480 4104 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:49:46.0527 4104 ws2ifsl - ok
16:49:46.0543 4104 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:49:46.0574 4104 wscsvc - ok
16:49:46.0574 4104 WSearch - ok
16:49:46.0636 4104 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:49:46.0714 4104 wuauserv - ok
16:49:46.0746 4104 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:49:46.0792 4104 WudfPf - ok
16:49:46.0808 4104 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:46.0855 4104 WUDFRd - ok
16:49:46.0870 4104 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:49:46.0902 4104 wudfsvc - ok
16:49:46.0933 4104 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:49:46.0964 4104 WwanSvc - ok
16:49:47.0011 4104 [ 7C5522028410A4A34BB8021F026733AF ] XMouseButton Launcher C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
16:49:47.0026 4104 XMouseButton Launcher ( UnsignedFile.Multi.Generic ) - warning
16:49:47.0026 4104 XMouseButton Launcher - detected UnsignedFile.Multi.Generic (1)
16:49:47.0042 4104 ================ Scan global ===============================
16:49:47.0073 4104 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:49:47.0104 4104 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:49:47.0120 4104 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:49:47.0151 4104 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:49:47.0182 4104 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:49:47.0182 4104 [Global] - ok
16:49:47.0182 4104 ================ Scan MBR ==================================
16:49:47.0198 4104 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:49:47.0697 4104 \Device\Harddisk0\DR0 - ok
16:49:47.0697 4104 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:49:48.0571 4104 \Device\Harddisk1\DR1 - ok
16:49:48.0571 4104 ================ Scan VBR ==================================
16:49:48.0586 4104 [ A20062AE79C399784E0D5B12454EF217 ] \Device\Harddisk0\DR0\Partition1
16:49:48.0586 4104 \Device\Harddisk0\DR0\Partition1 - ok
16:49:48.0586 4104 [ C707203494401CCF489BA12BEF8E0544 ] \Device\Harddisk0\DR0\Partition2
16:49:48.0602 4104 \Device\Harddisk0\DR0\Partition2 - ok
16:49:48.0618 4104 [ 063931AE1B49CA570EB3ACADDEDDDAC0 ] \Device\Harddisk0\DR0\Partition3
16:49:48.0618 4104 \Device\Harddisk0\DR0\Partition3 - ok
16:49:48.0618 4104 [ F731A385709CD66402C2176FAC60221D ] \Device\Harddisk1\DR1\Partition1
16:49:48.0618 4104 \Device\Harddisk1\DR1\Partition1 - ok
16:49:48.0633 4104 [ E7282DE604CDB162E9B9AE4B7DDBE64E ] \Device\Harddisk1\DR1\Partition2
16:49:48.0633 4104 \Device\Harddisk1\DR1\Partition2 - ok
16:49:48.0633 4104 ============================================================
16:49:48.0633 4104 Scan finished
16:49:48.0633 4104 ============================================================
16:49:48.0633 3000 Detected object count: 3
16:49:48.0633 3000 Actual detected object count: 3
16:51:40.0349 3000 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
16:51:40.0396 3000 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
16:51:40.0427 3000 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - copied to quarantine
16:51:40.0443 3000 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
16:51:40.0474 3000 C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe - copied to quarantine
16:51:40.0490 3000 XMouseButton Launcher ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
16:52:04.0735 4784 Deinitialize success
|
|
07.10.2012, 19:42
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Tracking Cookie und Security HiJack Ja schön blöd, du hast was in die Q geschickt obwohl völlig unnötig! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 22:45
| #21 |
| | Adware Tracking Cookie und Security HiJackCode:
ATTFilter ComboFix 12-10-04.02 - * 07.10.2012 23:31:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3958.2464 [GMT 2:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-07 bis 2012-10-07 ))))))))))))))))))))))))))))))
.
.
2012-10-07 21:37 . 2012-10-07 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-07 14:29 . 2012-10-07 14:29 4196 ----a-w- C:\STFCCE3.tmp
2012-10-07 13:25 . 2012-10-07 13:39 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-07 12:23 . 2012-09-18 22:58 9308616 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7611BBB8-BEDF-4EDD-ADBB-F35825D998B7}\mpengine.dll
2012-10-05 21:25 . 2012-10-05 21:25 -------- d-----w- C:\_OTL
2012-10-05 13:32 . 2012-10-05 13:33 -------- d-----w- c:\programdata\Solidshield
2012-10-05 12:54 . 2012-10-05 12:54 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-10-05 12:54 . 2012-10-05 12:54 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-10-05 05:17 . 2012-10-05 05:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-28 12:50 . 2012-07-02 10:23 35112 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-09-28 10:46 . 2012-09-28 10:46 -------- d-----w- c:\program files\CyberGhost VPN
2012-09-28 01:56 . 2012-09-28 01:56 -------- d-----w- c:\program files (x86)\Alcohol Soft
2012-09-28 01:56 . 2012-09-28 01:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-28 01:15 . 2012-09-28 01:15 868848 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-09-28 01:15 . 2012-09-28 01:15 -------- d-----w- c:\program files (x86)\Franzis
2012-09-28 01:08 . 2012-09-28 01:08 -------- d-----w- c:\users\*\AppData\Roaming\Nero
2012-09-28 01:04 . 2012-09-28 01:06 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-09-28 01:04 . 2012-09-28 01:04 -------- d-----w- c:\program files (x86)\Nero
2012-09-28 00:11 . 2012-09-19 09:29 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-28 00:11 . 2012-09-19 09:29 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-09-28 00:11 . 2012-09-19 09:29 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-09-28 00:10 . 2012-09-28 00:28 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2013
2012-09-28 00:08 . 2012-09-28 00:20 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-09-28 00:08 . 2012-09-28 00:08 -------- d--h--w- c:\programdata\Common Files
2012-09-27 17:12 . 2012-09-27 17:13 -------- d-----w- c:\users\*\.gnubg
2012-09-27 16:15 . 2012-09-27 16:30 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-09-26 16:03 . 2012-09-27 22:15 -------- d-----w- c:\users\*\AppData\Roaming\SUPERAntiSpyware.com
2012-09-26 16:02 . 2012-09-26 16:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-26 00:30 . 2012-09-26 00:31 -------- d-----w- C:\AVZ
2012-09-25 18:30 . 2012-09-25 18:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-25 17:46 . 2012-09-27 22:16 -------- d-----w- c:\users\*\AppData\Roaming\NetMeter
2012-09-25 17:46 . 2012-09-25 17:46 -------- d-----w- c:\program files (x86)\NetMeter
2012-09-25 17:39 . 2012-09-26 18:34 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-25 17:38 . 2012-09-25 17:39 -------- d-----w- c:\programdata\Logishrd
2012-09-25 17:38 . 2012-09-25 17:39 -------- d-----w- c:\program files\Logitech
2012-09-25 17:38 . 2012-09-25 17:39 -------- d-----w- c:\program files\Common Files\Logishrd
2012-09-25 17:35 . 2012-09-27 17:30 -------- d-----w- c:\users\*\AppData\Roaming\Logishrd
2012-09-25 17:35 . 2012-09-25 18:13 -------- d-----w- c:\users\*\AppData\Roaming\Logitech
2012-09-25 17:08 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 14:51 . 2012-09-25 15:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-19 16:50 . 2012-09-19 16:50 -------- d-----w- c:\users\*\AppData\Roaming\Malwarebytes
2012-09-19 16:50 . 2012-09-19 16:50 -------- d-----w- c:\programdata\Malwarebytes
2012-09-19 16:50 . 2012-09-28 01:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-17 20:32 . 2012-09-17 20:32 -------- d-----w- c:\users\*\AppData\Roaming\PACE Anti-Piracy
2012-09-17 20:32 . 2012-09-17 20:32 -------- d-----w- c:\users\*\AppData\Local\PACE Anti-Piracy
2012-09-17 20:32 . 2012-09-17 20:32 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-09-17 16:42 . 2012-09-17 16:42 -------- d-----w- c:\users\*\AppData\Roaming\Ahead
2012-09-17 08:45 . 2012-09-17 09:33 -------- d-----w- c:\users\*\AppData\Roaming\TeamViewer
2012-09-17 08:12 . 2012-09-17 08:12 -------- d-----w- c:\users\*\AppData\Local\Apps
2012-09-17 01:06 . 2012-09-17 01:06 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-16 15:36 . 2012-09-16 15:36 -------- d-----w- c:\program files\Microsoft Silverlight
2012-09-16 15:36 . 2012-09-16 15:36 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-09-16 15:26 . 2012-09-16 15:26 -------- d-----w- c:\users\*\AppData\Local\Apple
2012-09-16 15:26 . 2012-09-16 15:26 -------- d-----w- c:\program files\Bonjour
2012-09-16 15:26 . 2012-09-16 15:26 -------- d-----w- c:\program files (x86)\Bonjour
2012-09-16 15:19 . 2012-09-16 15:19 -------- d-----w- c:\users\*\AppData\Local\Secunia PSI
2012-09-16 13:24 . 2012-09-16 13:24 -------- d-----w- c:\windows\de
2012-09-16 13:24 . 2012-09-16 13:24 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-09-16 13:23 . 2012-09-16 13:24 -------- d-----w- c:\program files (x86)\Windows Live
2012-09-16 13:21 . 2012-09-27 22:16 -------- d-----r- c:\users\*\SkyDrive
2012-09-16 13:21 . 2012-09-16 13:21 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-09-16 13:20 . 2012-09-19 22:53 -------- d-----w- c:\users\*\AppData\Local\Windows Live
2012-09-16 13:20 . 2012-09-16 13:20 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-09-12 08:10 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 08:10 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 08:10 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 08:10 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 08:10 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 08:10 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 08:10 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 07:56 . 2012-09-11 07:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-10 22:17 . 2012-10-05 10:09 -------- d-----w- c:\program files (x86)\Origin Games
2012-09-10 22:16 . 2012-09-10 22:16 -------- d-----w- c:\users\*\AppData\Local\PunkBuster
2012-09-10 22:09 . 2012-09-27 22:25 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-09-10 22:07 . 2012-10-06 22:39 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-09-10 22:07 . 2012-09-10 22:08 -------- d-----w- c:\users\*\AppData\Local\Origin
2012-09-10 22:05 . 2012-10-05 10:03 -------- d-----w- c:\program files (x86)\Origin
2012-09-10 21:13 . 2012-09-10 21:13 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-09-10 21:13 . 2012-09-11 07:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-10 21:13 . 2012-09-11 05:15 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-10 21:13 . 2012-09-11 05:15 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-10 19:38 . 2012-09-10 19:49 -------- d-----w- c:\users\*\AppData\Local\Microsoft Games
2012-09-10 18:00 . 2012-10-05 14:39 -------- d-----w- c:\programdata\Origin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 22:34 . 2012-09-05 15:31 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 22:34 . 2012-09-05 15:31 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 08:30 . 2012-09-04 13:25 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-05 02:42 . 2012-09-05 02:42 15453832 ----a-w- c:\windows\SysWow64\xlive.dll
2012-09-05 02:40 . 2012-09-05 02:40 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-05 02:40 . 2012-09-05 02:40 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-09-05 02:40 . 2012-09-05 02:40 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-05 02:40 . 2012-09-05 02:40 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-09-04 18:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-04 18:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-04 17:56 . 2012-09-04 17:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 17:56 . 2012-09-04 17:56 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 17:56 . 2012-09-04 17:56 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-04 15:47 . 2012-09-04 15:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-04 15:47 . 2012-09-04 15:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-04 15:47 . 2012-09-04 15:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-04 15:47 . 2012-09-04 15:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-04 15:47 . 2012-09-04 15:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-04 15:47 . 2012-09-04 15:47 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-04 15:47 . 2012-09-04 15:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-04 15:47 . 2012-09-04 15:47 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-04 15:47 . 2012-09-04 15:47 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-04 15:47 . 2012-09-04 15:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-04 15:47 . 2012-09-04 15:47 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-04 15:47 . 2012-09-04 15:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-04 15:47 . 2012-09-04 15:47 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-04 15:47 . 2012-09-04 15:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-04 15:47 . 2012-09-04 15:47 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-04 15:47 . 2012-09-04 15:47 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-04 15:47 . 2012-09-04 15:47 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-04 15:47 . 2012-09-04 15:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-04 15:47 . 2012-09-04 15:47 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-04 15:47 . 2012-09-04 15:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-04 15:47 . 2012-09-04 15:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-04 15:47 . 2012-09-04 15:47 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-04 15:47 . 2012-09-04 15:47 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-04 15:47 . 2012-09-04 15:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-04 15:47 . 2012-09-04 15:47 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-04 15:47 . 2012-09-04 15:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-04 15:47 . 2012-09-04 15:47 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-04 15:47 . 2012-09-04 15:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-04 15:47 . 2012-09-04 15:47 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-04 15:47 . 2012-09-04 15:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-04 15:47 . 2012-09-04 15:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-04 15:47 . 2012-09-04 15:47 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-04 15:47 . 2012-09-04 15:47 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-04 15:47 . 2012-09-04 15:47 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-04 15:47 . 2012-09-04 15:47 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-04 15:47 . 2012-09-04 15:47 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-04 15:47 . 2012-09-04 15:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-04 15:47 . 2012-09-04 15:47 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-04 15:47 . 2012-09-04 15:47 448512 ----a-w- c:\windows\system32\html.iec
2012-09-04 15:47 . 2012-09-04 15:47 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-04 15:47 . 2012-09-04 15:47 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-04 15:47 . 2012-09-04 15:47 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-04 15:47 . 2012-09-04 15:47 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-04 15:47 . 2012-09-04 15:47 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-04 15:47 . 2012-09-04 15:47 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-04 15:47 . 2012-09-04 15:47 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-04 15:47 . 2012-09-04 15:47 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-04 15:47 . 2012-09-04 15:47 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-04 15:47 . 2012-09-04 15:47 103936 ----a-w- c:\windows\system32\inseng.dll
2012-08-21 09:13 . 2012-09-04 11:36 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-09-04 11:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-09-04 11:36 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-09-04 11:36 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-09-04 11:36 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-09-04 11:36 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-09-04 11:35 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-09-04 11:35 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-09-04 11:36 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-28 00:54 . 2012-07-28 00:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-26 17:08 . 2012-07-26 17:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 17:08 . 2012-07-26 17:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 17:08 . 2012-07-26 17:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 17:08 . 2012-07-26 17:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 17:08 . 2012-07-26 17:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 13:22 . 2012-07-26 13:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 13:22 . 2012-07-26 13:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 13:22 . 2012-07-26 13:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 13:22 . 2012-07-26 13:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 13:22 . 2012-07-26 13:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-18 18:15 . 2012-09-04 13:19 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 13:14 . 2012-07-17 13:14 253184 ----a-w- c:\windows\system32\LIVESSP.DLL
2012-07-17 12:49 . 2012-07-17 12:49 209648 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2012-07-17 12:37 . 2012-07-17 12:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ZoomIt"="d:\downloads\ZoomIt43\ZoomIt.exe" [2012-07-11 568432]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 250288]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 esihdrv;esihdrv;c:\users\*\AppData\Local\Temp\esihdrv.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-25 114144]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2012-06-09 39248]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-28 868848]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\Sleen1764.sys [2010-02-17 13:21 108256]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2012-06-09 389968]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-07-02 35112]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 22:34]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000Core.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 15:47]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000UA.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 15:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\clm4btjq.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-LBTWlgn - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*L*u*n*a*t**Υn\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*à']
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*à'\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-*mpeg]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-*mpeg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*€@”n\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-07 23:40:07
ComboFix-quarantined-files.txt 2012-10-07 21:40
.
Vor Suchlauf: 11 Verzeichnis(se), 194.268.020.736 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 193.969.610.752 Bytes frei
.
- - End Of File - - D46CBAA20E97BC2CBE9CB93C7508566E
|
|
08.10.2012, 10:50
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Tracking Cookie und Security HiJack Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
C:\STFCCE3.tmp
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.10.2012, 15:31
| #23 |
| | Adware Tracking Cookie und Security HiJackCode:
ATTFilter ComboFix 12-10-08.01 - * 08.10.2012 15:15:48.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3958.2432 [GMT 2:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\*\Desktop\Cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\STFCCE3.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\STFCCE3.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-08 bis 2012-10-08 ))))))))))))))))))))))))))))))
.
.
2012-10-08 13:21 . 2012-10-08 13:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-08 13:02 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57FF9323-3D5A-4002-A0D4-A107AFDE7B8D}\mpengine.dll
2012-10-07 21:43 . 2012-10-07 21:43 -------- d-----w- C:\IDE
2012-10-07 13:25 . 2012-10-07 13:39 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-07 12:23 . 2012-09-18 22:58 9308616 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7611BBB8-BEDF-4EDD-ADBB-F35825D998B7}\mpengine.dll
2012-10-05 21:25 . 2012-10-05 21:25 -------- d-----w- C:\_OTL
2012-10-05 13:32 . 2012-10-05 13:33 -------- d-----w- c:\programdata\Solidshield
2012-10-05 12:54 . 2012-10-05 12:54 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-10-05 12:54 . 2012-10-05 12:54 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-10-05 05:17 . 2012-10-05 05:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-28 12:50 . 2012-07-02 10:23 35112 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-09-28 10:46 . 2012-09-28 10:46 -------- d-----w- c:\program files\CyberGhost VPN
2012-09-28 01:56 . 2012-09-28 01:56 -------- d-----w- c:\program files (x86)\Alcohol Soft
2012-09-28 01:56 . 2012-09-28 01:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-28 01:15 . 2012-09-28 01:15 868848 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-09-28 01:15 . 2012-09-28 01:15 -------- d-----w- c:\program files (x86)\Franzis
2012-09-28 01:08 . 2012-09-28 01:08 -------- d-----w- c:\users\*\AppData\Roaming\Nero
2012-09-28 01:04 . 2012-09-28 01:06 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-09-28 01:04 . 2012-09-28 01:04 -------- d-----w- c:\program files (x86)\Nero
2012-09-28 00:11 . 2012-09-19 09:29 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-28 00:11 . 2012-09-19 09:29 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-09-28 00:11 . 2012-09-19 09:29 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-09-28 00:10 . 2012-09-28 00:28 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2013
2012-09-28 00:08 . 2012-09-28 00:20 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-09-28 00:08 . 2012-09-28 00:08 -------- d--h--w- c:\programdata\Common Files
2012-09-27 17:12 . 2012-09-27 17:13 -------- d-----w- c:\users\*\.gnubg
2012-09-27 16:15 . 2012-09-27 16:30 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-09-26 16:03 . 2012-09-27 22:15 -------- d-----w- c:\users\*\AppData\Roaming\SUPERAntiSpyware.com
2012-09-26 16:02 . 2012-09-26 16:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-26 00:30 . 2012-09-26 00:31 -------- d-----w- C:\AVZ
2012-09-25 18:30 . 2012-09-25 18:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-25 17:46 . 2012-09-27 22:16 -------- d-----w- c:\users\*\AppData\Roaming\NetMeter
2012-09-25 17:46 . 2012-09-25 17:46 -------- d-----w- c:\program files (x86)\NetMeter
2012-09-25 17:39 . 2012-09-26 18:34 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-25 17:38 . 2012-09-25 17:39 -------- d-----w- c:\programdata\Logishrd
2012-09-25 17:38 . 2012-09-25 17:39 -------- d-----w- c:\program files\Logitech
2012-09-25 17:38 . 2012-09-25 17:39 -------- d-----w- c:\program files\Common Files\Logishrd
2012-09-25 17:35 . 2012-09-27 17:30 -------- d-----w- c:\users\*\AppData\Roaming\Logishrd
2012-09-25 17:35 . 2012-09-25 18:13 -------- d-----w- c:\users\*\AppData\Roaming\Logitech
2012-09-25 17:08 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 14:51 . 2012-09-25 15:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-19 16:50 . 2012-09-19 16:50 -------- d-----w- c:\users\*\AppData\Roaming\Malwarebytes
2012-09-19 16:50 . 2012-09-19 16:50 -------- d-----w- c:\programdata\Malwarebytes
2012-09-19 16:50 . 2012-09-28 01:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-17 20:32 . 2012-09-17 20:32 -------- d-----w- c:\users\*\AppData\Roaming\PACE Anti-Piracy
2012-09-17 20:32 . 2012-09-17 20:32 -------- d-----w- c:\users\*\AppData\Local\PACE Anti-Piracy
2012-09-17 20:32 . 2012-09-17 20:32 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-09-17 16:42 . 2012-09-17 16:42 -------- d-----w- c:\users\*\AppData\Roaming\Ahead
2012-09-17 08:45 . 2012-09-17 09:33 -------- d-----w- c:\users\*\AppData\Roaming\TeamViewer
2012-09-17 08:12 . 2012-09-17 08:12 -------- d-----w- c:\users\*\AppData\Local\Apps
2012-09-17 01:06 . 2012-09-17 01:06 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-16 15:36 . 2012-09-16 15:36 -------- d-----w- c:\program files\Microsoft Silverlight
2012-09-16 15:36 . 2012-09-16 15:36 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-09-16 15:26 . 2012-09-16 15:26 -------- d-----w- c:\users\*\AppData\Local\Apple
2012-09-16 15:26 . 2012-09-16 15:26 -------- d-----w- c:\program files\Bonjour
2012-09-16 15:26 . 2012-09-16 15:26 -------- d-----w- c:\program files (x86)\Bonjour
2012-09-16 15:19 . 2012-09-16 15:19 -------- d-----w- c:\users\*\AppData\Local\Secunia PSI
2012-09-16 13:24 . 2012-09-16 13:24 -------- d-----w- c:\windows\de
2012-09-16 13:24 . 2012-09-16 13:24 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-09-16 13:23 . 2012-09-16 13:24 -------- d-----w- c:\program files (x86)\Windows Live
2012-09-16 13:21 . 2012-09-27 22:16 -------- d-----r- c:\users\*\SkyDrive
2012-09-16 13:21 . 2012-09-16 13:21 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-09-16 13:20 . 2012-09-19 22:53 -------- d-----w- c:\users\*\AppData\Local\Windows Live
2012-09-16 13:20 . 2012-09-16 13:20 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-09-12 08:10 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 08:10 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 08:10 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 08:10 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 08:10 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 08:10 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 08:10 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 07:56 . 2012-09-11 07:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-10 22:17 . 2012-10-05 10:09 -------- d-----w- c:\program files (x86)\Origin Games
2012-09-10 22:16 . 2012-09-10 22:16 -------- d-----w- c:\users\*\AppData\Local\PunkBuster
2012-09-10 22:09 . 2012-09-27 22:25 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-09-10 22:07 . 2012-10-06 22:39 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-09-10 22:07 . 2012-09-10 22:08 -------- d-----w- c:\users\*\AppData\Local\Origin
2012-09-10 22:05 . 2012-10-05 10:03 -------- d-----w- c:\program files (x86)\Origin
2012-09-10 21:13 . 2012-09-10 21:13 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-09-10 21:13 . 2012-09-11 07:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-10 21:13 . 2012-09-11 05:15 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-10 21:13 . 2012-09-11 05:15 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-10 19:38 . 2012-09-10 19:49 -------- d-----w- c:\users\*\AppData\Local\Microsoft Games
2012-09-10 18:00 . 2012-10-05 14:39 -------- d-----w- c:\programdata\Origin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 22:34 . 2012-09-05 15:31 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 22:34 . 2012-09-05 15:31 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 08:30 . 2012-09-04 13:25 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-05 02:42 . 2012-09-05 02:42 15453832 ----a-w- c:\windows\SysWow64\xlive.dll
2012-09-05 02:40 . 2012-09-05 02:40 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-05 02:40 . 2012-09-05 02:40 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-09-05 02:40 . 2012-09-05 02:40 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-05 02:40 . 2012-09-05 02:40 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-09-04 18:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-04 18:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-04 17:56 . 2012-09-04 17:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 17:56 . 2012-09-04 17:56 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 17:56 . 2012-09-04 17:56 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-04 15:47 . 2012-09-04 15:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-04 15:47 . 2012-09-04 15:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-04 15:47 . 2012-09-04 15:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-04 15:47 . 2012-09-04 15:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-04 15:47 . 2012-09-04 15:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-04 15:47 . 2012-09-04 15:47 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-04 15:47 . 2012-09-04 15:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-04 15:47 . 2012-09-04 15:47 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-04 15:47 . 2012-09-04 15:47 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-04 15:47 . 2012-09-04 15:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-04 15:47 . 2012-09-04 15:47 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-04 15:47 . 2012-09-04 15:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-04 15:47 . 2012-09-04 15:47 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-04 15:47 . 2012-09-04 15:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-04 15:47 . 2012-09-04 15:47 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-04 15:47 . 2012-09-04 15:47 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-04 15:47 . 2012-09-04 15:47 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-04 15:47 . 2012-09-04 15:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-04 15:47 . 2012-09-04 15:47 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-04 15:47 . 2012-09-04 15:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-04 15:47 . 2012-09-04 15:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-04 15:47 . 2012-09-04 15:47 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-04 15:47 . 2012-09-04 15:47 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-04 15:47 . 2012-09-04 15:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-04 15:47 . 2012-09-04 15:47 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-04 15:47 . 2012-09-04 15:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-04 15:47 . 2012-09-04 15:47 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-04 15:47 . 2012-09-04 15:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-04 15:47 . 2012-09-04 15:47 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-04 15:47 . 2012-09-04 15:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-04 15:47 . 2012-09-04 15:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-04 15:47 . 2012-09-04 15:47 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-04 15:47 . 2012-09-04 15:47 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-04 15:47 . 2012-09-04 15:47 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-04 15:47 . 2012-09-04 15:47 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-04 15:47 . 2012-09-04 15:47 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-04 15:47 . 2012-09-04 15:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-04 15:47 . 2012-09-04 15:47 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-04 15:47 . 2012-09-04 15:47 448512 ----a-w- c:\windows\system32\html.iec
2012-09-04 15:47 . 2012-09-04 15:47 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-04 15:47 . 2012-09-04 15:47 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-04 15:47 . 2012-09-04 15:47 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-04 15:47 . 2012-09-04 15:47 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-04 15:47 . 2012-09-04 15:47 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-04 15:47 . 2012-09-04 15:47 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-04 15:47 . 2012-09-04 15:47 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-04 15:47 . 2012-09-04 15:47 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-04 15:47 . 2012-09-04 15:47 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-04 15:47 . 2012-09-04 15:47 103936 ----a-w- c:\windows\system32\inseng.dll
2012-08-21 09:13 . 2012-09-04 11:36 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-09-04 11:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-09-04 11:36 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-09-04 11:36 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-09-04 11:36 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-09-04 11:36 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-09-04 11:35 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-09-04 11:35 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-09-04 11:36 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-28 00:54 . 2012-07-28 00:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-26 17:08 . 2012-07-26 17:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 17:08 . 2012-07-26 17:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 17:08 . 2012-07-26 17:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 17:08 . 2012-07-26 17:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 17:08 . 2012-07-26 17:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 13:22 . 2012-07-26 13:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 13:22 . 2012-07-26 13:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 13:22 . 2012-07-26 13:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 13:22 . 2012-07-26 13:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 13:22 . 2012-07-26 13:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-18 18:15 . 2012-09-04 13:19 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 13:14 . 2012-07-17 13:14 253184 ----a-w- c:\windows\system32\LIVESSP.DLL
2012-07-17 12:49 . 2012-07-17 12:49 209648 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2012-07-17 12:37 . 2012-07-17 12:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ZoomIt"="d:\downloads\ZoomIt43\ZoomIt.exe" [2012-07-11 568432]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 250288]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 esihdrv;esihdrv;c:\users\*\AppData\Local\Temp\esihdrv.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-25 114144]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2012-06-09 39248]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-28 868848]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\Sleen1764.sys [2010-02-17 13:21 108256]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2012-06-09 389968]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-07-02 35112]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 22:34]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000Core.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 15:47]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000UA.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 15:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\clm4btjq.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*L*u*n*a*t**Υn\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*à']
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*à'\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-*mpeg]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-*mpeg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3094054634-324839966-1081519958-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*€@”n\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-08 15:23:52
ComboFix-quarantined-files.txt 2012-10-08 13:23
ComboFix2.txt 2012-10-07 21:40
.
Vor Suchlauf: 15 Verzeichnis(se), 193.735.700.480 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 193.526.767.616 Bytes frei
.
- - End Of File - - 164F77C79F5390F2D81CF3855CDA47EE
|
|
08.10.2012, 16:31
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Tracking Cookie und Security HiJack Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.10.2012, 20:52
| #25 |
| | Adware Tracking Cookie und Security HiJackCode:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-08 21:31:02
Windows 6.1.7601 Service Pack 1
Running: h0i99ffr.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x71 0x96 0xD3 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x59 0x04 0x55 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDF 0x9F 0x28 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x71 0x96 0xD3 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x59 0x04 0x55 0xD0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDF 0x9F 0x28 0x5C ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:35:13 on 08.10.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Google Inc. Google Chrome 22.0.1229.79 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000Core.job" - "Google Inc." - C:\Users\*\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3094054634-324839966-1081519958-1000UA.job" - "Google Inc." - C:\Users\*\AppData\Local\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "am8li0mv" (am8li0mv) - "Microsoft Corporation" - C:\Windows\system32\drivers\am8li0mv.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "esihdrv" (esihdrv) - ? - C:\Users\*\AppData\Local\Temp\esihdrv.sys (File not found) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "Steganos Live Encryption Engine 17 [Driver]" (SLEE_17_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt - " - C:\Windows\Sleen1764.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "ms-help" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Microsoft Outlook Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - C:\Program Files\TeraCopy\TeraCopyExt.dll (File found, but it contains no detailed information) {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2013\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2013\SDShelEx-win32.dll {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout64" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_4_402_278.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} "{0E8D0700-75DF-11D3-8B4A-0008C7450C4A}" - ? - (File not found | COM-object registry key not found) / hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Microsoft-Konto-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL (Hidden registry entry, rootkit activity | File signed by Microsoft) "rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe "ZoomIt" - "Sysinternals - www.sysinternals.com" - D:\Downloads\ZoomIt43\ZoomIt.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe "CyberGhost VPN Client" (CGVPNCliSrvc) - "mobile concepts GmbH" - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Office 64 Source Engine" (ose64) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File not found) "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe "StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\system32\G-Force.scr (File found, but it contains no detailed information) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Hier das Log mit "None-Einstellung": Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-08 21:40:29
-----------------------------
21:40:29.449 OS Version: Windows x64 6.1.7601 Service Pack 1
21:40:29.449 Number of processors: 4 586 0x2502
21:40:29.449 ComputerName: *-* UserName: *
21:40:30.478 Initialize success
21:40:30.572 AVAST engine defs: 12100800
21:40:37.951 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:40:37.951 Disk 0 Vendor: TOSHIBA_ AX00 Size: 953869MB BusType: 3
21:40:37.982 Disk 0 MBR read successfully
21:40:37.982 Disk 0 MBR scan
21:40:37.982 Disk 0 Windows 7 default MBR code
21:40:37.998 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:40:38.013 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 308000 MB offset 206848
21:40:38.029 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 645767 MB offset 630990848
21:40:38.076 Disk 0 scanning C:\Windows\system32\drivers
21:40:46.000 Service scanning
21:41:03.535 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:41:09.666 Modules scanning
21:41:09.666 Disk 0 trace - called modules:
21:41:09.697 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spdu.sys hal.dll
21:41:09.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a4f060]
21:41:09.712 3 CLASSPNP.SYS[fffff88001d5643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a04050]
21:41:09.712 Scan finished successfully
21:41:27.403 Disk 0 MBR has been saved successfully to "C:\Users\*\Desktop\MBR.dat"
21:41:27.418 The log file has been saved successfully to "C:\Users\*\Desktop\aswMBR.txt"
|
|
09.10.2012, 11:16
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Tracking Cookie und Security HiJack Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 19:48
| #27 |
| | Adware Tracking Cookie und Security HiJack Hi, Malwarebytes hat nichts gefunden - kein Log. Kannst du mir evtl. was zu der von SUPERAntiSpyware sagen? Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/09/2012 at 08:41 PM
Application Version : 5.5.1022
Core Rules Database Version : 9366
Trace Rules Database Version: 7178
Scan type : Complete Scan
Total Scan Time : 04:32:58
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 728
Memory threats detected : 0
Registry items scanned : 73408
Registry threats detected : 30
File items scanned : 223901
File threats detected : 0
Security.HiJack[ImageFileExecutionOptions]
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MISC.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MISC.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OIS.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OIS.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCONTENTINSTALLER.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCONTENTINSTALLER.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSLAUNCHER.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSLAUNCHER.EXE#Debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE#Debugger
|
|
09.10.2012, 20:13
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Tracking Cookie und Security HiJack Hm, irgendwie machen diese Einträge keinen Sinn, kann sein dass die durch Tuneup kommen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2012, 12:48
| #29 |
| | Adware Tracking Cookie und Security HiJack Hi, Spyware hat danach nichts mehr gefunden und alle Office-Anwendungen funktionieren noch. Office wurde zwar, nach der Übernahme der jeweiligen Registrierungsschlüssel in die Quarantäne, einmalig beim Start neukonfiguriert, aber funktioniert alles soweit. Ansonsten wären wir durch? Gruß |
|
10.10.2012, 14:09
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Tracking Cookie und Security HiJack Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Adware Tracking Cookie und Security HiJack |
| adware, antivirus, avast, avast antivirus, browser, dateien, detected, explorer, file, firefox, frage, gelöscht, google, hijack, home, internet, internet browser, internet explorer, microsoft, mozilla, ordner, registrierungsdatenbank, security, software, suche, superantispyware, windows |
Linear-Darstellung
