Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.12.2012, 14:49   #1
sara91
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



Hi Leute,

mein Laptop ist seit einiger Zeit sehr langsam, sobald ich im Internet bin und google kann nicht mehr geladen werden. Zuerst hatte ich den verdacht es könnte was an der Festplatte sein. Ein Scan mit CHKDSK fand jedoch keine probleme. Bei einem Scan mit Malwarebytes: Anti-Malware wurden jedoch gleich 2 Trojaner identifiziert. Die beiden heissen "Trojan.Lameshield" und "Trojan.Agent.FSA34".

Der Inhalt der Logdatei ist folgendermaßen:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.03.14

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sara :: LAPTOP [Administrator]

04.12.2012 00:15:35
mbam-log-2012-12-04 (08-11-29)-Trojaner.txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 797923
Laufzeit: 4 Stunde(n), 57 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SonyAgent (Trojan.Lameshield) -> Daten: C:\Windows\Temp\temp05.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Windows\Temp\temp05.exe (Trojan.Lameshield) -> Keine Aktion durchgeführt.
C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZUH283A\calc[1].exe (Trojan.Agent.FSA34) -> Keine Aktion durchgeführt.
C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBW6DINH\calc[1].exe (Trojan.Agent.FSA34) -> Keine Aktion durchgeführt.
C:\Users\Sara\AppData\Local\Temp\70A8.tmp (Trojan.Agent.FSA34) -> Keine Aktion durchgeführt.

(Ende)
         

Leider weiss ich jetzt nicht, was ich tun muss um die Trojaner wieder los zu werden. Ich hoffe, dass es eine Möglichkeit gibt, bei der meine Daten weitestgehend erhalten bleiben. Ich wäre euch für jede Hilfe sehr dankbar!!

viele Grüße

Sara

Alt 10.12.2012, 15:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



Hallo und

Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________

__________________

Alt 11.12.2012, 21:22   #3
sara91
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



Hi,
danke erstmal für die schnelle Antwort! Ich habe tatsächlich noch den Log von einem älteren Scan. Der Scan wurde mit Sophos Antivirus durchgeführt und die gefundenen Dateien befinden sich alle in der Quarantäne des Programms, konnten aber, zumindest glaube ich das, nicht wirklich entfernt werden. Den Scan hatte ich damals einige Zeit bevor die beschriebenen Probleme auftraten (Laptop im Internet extrem langsam, kann Google nicht öffnen). Die Namen der Übeltäter werden bei Sophos gelistet als:

Virus/Spyware: "Shh/Updater-B", "Shh/PWSSimda-AB"
Verdächtiges verhalten: "HIPS/ProcInj-001"
__________________

Alt 11.12.2012, 21:29   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



Zitat:
Die Namen der Übeltäter werden bei Sophos gelistet als:

Virus/Spyware: "Shh/Updater-B", "Shh/PWSSimda-AB"
Verdächtiges verhalten: "HIPS/ProcInj-001"
Diese Angabe ist unvollständig und hilft nicht weiter
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.12.2012, 11:43   #5
sara91
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



sorry, ich wollte eigentlich das logfile hochladen. mein internet ist jedoch zu langsam gewesen und deswegen hat es nicht funktioniert.


Alt 12.12.2012, 13:31   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



Du hast wohl einen ZAccess im System.
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34

Alt 13.12.2012, 19:33   #7
sara91
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



Hallo,

ich habe Combofix jetzt ausgeführt.
Hier ist der Inhalt der log-Datei:

Code:
ATTFilter
ComboFix 12-12-10.01 - Sara 13.12.2012   0:19.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2814.1492 [GMT 1:00]
ausgeführt von:: c:\users\Sara\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Outdated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Enabled/Outdated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\RUNDLL32.EXE-x.txt
c:\windows\security\Database\tmp.edb
c:\windows\Temp\temp05.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-13 bis 2012-12-13  ))))))))))))))))))))))))))))))
.
.
2012-12-13 03:30 . 2012-12-13 03:30	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{133237FB-285B-4333-B9C1-40E4B1970C07}\offreg.dll
2012-12-12 23:42 . 2012-12-13 00:09	--------	d-----w-	c:\users\Sara\AppData\Local\temp
2012-12-12 23:42 . 2012-12-12 23:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-03 23:14 . 2012-12-03 23:15	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-15 08:06 . 2012-10-03 16:58	1293680	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-11-15 08:06 . 2012-10-03 16:42	156672	----a-w-	c:\windows\system32\ncsi.dll
2012-11-15 08:06 . 2012-10-03 16:40	499712	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-11-15 08:06 . 2012-10-03 16:42	52224	----a-w-	c:\windows\system32\nlaapi.dll
2012-11-15 08:06 . 2012-10-03 16:42	242176	----a-w-	c:\windows\system32\nlasvc.dll
2012-11-15 08:06 . 2012-10-03 16:42	18944	----a-w-	c:\windows\system32\netevent.dll
2012-11-15 08:06 . 2012-10-03 16:42	175104	----a-w-	c:\windows\system32\netcorehc.dll
2012-11-15 08:06 . 2012-10-03 15:21	35328	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 11:19 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 11:19 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 11:19 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-14 11:18 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-14 11:18 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-14 11:18 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 11:18 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 11:18 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-14 11:18 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-14 11:18 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 05:10 . 2012-09-25 22:47	78336	----a-w-	c:\windows\system32\synceng.dll
2012-11-14 05:10 . 2012-10-18 17:59	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-11-14 05:10 . 2012-10-09 17:40	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-11-14 05:10 . 2012-10-09 17:40	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 20:26 . 2011-05-07 08:01	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-06 20:25 . 2011-05-07 08:01	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-06 20:25 . 2011-05-13 13:43	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-05 20:07 . 2011-05-13 13:43	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-05 19:53 . 2011-05-13 13:43	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-04 23:10 . 2011-05-07 08:01	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-24 10:52 . 2012-06-06 16:54	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-24 10:52 . 2011-05-26 05:54	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-23 07:24 . 2012-10-23 07:24	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-18 05:46 . 2012-10-18 05:46	242240	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-16 07:39 . 2012-11-27 21:29	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-12 05:56 . 2012-11-09 17:58	6918632	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{133237FB-285B-4333-B9C1-40E4B1970C07}\mpengine.dll
2012-09-29 18:54 . 2012-03-03 11:23	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28 . 2012-10-10 11:20	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17420464]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"PopUpStopperFreeEdition"="d:\program files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2005-03-17 536576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2012-08-31 900160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"PDFPrint"="d:\program files\PDF24\pdf24.exe" [2012-09-06 162408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 5689;5689;c:\users\Sara\AppData\Local\Temp\5689.sys [x]
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 swi_update;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 CZCanSrv;CZCanSrv;c:\program files\Common Files\Carl Zeiss\CZCanSrv.exe [x]
R3 LVMST;LVMST service;c:\windows\system32\DRIVERS\LVMST.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 SaiU04E5;SaiU04E5;c:\windows\system32\DRIVERS\SaiU04E5.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
S2 MTBService_2.0.0.12;MTB2011 Server (2.0.0.12);c:\program files\Carl Zeiss\MTB 2011 - 2.0.0.12\MTB Server Console\MTBService.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8187B;RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) von Realtek;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 10:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 141.44.1.9 141.44.1.1
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
FF - ProfilePath - c:\users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\cd3m5jn7.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.explosm.net/comics/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= 
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a0,8c,7a,f0,ca,43,e0,96,d0,dc,2e,a3,85,b2,42,fe,d1,b5,0c,d6,e6,bd,74,
   ec,12,61,78,62,01,f3,2f,8d,0a,5a,99,87,ff,70,3b,bd,58,68,c6,ec,d0,db,7d,5a,\
"??"=hex:a9,aa,ab,8a,7b,6c,01,f9,19,12,cd,97,76,93,be,a7
.
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:ac,40,c5,d1,a2,ce,fa,2f,51,50,fb,d0,a9,1f,27,a6,47,44,84,a6,a8,
   4e,42,61,c4,31,20,57,b8,f6,fc,f5,fd,09,93,6b,15,e6,f9,6a,b4,d6,4b,5c,af,29,\
"rkeysecu"=hex:c6,a4,2b,a3,c1,c1,e8,71,88,1e,02,d3,99,8a,1b,ae
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3468)
d:\program files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\hasplms.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-13  08:46:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-13 07:45
.
Vor Suchlauf: 196.071.424 Bytes frei
Nach Suchlauf: 151.224.320 Bytes frei
.
- - End Of File - - 41DD059CD27B25DA229BD8EFA07531A5
         

Alt 13.12.2012, 20:04   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.12.2012, 19:29   #9
sara91
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



Hallo,

ich habe beide Scans ausgeführt. Der GMER scan hat sehr lange gedauert. er lief schon seit ca. 1 Woche, dann war ich über Weihnachten ein paar Tage unterwegs und habe den Scan zuhause weiterlaufen lassen. Als ich wieder nach hause kam, war der Scan leider abgebrochen.

hier ist der log von diesem scan:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-31 11:11:07
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK2552GSX rev.LV010M
Running: y6m9erhm.exe; Driver: C:\Users\Sara\AppData\Local\Temp\uxldapow.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)  ZwCreateKey [0x82C48FEC]
SSDT                                                                                                                                  \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82C48FEC]                 ZwCreateKey [0x82C48FEC]
SSDT                                                                                                                                  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)  ZwOpenKey [0x82C48FF1]
SSDT                                                                                                                                  \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82C48FF1]                 ZwOpenKey [0x82C48FF1]

INT 0x03                                                                                                                              \SystemRoot\system32\ntkrnlpa.exe[unknown section]                            82C48FFB

---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                      82C85A49 1 Byte  [06]
.text                                                                                                                                 ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                        82CBF4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 11BF                                           82CC65F4 3 Bytes  [EC, 8F, C4] {IN AL, DX ; POP ESP}
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 137F                                           82CC67B4 3 Bytes  [F1, 8F, C4] {INT1 ; POP ESP}
PAGE                                                                                                                                  ntkrnlpa.exe!ZwResumeThread                                                   82EBA592 1 Byte  [CC] {INT 3 }
.text                                                                                                                                 ataport.SYS!AtaPortGetScatterGatherList + B44                                 8396744E 1 Byte  [CC] {INT 3 }
.text                                                                                                                                 C:\Windows\system32\DRIVERS\atikmdag.sys                                      section is writeable [0x93A33000, 0x2D5378, 0xE8000020]
.text                                                                                                                                 C:\Windows\system32\drivers\aksfridge.sys                                     section is writeable [0x9FD50000, 0x47E35, 0xE0000020]
.init                                                                                                                                 C:\Windows\system32\drivers\aksfridge.sys                                     entry point in ".init" section [0x9FDA4224]
.init                                                                                                                                 C:\Windows\system32\drivers\aksfridge.sys                                     unknown last code section [0x9FDA4000, 0x4000, 0xE20000E0]
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys                                      section is writeable [0xA3010400, 0x6E6E2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA309A820]  C:\Windows\system32\drivers\hardlock.sys                                      entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA309A820]
.protectÿÿÿÿhardlockunknown last code section [0xA309A600, 0x512A, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                      unknown last code section [0xA309A600, 0x512A, 0xE0000020]

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                \Driver\ACPI_HAL \Device\00000050                                             halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume1                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume2                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume3                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume4                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device                                                                                                                                \Driver\Disk \Device\Harddisk0\DR0                                            aksfridge.sys

AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread                                                                                                                                System [4:760]                                                                86DB00F4

---- EOF - GMER 1.0.15 ----
         


Der aswMBR Scan funktionierte erst auch nicht, daher wählte ich ihn wie empfohlen none bei "AV scan" aus. So hat er funktioniert. Hier ist das log-file:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-31 20:03:35
-----------------------------
20:03:35.037    OS Version: Windows 6.1.7601 Service Pack 1
20:03:35.037    Number of processors: 2 586 0x301
20:03:35.053    ComputerName: LAPTOP  UserName: Sara
20:03:51.401    Initialize success
20:04:08.140    The log file has been saved successfully to "C:\Users\Sara\Desktop\aswMBRlog1.txt"
20:04:11.604    AVAST engine defs: 12123100
20:05:03.771    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
20:05:03.771    Disk 0 Vendor: TOSHIBA_MK2552GSX LV010M Size: 238475MB BusType: 11
20:05:03.818    Disk 0 MBR read successfully
20:05:03.818    Disk 0 MBR scan
20:05:03.834    Disk 0 Windows 7 default MBR code
20:05:03.849    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
20:05:03.880    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 3074048
20:05:03.896    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        29900 MB offset 3278848
20:05:03.927    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       206973 MB offset 64514048
20:05:03.927    Disk 0 scanning sectors +488394752
20:05:04.021    Disk 0 scanning C:\Windows\system32\drivers
20:05:40.104    Service scanning
20:05:41.804    Service ACPI C:\Windows\system32\drivers\ACPI.sys **LOCKED** 32
20:06:44.407    Modules scanning
20:06:54.391    Disk 0 trace - called modules:
20:06:54.422    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS >>UNKNOWN [0x8560a9b9]<<
20:06:54.438    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864241f0]
20:06:54.438    3 CLASSPNP.SYS[833d459e] -> nt!IofCallDriver -> [0x862bf3e0]
20:06:54.454    5 ACPI.sys[838113d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x862c0908]
20:06:54.469    Scan finished successfully
20:07:25.997    Disk 0 MBR has been saved successfully to "C:\Users\Sara\Desktop\MBR.dat"
20:07:26.013    The log file has been saved successfully to "C:\Users\Sara\Desktop\aswMBR.txt"
         

Alt 02.01.2013, 09:50   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.01.2013, 10:09   #11
sara91
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



hi,

ich hab den Scan wie beschrieben ausgeführt, ging sehr schnell. Hier ist die log-Datei:


Code:
ATTFilter
11:03:19.0237 6080  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:03:19.0253 6080  ============================================================
11:03:19.0253 6080  Current date / time: 2013/01/03 11:03:19.0253
11:03:19.0253 6080  SystemInfo:
11:03:19.0253 6080  
11:03:19.0253 6080  OS Version: 6.1.7601 ServicePack: 1.0
11:03:19.0253 6080  Product type: Workstation
11:03:19.0253 6080  ComputerName: LAPTOP
11:03:19.0253 6080  UserName: Sara
11:03:19.0253 6080  Windows directory: C:\Windows
11:03:19.0253 6080  System windows directory: C:\Windows
11:03:19.0253 6080  Processor architecture: Intel x86
11:03:19.0253 6080  Number of processors: 2
11:03:19.0253 6080  Page size: 0x1000
11:03:19.0253 6080  Boot type: Normal boot
11:03:19.0253 6080  ============================================================
11:03:20.0984 6080  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:03:20.0984 6080  ============================================================
11:03:20.0984 6080  \Device\Harddisk0\DR0:
11:03:20.0984 6080  MBR partitions:
11:03:20.0984 6080  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x32000
11:03:20.0984 6080  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x320800, BlocksNum 0x3A66000
11:03:20.0984 6080  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3D86800, BlocksNum 0x1943E800
11:03:20.0984 6080  ============================================================
11:03:21.0016 6080  C: <-> \Device\Harddisk0\DR0\Partition2
11:03:21.0047 6080  D: <-> \Device\Harddisk0\DR0\Partition3
11:03:21.0047 6080  ============================================================
11:03:21.0047 6080  Initialize success
11:03:21.0047 6080  ============================================================
11:04:18.0345 3636  ============================================================
11:04:18.0345 3636  Scan started
11:04:18.0345 3636  Mode: Manual; SigCheck; TDLFS; 
11:04:18.0345 3636  ============================================================
11:04:18.0720 3636  ================ Scan system memory ========================
11:04:18.0720 3636  System memory - ok
11:04:18.0720 3636  ================ Scan services =============================
11:04:18.0923 3636  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:04:19.0094 3636  1394ohci - ok
11:04:19.0219 3636  5689 - ok
11:04:19.0281 3636  [ DCCE754E13FE7DAA579D8F906CF3B388 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:04:19.0281 3636  ACPI ( Virus.Win32.Rloader.a ) - infected
11:04:19.0281 3636  ACPI - detected Virus.Win32.Rloader.a (0)
11:04:19.0328 3636  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:04:19.0406 3636  AcpiPmi - ok
11:04:19.0547 3636  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:04:19.0687 3636  Suspicious file (NoAccess): C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe. md5: D19C4EE2AC7C47B8F5F84FFF1A789D8A
11:04:19.0687 3636  AdobeARMservice ( LockedFile.Multi.Generic ) - warning
11:04:19.0687 3636  AdobeARMservice - detected LockedFile.Multi.Generic (1)
11:04:19.0796 3636  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:04:19.0968 3636  Suspicious file (NoAccess): C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe. md5: 0CB0AA071C7B86A64F361DCFDF357329
11:04:19.0968 3636  AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - warning
11:04:19.0968 3636  AdobeFlashPlayerUpdateSvc - detected LockedFile.Multi.Generic (1)
11:04:20.0015 3636  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:04:20.0093 3636  adp94xx - ok
11:04:20.0124 3636  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:04:20.0186 3636  adpahci - ok
11:04:20.0202 3636  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:04:20.0264 3636  adpu320 - ok
11:04:20.0311 3636  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:04:20.0358 3636  AeLookupSvc - ok
11:04:20.0436 3636  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
11:04:20.0498 3636  AFD - ok
11:04:20.0576 3636  [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
11:04:20.0701 3636  AgereSoftModem - ok
11:04:20.0732 3636  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
11:04:20.0779 3636  agp440 - ok
11:04:20.0826 3636  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
11:04:20.0873 3636  aic78xx - ok
11:04:20.0951 3636  [ 730E9D3BB324FB1899005AEA63C6782D ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
11:04:20.0982 3636  aksfridge - ok
11:04:21.0044 3636  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
11:04:21.0169 3636  ALG - ok
11:04:21.0216 3636  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:04:21.0294 3636  aliide - ok
11:04:21.0341 3636  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:04:21.0403 3636  AMD External Events Utility - ok
11:04:21.0497 3636  AMD FUEL Service - ok
11:04:21.0543 3636  [ 9FE76D783A7D47965D086A220B54277B ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
11:04:21.0575 3636  AMD Reservation Manager - ok
11:04:21.0606 3636  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:04:21.0653 3636  amdagp - ok
11:04:21.0684 3636  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:04:21.0731 3636  amdide - ok
11:04:21.0793 3636  [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86        C:\Windows\system32\DRIVERS\amdiox86.sys
11:04:21.0855 3636  amdiox86 - ok
11:04:21.0887 3636  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:04:21.0980 3636  AmdK8 - ok
11:04:22.0011 3636  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:04:22.0058 3636  AmdPPM - ok
11:04:22.0105 3636  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:04:22.0152 3636  amdsata - ok
11:04:22.0183 3636  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:04:22.0245 3636  amdsbs - ok
11:04:22.0277 3636  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:04:22.0292 3636  amdxata - ok
11:04:22.0292 3636  AODDriver4.0 - ok
11:04:22.0448 3636  [ FEC0C3F9B39C5D17EC3442F244EC0474 ] appdrv01        C:\Windows\system32\Drivers\appdrv01.sys
11:04:22.0620 3636  appdrv01 - ok
11:04:22.0713 3636  appdrvrem01 - ok
11:04:22.0776 3636  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
11:04:22.0932 3636  AppID - ok
11:04:22.0963 3636  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:04:23.0057 3636  AppIDSvc - ok
11:04:23.0103 3636  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
11:04:23.0150 3636  Appinfo - ok
11:04:23.0197 3636  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:04:23.0244 3636  AppMgmt - ok
11:04:23.0291 3636  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:04:23.0369 3636  arc - ok
11:04:23.0384 3636  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:04:23.0431 3636  arcsas - ok
11:04:23.0556 3636  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:04:23.0696 3636  aspnet_state - ok
11:04:23.0712 3636  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:04:23.0852 3636  AsyncMac - ok
11:04:23.0883 3636  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
11:04:23.0899 3636  atapi - ok
11:04:24.0102 3636  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:04:24.0351 3636  atikmdag - ok
11:04:24.0429 3636  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:04:24.0523 3636  AudioEndpointBuilder - ok
11:04:24.0539 3636  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:04:24.0585 3636  Audiosrv - ok
11:04:24.0648 3636  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:04:24.0757 3636  AxInstSV - ok
11:04:24.0819 3636  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
11:04:24.0929 3636  b06bdrv - ok
11:04:24.0975 3636  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:04:25.0053 3636  b57nd60x - ok
11:04:25.0100 3636  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:04:25.0163 3636  BDESVC - ok
11:04:25.0209 3636  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:04:25.0272 3636  Beep - ok
11:04:25.0365 3636  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
11:04:25.0459 3636  BFE - ok
11:04:25.0506 3636  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
11:04:25.0584 3636  BITS - ok
11:04:25.0615 3636  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:04:25.0662 3636  blbdrive - ok
11:04:25.0709 3636  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:04:25.0740 3636  bowser - ok
11:04:25.0771 3636  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:04:25.0865 3636  BrFiltLo - ok
11:04:25.0865 3636  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:04:25.0943 3636  BrFiltUp - ok
11:04:25.0989 3636  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
11:04:26.0083 3636  BridgeMP - ok
11:04:26.0114 3636  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
11:04:26.0177 3636  Browser - ok
11:04:26.0192 3636  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:04:26.0286 3636  Brserid - ok
11:04:26.0333 3636  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:04:26.0411 3636  BrSerWdm - ok
11:04:26.0442 3636  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:04:26.0489 3636  BrUsbMdm - ok
11:04:26.0504 3636  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:04:26.0551 3636  BrUsbSer - ok
11:04:26.0582 3636  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:04:26.0629 3636  BTHMODEM - ok
11:04:26.0691 3636  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
11:04:26.0785 3636  bthserv - ok
11:04:26.0801 3636  catchme - ok
11:04:26.0832 3636  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:04:26.0910 3636  cdfs - ok
11:04:26.0972 3636  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:04:27.0050 3636  cdrom - ok
11:04:27.0097 3636  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:04:27.0159 3636  CertPropSvc - ok
11:04:27.0191 3636  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:04:27.0222 3636  circlass - ok
11:04:27.0269 3636  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
11:04:27.0300 3636  CLFS - ok
11:04:27.0378 3636  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:04:27.0534 3636  clr_optimization_v2.0.50727_32 - ok
11:04:27.0690 3636  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:04:27.0752 3636  clr_optimization_v4.0.30319_32 - ok
11:04:27.0768 3636  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:04:27.0815 3636  CmBatt - ok
11:04:27.0846 3636  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:04:27.0893 3636  cmdide - ok
11:04:27.0939 3636  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
11:04:27.0971 3636  CNG - ok
11:04:28.0002 3636  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:04:28.0033 3636  Compbatt - ok
11:04:28.0064 3636  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:04:28.0127 3636  CompositeBus - ok
11:04:28.0142 3636  COMSysApp - ok
11:04:28.0173 3636  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:04:28.0220 3636  crcdisk - ok
11:04:28.0267 3636  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:04:28.0314 3636  CryptSvc - ok
11:04:28.0361 3636  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
11:04:28.0470 3636  CSC - ok
11:04:28.0517 3636  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
11:04:28.0595 3636  CscService - ok
11:04:28.0657 3636  [ 3E26199DB3208FA1CF16CB89929537A9 ] CZCanSrv        C:\Program Files\Common Files\Carl Zeiss\CZCanSrv.exe
11:04:28.0766 3636  CZCanSrv ( UnsignedFile.Multi.Generic ) - warning
11:04:28.0766 3636  CZCanSrv - detected UnsignedFile.Multi.Generic (1)
11:04:28.0797 3636  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:04:28.0844 3636  DcomLaunch - ok
11:04:28.0875 3636  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
11:04:28.0969 3636  defragsvc - ok
11:04:29.0016 3636  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:04:29.0094 3636  DfsC - ok
11:04:29.0156 3636  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:04:29.0219 3636  Dhcp - ok
11:04:29.0250 3636  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
11:04:29.0343 3636  discache - ok
11:04:29.0375 3636  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:04:29.0406 3636  Disk - ok
11:04:29.0437 3636  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:04:29.0468 3636  Dnscache - ok
11:04:29.0515 3636  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:04:29.0609 3636  dot3svc - ok
11:04:29.0671 3636  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
11:04:29.0765 3636  DPS - ok
11:04:29.0796 3636  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:04:29.0843 3636  drmkaud - ok
11:04:29.0889 3636  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:04:29.0905 3636  dtsoftbus01 - ok
11:04:29.0967 3636  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:04:30.0014 3636  DXGKrnl - ok
11:04:30.0061 3636  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
11:04:30.0139 3636  EapHost - ok
11:04:30.0264 3636  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
11:04:30.0420 3636  ebdrv - ok
11:04:30.0467 3636  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
11:04:30.0545 3636  EFS - ok
11:04:30.0623 3636  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:04:30.0825 3636  ehRecvr - ok
11:04:30.0857 3636  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
11:04:30.0966 3636  ehSched - ok
11:04:31.0028 3636  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:04:31.0106 3636  elxstor - ok
11:04:31.0137 3636  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:04:31.0184 3636  ErrDev - ok
11:04:31.0231 3636  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
11:04:31.0293 3636  EventSystem - ok
11:04:31.0293 3636  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
11:04:31.0387 3636  exfat - ok
11:04:31.0418 3636  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:04:31.0465 3636  fastfat - ok
11:04:31.0527 3636  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
11:04:31.0590 3636  Fax - ok
11:04:31.0621 3636  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:04:31.0668 3636  fdc - ok
11:04:31.0699 3636  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
11:04:31.0761 3636  fdPHost - ok
11:04:31.0777 3636  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
11:04:31.0824 3636  FDResPub - ok
11:04:31.0839 3636  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:04:31.0871 3636  FileInfo - ok
11:04:31.0902 3636  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:04:31.0964 3636  Filetrace - ok
11:04:32.0042 3636  [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:04:32.0151 3636  FLEXnet Licensing Service - ok
11:04:32.0183 3636  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:04:32.0229 3636  flpydisk - ok
11:04:32.0261 3636  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:04:32.0276 3636  FltMgr - ok
11:04:32.0354 3636  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
11:04:32.0417 3636  FontCache - ok
11:04:32.0479 3636  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:04:32.0510 3636  FontCache3.0.0.0 - ok
11:04:32.0526 3636  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:04:32.0573 3636  FsDepends - ok
11:04:32.0604 3636  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:04:32.0635 3636  Fs_Rec - ok
11:04:32.0666 3636  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:04:32.0697 3636  fvevol - ok
11:04:32.0760 3636  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:04:32.0791 3636  gagp30kx - ok
11:04:32.0853 3636  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:04:32.0963 3636  gpsvc - ok
11:04:33.0025 3636  [ A9D587E31DBEE3E9BD97FEFECE0BA874 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
11:04:33.0072 3636  hardlock - ok
11:04:33.0087 3636  hasplms - ok
11:04:33.0119 3636  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:04:33.0197 3636  hcw85cir - ok
11:04:33.0259 3636  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:04:33.0337 3636  HdAudAddService - ok
11:04:33.0368 3636  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:04:33.0399 3636  HDAudBus - ok
11:04:33.0446 3636  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:04:33.0509 3636  HidBatt - ok
11:04:33.0524 3636  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:04:33.0571 3636  HidBth - ok
11:04:33.0602 3636  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:04:33.0649 3636  HidIr - ok
11:04:33.0680 3636  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
11:04:33.0758 3636  hidserv - ok
11:04:33.0821 3636  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:04:33.0883 3636  HidUsb - ok
11:04:33.0914 3636  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:04:33.0977 3636  hkmsvc - ok
11:04:34.0023 3636  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:04:34.0086 3636  HomeGroupListener - ok
11:04:34.0133 3636  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:04:34.0164 3636  HomeGroupProvider - ok
11:04:34.0211 3636  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:04:34.0304 3636  HpSAMD - ok
11:04:34.0367 3636  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:04:34.0413 3636  HTTP - ok
11:04:34.0460 3636  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:04:34.0476 3636  hwpolicy - ok
11:04:34.0538 3636  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:04:34.0616 3636  i8042prt - ok
11:04:34.0647 3636  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:04:34.0710 3636  iaStorV - ok
11:04:34.0788 3636  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:04:34.0991 3636  idsvc - ok
11:04:35.0084 3636  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:04:35.0131 3636  iirsp - ok
11:04:35.0193 3636  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:04:35.0271 3636  IKEEXT - ok
11:04:35.0318 3636  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:04:35.0381 3636  intelide - ok
11:04:35.0381 3636  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:04:35.0443 3636  intelppm - ok
11:04:35.0474 3636  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:04:35.0583 3636  IPBusEnum - ok
11:04:35.0630 3636  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:04:35.0724 3636  IpFilterDriver - ok
11:04:35.0786 3636  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:04:35.0849 3636  iphlpsvc - ok
11:04:35.0895 3636  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:04:35.0958 3636  IPMIDRV - ok
11:04:35.0973 3636  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:04:36.0051 3636  IPNAT - ok
11:04:36.0083 3636  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:04:36.0129 3636  IRENUM - ok
11:04:36.0161 3636  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:04:36.0207 3636  isapnp - ok
11:04:36.0239 3636  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:04:36.0301 3636  iScsiPrt - ok
11:04:36.0332 3636  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:04:36.0395 3636  kbdclass - ok
11:04:36.0426 3636  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:04:36.0504 3636  kbdhid - ok
11:04:36.0519 3636  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
11:04:36.0535 3636  KeyIso - ok
11:04:36.0582 3636  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:04:36.0613 3636  KSecDD - ok
11:04:36.0629 3636  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:04:36.0660 3636  KSecPkg - ok
11:04:36.0691 3636  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:04:36.0785 3636  KtmRm - ok
11:04:36.0831 3636  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:04:36.0894 3636  LanmanServer - ok
11:04:36.0925 3636  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:04:36.0987 3636  LanmanWorkstation - ok
11:04:37.0034 3636  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:04:37.0097 3636  lltdio - ok
11:04:37.0128 3636  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:04:37.0221 3636  lltdsvc - ok
11:04:37.0237 3636  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:04:37.0284 3636  lmhosts - ok
11:04:37.0331 3636  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:04:37.0377 3636  LSI_FC - ok
11:04:37.0377 3636  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:04:37.0455 3636  LSI_SAS - ok
11:04:37.0455 3636  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:04:37.0502 3636  LSI_SAS2 - ok
11:04:37.0533 3636  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:04:37.0596 3636  LSI_SCSI - ok
11:04:37.0627 3636  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
11:04:37.0705 3636  luafv - ok
11:04:37.0799 3636  [ 0C944E4F596780F7CD26686E577EF606 ] LVMST           C:\Windows\system32\DRIVERS\LVMST.sys
11:04:37.0923 3636  LVMST - ok
11:04:38.0001 3636  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\Windows\system32\drivers\mbamswissarmy.sys
11:04:38.0064 3636  MBAMSwissArmy - ok
11:04:38.0095 3636  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:04:38.0157 3636  Mcx2Svc - ok
11:04:38.0189 3636  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:04:38.0220 3636  megasas - ok
11:04:38.0251 3636  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:04:38.0298 3636  MegaSR - ok
11:04:38.0329 3636  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
11:04:38.0423 3636  MMCSS - ok
11:04:38.0438 3636  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
11:04:38.0501 3636  Modem - ok
11:04:38.0532 3636  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:04:38.0579 3636  monitor - ok
11:04:38.0625 3636  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:04:38.0688 3636  mouclass - ok
11:04:38.0719 3636  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:04:38.0781 3636  mouhid - ok
11:04:38.0813 3636  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:04:38.0828 3636  mountmgr - ok
11:04:38.0859 3636  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:04:38.0937 3636  mpio - ok
11:04:38.0953 3636  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:04:39.0015 3636  mpsdrv - ok
11:04:39.0093 3636  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:04:39.0187 3636  MpsSvc - ok
11:04:39.0218 3636  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:04:39.0312 3636  MRxDAV - ok
11:04:39.0374 3636  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:04:39.0437 3636  mrxsmb - ok
11:04:39.0484 3636  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:04:39.0515 3636  mrxsmb10 - ok
11:04:39.0546 3636  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:04:39.0577 3636  mrxsmb20 - ok
11:04:39.0608 3636  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
11:04:39.0640 3636  msahci - ok
11:04:39.0671 3636  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:04:39.0718 3636  msdsm - ok
11:04:39.0749 3636  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
11:04:39.0811 3636  MSDTC - ok
11:04:39.0858 3636  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:04:39.0920 3636  Msfs - ok
11:04:39.0952 3636  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:04:39.0998 3636  mshidkmdf - ok
11:04:40.0030 3636  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:04:40.0045 3636  msisadrv - ok
11:04:40.0092 3636  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:04:40.0186 3636  MSiSCSI - ok
11:04:40.0186 3636  msiserver - ok
11:04:40.0232 3636  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:04:40.0326 3636  MSKSSRV - ok
11:04:40.0326 3636  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:04:40.0388 3636  MSPCLOCK - ok
11:04:40.0420 3636  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:04:40.0498 3636  MSPQM - ok
11:04:40.0513 3636  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:04:40.0544 3636  MsRPC - ok
11:04:40.0576 3636  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:04:40.0607 3636  mssmbios - ok
11:04:40.0638 3636  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:04:40.0700 3636  MSTEE - ok
11:04:40.0763 3636  [ 4C7447EEE8DB5952913F9CCB9D0586CE ] MTBService_2.0.0.12 C:\Program Files\Carl Zeiss\MTB 2011 - 2.0.0.12\MTB Server Console\MTBService.exe
11:04:40.0778 3636  MTBService_2.0.0.12 ( UnsignedFile.Multi.Generic ) - warning
11:04:40.0778 3636  MTBService_2.0.0.12 - detected UnsignedFile.Multi.Generic (1)
11:04:40.0810 3636  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:04:40.0872 3636  MTConfig - ok
11:04:40.0903 3636  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:04:40.0919 3636  Mup - ok
11:04:40.0966 3636  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
11:04:41.0059 3636  napagent - ok
11:04:41.0122 3636  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:04:41.0153 3636  NativeWifiP - ok
11:04:41.0215 3636  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:04:41.0262 3636  NDIS - ok
11:04:41.0293 3636  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:04:41.0371 3636  NdisCap - ok
11:04:41.0418 3636  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:04:41.0512 3636  NdisTapi - ok
11:04:41.0543 3636  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:04:41.0590 3636  Ndisuio - ok
11:04:41.0621 3636  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:04:41.0683 3636  NdisWan - ok
11:04:41.0730 3636  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:04:41.0808 3636  NDProxy - ok
11:04:41.0855 3636  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:04:41.0917 3636  NetBIOS - ok
11:04:41.0948 3636  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:04:42.0042 3636  NetBT - ok
11:04:42.0058 3636  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
11:04:42.0073 3636  Netlogon - ok
11:04:42.0136 3636  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
11:04:42.0198 3636  Netman - ok
11:04:42.0229 3636  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:04:42.0385 3636  NetMsmqActivator - ok
11:04:42.0401 3636  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:04:42.0416 3636  NetPipeActivator - ok
11:04:42.0432 3636  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
11:04:42.0479 3636  netprofm - ok
11:04:42.0494 3636  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:04:42.0510 3636  NetTcpActivator - ok
11:04:42.0510 3636  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:04:42.0526 3636  NetTcpPortSharing - ok
11:04:42.0572 3636  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:04:42.0604 3636  nfrd960 - ok
11:04:42.0650 3636  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:04:42.0713 3636  NlaSvc - ok
11:04:42.0744 3636  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:04:42.0791 3636  Npfs - ok
11:04:42.0822 3636  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
11:04:42.0884 3636  nsi - ok
11:04:42.0900 3636  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:04:42.0978 3636  nsiproxy - ok
11:04:43.0056 3636  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:04:43.0134 3636  Ntfs - ok
11:04:43.0165 3636  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
11:04:43.0274 3636  Null - ok
11:04:43.0306 3636  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:04:43.0352 3636  nvraid - ok
11:04:43.0384 3636  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:04:43.0477 3636  nvstor - ok
11:04:43.0508 3636  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:04:43.0555 3636  nv_agp - ok
11:04:43.0649 3636  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:04:43.0774 3636  odserv - ok
11:04:43.0789 3636  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:04:43.0867 3636  ohci1394 - ok
11:04:43.0914 3636  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:04:43.0976 3636  ose - ok
11:04:44.0023 3636  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:04:44.0101 3636  p2pimsvc - ok
11:04:44.0117 3636  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:04:44.0164 3636  p2psvc - ok
11:04:44.0195 3636  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:04:44.0242 3636  Parport - ok
11:04:44.0273 3636  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:04:44.0288 3636  partmgr - ok
11:04:44.0304 3636  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
11:04:44.0366 3636  Parvdm - ok
11:04:44.0398 3636  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:04:44.0429 3636  PcaSvc - ok
11:04:44.0460 3636  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
11:04:44.0491 3636  pci - ok
11:04:44.0507 3636  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
11:04:44.0522 3636  pciide - ok
11:04:44.0554 3636  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:04:44.0600 3636  pcmcia - ok
11:04:44.0632 3636  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
11:04:44.0647 3636  pcw - ok
11:04:44.0694 3636  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:04:44.0756 3636  PEAUTH - ok
11:04:44.0819 3636  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:04:44.0912 3636  PeerDistSvc - ok
11:04:45.0022 3636  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
11:04:45.0146 3636  pla - ok
11:04:45.0193 3636  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:04:45.0256 3636  PlugPlay - ok
11:04:45.0302 3636  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:04:45.0349 3636  PNRPAutoReg - ok
11:04:45.0380 3636  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:04:45.0412 3636  PNRPsvc - ok
11:04:45.0458 3636  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:04:45.0521 3636  PolicyAgent - ok
11:04:45.0568 3636  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
11:04:46.0082 3636  Power - ok
11:04:46.0145 3636  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:04:46.0238 3636  PptpMiniport - ok
11:04:46.0254 3636  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:04:46.0316 3636  Processor - ok
11:04:46.0379 3636  [ 18D9789A4664BF417EEA944D2776091A ] prodrv06        C:\Windows\System32\drivers\prodrv06.sys
11:04:46.0800 3636  prodrv06 ( UnsignedFile.Multi.Generic ) - warning
11:04:46.0800 3636  prodrv06 - detected UnsignedFile.Multi.Generic (1)
11:04:46.0847 3636  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
11:04:46.0940 3636  ProfSvc - ok
11:04:46.0972 3636  [ 8CC9671A7ED2902E747EE0892E1C8575 ] prohlp02        C:\Windows\system32\drivers\prohlp02.sys
11:04:46.0987 3636  prohlp02 ( UnsignedFile.Multi.Generic ) - warning
11:04:46.0987 3636  prohlp02 - detected UnsignedFile.Multi.Generic (1)
11:04:47.0065 3636  [ 960BCE3ED38761B446AABAC06C76BADF ] prosync1        C:\Windows\system32\drivers\prosync1.sys
11:04:47.0096 3636  prosync1 ( UnsignedFile.Multi.Generic ) - warning
11:04:47.0096 3636  prosync1 - detected UnsignedFile.Multi.Generic (1)
11:04:47.0112 3636  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:04:47.0143 3636  ProtectedStorage - ok
11:04:47.0190 3636  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:04:47.0268 3636  Psched - ok
11:04:47.0315 3636  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:04:47.0408 3636  ql2300 - ok
11:04:47.0440 3636  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:04:47.0518 3636  ql40xx - ok
11:04:47.0564 3636  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
11:04:47.0642 3636  QWAVE - ok
11:04:47.0658 3636  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:04:47.0720 3636  QWAVEdrv - ok
11:04:47.0736 3636  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:04:47.0798 3636  RasAcd - ok
11:04:47.0845 3636  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:04:47.0892 3636  RasAgileVpn - ok
11:04:47.0939 3636  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
11:04:48.0017 3636  RasAuto - ok
11:04:48.0032 3636  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:04:48.0126 3636  Rasl2tp - ok
11:04:48.0173 3636  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
11:04:48.0251 3636  RasMan - ok
11:04:48.0282 3636  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:04:48.0376 3636  RasPppoe - ok
11:04:48.0407 3636  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:04:48.0469 3636  RasSstp - ok
11:04:48.0500 3636  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:04:48.0578 3636  rdbss - ok
11:04:48.0610 3636  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:04:48.0641 3636  rdpbus - ok
11:04:48.0688 3636  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:04:48.0797 3636  RDPCDD - ok
11:04:48.0844 3636  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:04:48.0906 3636  RDPDR - ok
11:04:48.0922 3636  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:04:49.0015 3636  RDPENCDD - ok
11:04:49.0031 3636  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:04:49.0093 3636  RDPREFMP - ok
11:04:49.0140 3636  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:04:49.0202 3636  RDPWD - ok
11:04:49.0265 3636  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:04:49.0296 3636  rdyboost - ok
11:04:49.0327 3636  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:04:49.0436 3636  RemoteAccess - ok
11:04:49.0483 3636  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:04:49.0577 3636  RemoteRegistry - ok
11:04:49.0592 3636  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:04:49.0670 3636  RpcEptMapper - ok
11:04:49.0717 3636  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
11:04:49.0764 3636  RpcLocator - ok
11:04:49.0780 3636  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
11:04:49.0842 3636  RpcSs - ok
11:04:49.0889 3636  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:04:49.0951 3636  rspndr - ok
11:04:50.0014 3636  [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
11:04:50.0060 3636  RTL8167 - ok
11:04:50.0092 3636  [ CA5A4FBFE341F13733955B8AAC98F0B5 ] RTL8187B        C:\Windows\system32\DRIVERS\RTL8187B.sys
11:04:50.0154 3636  RTL8187B - ok
11:04:50.0185 3636  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
11:04:50.0263 3636  s3cap - ok
11:04:50.0310 3636  [ AE82E97D54D1A7C50883D27583ECB05B ] SaiU04E5        C:\Windows\system32\DRIVERS\SaiU04E5.sys
11:04:50.0404 3636  SaiU04E5 - ok
11:04:50.0419 3636  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
11:04:50.0450 3636  SamSs - ok
11:04:50.0528 3636  [ A0540477B5283DD06642A184756C63FF ] SAVAdminService C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
11:04:50.0560 3636  SAVAdminService - ok
11:04:50.0606 3636  [ E2C05310219E327E232291543C348B73 ] SAVOnAccess     C:\Windows\system32\DRIVERS\savonaccess.sys
11:04:50.0653 3636  SAVOnAccess - ok
11:04:50.0716 3636  [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService      C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
11:04:50.0731 3636  SAVService - ok
11:04:50.0778 3636  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:04:50.0840 3636  sbp2port - ok
11:04:50.0887 3636  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:04:50.0965 3636  SCardSvr - ok
11:04:50.0996 3636  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:04:51.0059 3636  scfilter - ok
11:04:51.0121 3636  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
11:04:51.0215 3636  Schedule - ok
11:04:51.0246 3636  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:04:51.0293 3636  SCPolicySvc - ok
11:04:51.0324 3636  [ 4F21774E1259A546B992D9EAACDFD778 ] sdcfilter       C:\Windows\system32\DRIVERS\sdcfilter.sys
11:04:51.0418 3636  sdcfilter - ok
11:04:51.0464 3636  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:04:51.0574 3636  SDRSVC - ok
11:04:51.0620 3636  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:04:51.0683 3636  secdrv - ok
11:04:51.0730 3636  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
11:04:51.0792 3636  seclogon - ok
11:04:51.0808 3636  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
11:04:51.0870 3636  SENS - ok
11:04:51.0901 3636  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:04:51.0995 3636  SensrSvc - ok
11:04:52.0026 3636  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:04:52.0088 3636  Serenum - ok
11:04:52.0088 3636  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:04:52.0151 3636  Serial - ok
11:04:52.0166 3636  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:04:52.0213 3636  sermouse - ok
11:04:52.0276 3636  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:04:52.0369 3636  SessionEnv - ok
11:04:52.0416 3636  [ 56250672235BBE54BA8A4963B1AC997C ] sfdrv01         C:\Windows\system32\drivers\sfdrv01.sys
11:04:52.0432 3636  sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
11:04:52.0447 3636  sfdrv01 - detected UnsignedFile.Multi.Generic (1)
11:04:52.0478 3636  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:04:52.0556 3636  sffdisk - ok
11:04:52.0572 3636  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:04:52.0634 3636  sffp_mmc - ok
11:04:52.0666 3636  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:04:52.0697 3636  sffp_sd - ok
11:04:52.0744 3636  [ 462AEE0EA0481EA8BD45CAC876A4CCC4 ] sfhlp01         C:\Windows\system32\drivers\sfhlp01.sys
11:04:52.0759 3636  sfhlp01 ( UnsignedFile.Multi.Generic ) - warning
11:04:52.0759 3636  sfhlp01 - detected UnsignedFile.Multi.Generic (1)
11:04:52.0806 3636  [ 3AD2B15CCC03FEBFBAF5FF057822AA75 ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
11:04:52.0837 3636  sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
11:04:52.0837 3636  sfhlp02 - detected UnsignedFile.Multi.Generic (1)
11:04:52.0868 3636  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:04:52.0915 3636  sfloppy - ok
11:04:52.0993 3636  [ 798D918D8F20380008277CE3CE5319D1 ] sfsync02        C:\Windows\system32\drivers\sfsync02.sys
11:04:53.0009 3636  sfsync02 ( UnsignedFile.Multi.Generic ) - warning
11:04:53.0009 3636  sfsync02 - detected UnsignedFile.Multi.Generic (1)
11:04:53.0071 3636  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:04:53.0134 3636  SharedAccess - ok
11:04:53.0180 3636  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:04:53.0243 3636  ShellHWDetection - ok
11:04:53.0274 3636  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:04:53.0321 3636  sisagp - ok
11:04:53.0352 3636  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:04:53.0399 3636  SiSRaid2 - ok
11:04:53.0414 3636  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:04:53.0446 3636  SiSRaid4 - ok
11:04:53.0508 3636  [ E407A8EEA2FD4BF560C05C0EBF1793B3 ] SKMScan         C:\Windows\system32\DRIVERS\skmscan.sys
11:04:53.0570 3636  SKMScan - ok
11:04:53.0758 3636  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:04:53.0836 3636  Skype C2C Service - ok
11:04:53.0914 3636  [ EF3B592545676301CDEB7C2609EED7BF ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
11:04:54.0803 3636  Suspicious file (NoAccess): C:\Program Files\Skype\Updater\Updater.exe. md5: EF3B592545676301CDEB7C2609EED7BF
11:04:54.0803 3636  SkypeUpdate ( LockedFile.Multi.Generic ) - warning
11:04:54.0803 3636  SkypeUpdate - detected LockedFile.Multi.Generic (1)
11:04:54.0865 3636  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:04:54.0959 3636  Smb - ok
11:04:55.0006 3636  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:04:55.0037 3636  SNMPTRAP - ok
11:04:55.0084 3636  [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
11:04:55.0146 3636  Suspicious file (NoAccess): C:\Program Files\Sophos\AutoUpdate\ALsvc.exe. md5: 8A12AB5DE877B8F97D5EE70E16A5C9B2
11:04:55.0146 3636  Sophos AutoUpdate Service ( LockedFile.Multi.Generic ) - warning
11:04:55.0146 3636  Sophos AutoUpdate Service - detected LockedFile.Multi.Generic (1)
11:04:55.0240 3636  [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
11:04:55.0271 3636  Sophos Web Control Service - ok
11:04:55.0302 3636  [ F2B7BD04146B3E6A895A1919E1F5DA89 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
11:04:55.0349 3636  SophosBootDriver - ok
11:04:55.0380 3636  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:04:55.0396 3636  spldr - ok
11:04:55.0442 3636  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
11:04:55.0520 3636  Spooler - ok
11:04:55.0645 3636  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
11:04:55.0770 3636  sppsvc - ok
11:04:55.0817 3636  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:04:55.0895 3636  sppuinotify - ok
11:04:55.0926 3636  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:04:55.0988 3636  srv - ok
11:04:56.0020 3636  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:04:56.0051 3636  srv2 - ok
11:04:56.0066 3636  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:04:56.0082 3636  srvnet - ok
11:04:56.0113 3636  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:04:56.0191 3636  SSDPSRV - ok
11:04:56.0207 3636  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:04:56.0269 3636  SstpSvc - ok
11:04:56.0300 3636  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:04:56.0347 3636  stexstor - ok
11:04:56.0410 3636  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
11:04:56.0441 3636  StiSvc - ok
11:04:56.0488 3636  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
11:04:56.0519 3636  storflt - ok
11:04:56.0550 3636  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
11:04:56.0597 3636  StorSvc - ok
11:04:56.0612 3636  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
11:04:56.0659 3636  storvsc - ok
11:04:56.0753 3636  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:04:56.0800 3636  swenum - ok
11:04:56.0971 3636  [ 6A91F997BB4B569BF993801017E7122C ] swi_service     C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
11:04:57.0049 3636  swi_service - ok
11:04:57.0190 3636  [ B4882758DFBF19E33E50F503AD3C26B9 ] swi_update      C:\ProgramData\Sophos\Web Intelligence\swi_update.exe
11:04:57.0314 3636  Suspicious file (NoAccess): C:\ProgramData\Sophos\Web Intelligence\swi_update.exe. md5: B4882758DFBF19E33E50F503AD3C26B9
11:04:57.0314 3636  swi_update ( LockedFile.Multi.Generic ) - warning
11:04:57.0314 3636  swi_update - detected LockedFile.Multi.Generic (1)
11:04:57.0361 3636  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
11:04:57.0439 3636  swprv - ok
11:04:57.0517 3636  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
11:04:57.0580 3636  SysMain - ok
11:04:57.0611 3636  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:04:57.0689 3636  TabletInputService - ok
11:04:57.0720 3636  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:04:57.0767 3636  TapiSrv - ok
11:04:57.0814 3636  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
11:04:57.0907 3636  TBS - ok
11:04:57.0970 3636  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:04:58.0032 3636  Tcpip - ok
11:04:58.0079 3636  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:04:58.0141 3636  TCPIP6 - ok
11:04:58.0172 3636  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:04:58.0219 3636  tcpipreg - ok
11:04:58.0266 3636  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:04:58.0344 3636  TDPIPE - ok
11:04:58.0360 3636  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:04:58.0406 3636  TDTCP - ok
11:04:58.0453 3636  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:04:58.0516 3636  tdx - ok
11:04:58.0531 3636  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:04:58.0578 3636  TermDD - ok
11:04:58.0625 3636  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
11:04:58.0703 3636  TermService - ok
11:04:58.0750 3636  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
11:04:58.0796 3636  Themes - ok
11:04:58.0812 3636  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
11:04:58.0843 3636  THREADORDER - ok
11:04:58.0859 3636  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
11:04:58.0921 3636  TrkWks - ok
11:04:58.0984 3636  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:04:59.0077 3636  TrustedInstaller - ok
11:04:59.0124 3636  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:04:59.0202 3636  tssecsrv - ok
11:04:59.0280 3636  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:04:59.0358 3636  TsUsbFlt - ok
11:04:59.0420 3636  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:04:59.0483 3636  tunnel - ok
11:04:59.0530 3636  [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
11:04:59.0561 3636  TVALZ - ok
11:04:59.0592 3636  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:04:59.0639 3636  uagp35 - ok
11:04:59.0670 3636  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:04:59.0764 3636  udfs - ok
11:04:59.0795 3636  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:04:59.0842 3636  UI0Detect - ok
11:04:59.0873 3636  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:04:59.0920 3636  uliagpkx - ok
11:04:59.0951 3636  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
11:05:00.0013 3636  umbus - ok
11:05:00.0044 3636  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:05:00.0107 3636  UmPass - ok
11:05:00.0154 3636  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
11:05:00.0247 3636  UmRdpService - ok
11:05:00.0278 3636  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
11:05:00.0341 3636  upnphost - ok
11:05:00.0388 3636  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:05:00.0466 3636  usbccgp - ok
11:05:00.0512 3636  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:05:00.0575 3636  usbcir - ok
11:05:00.0590 3636  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:05:00.0622 3636  usbehci - ok
11:05:00.0653 3636  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:05:00.0715 3636  usbhub - ok
11:05:00.0746 3636  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
11:05:00.0809 3636  usbohci - ok
11:05:00.0840 3636  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:05:00.0887 3636  usbprint - ok
11:05:00.0918 3636  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:05:00.0980 3636  USBSTOR - ok
11:05:00.0996 3636  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:05:01.0027 3636  usbuhci - ok
11:05:01.0058 3636  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
11:05:01.0136 3636  UxSms - ok
11:05:01.0152 3636  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
11:05:01.0168 3636  VaultSvc - ok
11:05:01.0214 3636  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:05:01.0230 3636  vdrvroot - ok
11:05:01.0292 3636  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
11:05:01.0386 3636  vds - ok
11:05:01.0417 3636  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:05:01.0480 3636  vga - ok
11:05:01.0495 3636  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:05:01.0558 3636  VgaSave - ok
11:05:01.0604 3636  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:05:01.0682 3636  vhdmp - ok
11:05:01.0698 3636  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:05:01.0760 3636  viaagp - ok
11:05:01.0776 3636  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
11:05:01.0854 3636  ViaC7 - ok
11:05:01.0885 3636  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
11:05:01.0932 3636  viaide - ok
11:05:01.0948 3636  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
11:05:01.0979 3636  vmbus - ok
11:05:01.0994 3636  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:05:02.0057 3636  VMBusHID - ok
11:05:02.0072 3636  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:05:02.0088 3636  volmgr - ok
11:05:02.0119 3636  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:05:02.0150 3636  volmgrx - ok
11:05:02.0166 3636  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:05:02.0197 3636  volsnap - ok
11:05:02.0260 3636  [ 3B98AB9849754CB88265111422441DF7 ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
11:05:02.0306 3636  vpnagent - ok
11:05:02.0353 3636  [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
11:05:02.0400 3636  vpnva - ok
11:05:02.0431 3636  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:05:02.0478 3636  vsmraid - ok
11:05:02.0540 3636  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
11:05:02.0665 3636  VSS - ok
11:05:02.0681 3636  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:05:02.0743 3636  vwifibus - ok
11:05:02.0774 3636  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
11:05:02.0884 3636  W32Time - ok
11:05:02.0915 3636  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:05:02.0962 3636  WacomPen - ok
11:05:03.0008 3636  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:05:03.0102 3636  WANARP - ok
11:05:03.0102 3636  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:05:03.0149 3636  Wanarpv6 - ok
11:05:03.0258 3636  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:05:03.0414 3636  WatAdminSvc - ok
11:05:03.0476 3636  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
11:05:03.0570 3636  wbengine - ok
11:05:03.0617 3636  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:05:03.0695 3636  WbioSrvc - ok
11:05:03.0726 3636  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:05:03.0804 3636  wcncsvc - ok
11:05:03.0820 3636  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:05:03.0882 3636  WcsPlugInService - ok
11:05:03.0913 3636  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:05:03.0960 3636  Wd - ok
11:05:04.0022 3636  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:05:04.0054 3636  Wdf01000 - ok
11:05:04.0085 3636  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:05:04.0163 3636  WdiServiceHost - ok
11:05:04.0178 3636  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:05:04.0210 3636  WdiSystemHost - ok
11:05:04.0256 3636  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
11:05:04.0303 3636  WebClient - ok
11:05:04.0319 3636  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:05:04.0412 3636  Wecsvc - ok
11:05:04.0444 3636  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:05:04.0522 3636  wercplsupport - ok
11:05:04.0568 3636  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:05:04.0631 3636  WerSvc - ok
11:05:04.0678 3636  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:05:04.0740 3636  WfpLwf - ok
11:05:04.0756 3636  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:05:04.0787 3636  WIMMount - ok
11:05:04.0865 3636  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:05:04.0927 3636  WinDefend - ok
11:05:04.0943 3636  WinHttpAutoProxySvc - ok
11:05:05.0021 3636  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:05:05.0083 3636  Winmgmt - ok
11:05:05.0161 3636  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
11:05:05.0286 3636  WinRM - ok
11:05:05.0348 3636  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:05:05.0442 3636  WinUsb - ok
11:05:05.0504 3636  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:05:05.0567 3636  Wlansvc - ok
11:05:05.0614 3636  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:05:05.0645 3636  WmiAcpi - ok
11:05:05.0692 3636  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:05:05.0754 3636  wmiApSrv - ok
11:05:05.0863 3636  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:05:05.0941 3636  WMPNetworkSvc - ok
11:05:05.0988 3636  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:05:06.0035 3636  WPCSvc - ok
11:05:06.0066 3636  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:05:06.0128 3636  WPDBusEnum - ok
11:05:06.0144 3636  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:05:06.0222 3636  ws2ifsl - ok
11:05:06.0238 3636  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
11:05:06.0269 3636  wscsvc - ok
11:05:06.0284 3636  WSearch - ok
11:05:06.0378 3636  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
11:05:06.0440 3636  wuauserv - ok
11:05:06.0472 3636  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:05:06.0534 3636  WudfPf - ok
11:05:06.0565 3636  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:05:06.0628 3636  WUDFRd - ok
11:05:06.0659 3636  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:05:06.0737 3636  wudfsvc - ok
11:05:06.0768 3636  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:05:06.0815 3636  WwanSvc - ok
11:05:06.0846 3636  ================ Scan global ===============================
11:05:06.0877 3636  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:05:06.0940 3636  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
11:05:06.0986 3636  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
11:05:07.0033 3636  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:05:07.0096 3636  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:05:07.0252 3636  [Global] - ok
11:05:07.0252 3636  ================ Scan MBR ==================================
11:05:07.0376 3636  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:05:08.0734 3636  \Device\Harddisk0\DR0 - ok
11:05:08.0734 3636  ================ Scan VBR ==================================
11:05:08.0780 3636  [ 8D2C2F5811176A4DBB8A9C7DCE240F90 ] \Device\Harddisk0\DR0\Partition1
11:05:08.0780 3636  \Device\Harddisk0\DR0\Partition1 - ok
11:05:08.0796 3636  [ 5139FE6B57A371C333FCF340FCDF8641 ] \Device\Harddisk0\DR0\Partition2
11:05:08.0796 3636  \Device\Harddisk0\DR0\Partition2 - ok
11:05:08.0812 3636  [ FAD4D69119429126C899D8DCB67F076F ] \Device\Harddisk0\DR0\Partition3
11:05:08.0827 3636  \Device\Harddisk0\DR0\Partition3 - ok
11:05:08.0827 3636  ============================================================
11:05:08.0827 3636  Scan finished
11:05:08.0827 3636  ============================================================
11:05:08.0843 5272  Detected object count: 15
11:05:08.0843 5272  Actual detected object count: 15
11:05:45.0097 5272  ACPI ( Virus.Win32.Rloader.a ) - skipped by user
11:05:45.0097 5272  ACPI ( Virus.Win32.Rloader.a ) - User select action: Skip 
11:05:45.0097 5272  AdobeARMservice ( LockedFile.Multi.Generic ) - skipped by user
11:05:45.0097 5272  AdobeARMservice ( LockedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0113 5272  AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - skipped by user
11:05:45.0113 5272  AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0113 5272  CZCanSrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0113 5272  CZCanSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0113 5272  MTBService_2.0.0.12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0113 5272  MTBService_2.0.0.12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0113 5272  prodrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0113 5272  prodrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0113 5272  prohlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0113 5272  prohlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0128 5272  prosync1 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0128 5272  prosync1 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0128 5272  sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0128 5272  sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0128 5272  sfhlp01 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0128 5272  sfhlp01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0128 5272  sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0128 5272  sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0144 5272  sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0144 5272  sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0144 5272  SkypeUpdate ( LockedFile.Multi.Generic ) - skipped by user
11:05:45.0144 5272  SkypeUpdate ( LockedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0144 5272  Sophos AutoUpdate Service ( LockedFile.Multi.Generic ) - skipped by user
11:05:45.0144 5272  Sophos AutoUpdate Service ( LockedFile.Multi.Generic ) - User select action: Skip 
11:05:45.0144 5272  swi_update ( LockedFile.Multi.Generic ) - skipped by user
11:05:45.0144 5272  swi_update ( LockedFile.Multi.Generic ) - User select action: Skip
         

Alt 03.01.2013, 11:34   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.01.2013, 23:11   #13
sara91
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



heyho,
Der Scan liefert mir folgende log-datei:

Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 04/01/2013 um 00:08:12 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Sara - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sara\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gefunden : C:\Users\Sara\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKU\S-1-5-21-4287022602-421796987-3888165550-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v4.0 (de)

Datei : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\cd3m5jn7.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "Facemoods Search");
Gefunden : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gefunden : user_pref("extensions.facemoods.firstRun", false);
Gefunden : user_pref("extensions.facemoods.lastActv", "20");

*************************

AdwCleaner[R1].txt - [1985 octets] - [04/01/2013 00:08:12]

########## EOF - C:\AdwCleaner[R1].txt - [2045 octets] ##########
         

Alt 03.01.2013, 23:35   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.01.2013, 23:06   #15
sara91
 
Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Standard

Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34



hey,
hier sind die log-files:

adw cleaner
Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 04/01/2013 um 08:55:35 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Sara - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sara\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v4.0 (de)

Datei : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\cd3m5jn7.default\prefs.js

C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\cd3m5jn7.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "Facemoods Search");
Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "20");

*************************

AdwCleaner[R1].txt - [2106 octets] - [04/01/2013 00:08:12]
AdwCleaner[S1].txt - [1986 octets] - [04/01/2013 08:55:35]

########## EOF - C:\AdwCleaner[S1].txt - [2046 octets] ##########
         
OTL:

Code:
ATTFilter
OTL logfile created on: 08.01.2013 00:22:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sara\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 35,71% Memory free
5,49 Gb Paging File | 3,37 Gb Available in Paging File | 61,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 0,04 Gb Free Space | 0,15% Space Free | Partition Type: NTFS
Drive D: | 202,12 Gb Total Space | 5,12 Gb Free Space | 2,53% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sara\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Programme\Carl Zeiss\MTB 2011 - 2.0.0.12\MTB Server Console\MTBService.exe (Carl Zeiss)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
PRC - D:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7aa9acfc261048862a5e93c3be494763\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b0c89de727ba3d9160a77cc47638f759\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MTBService_2.0.0.12) -- C:\Program Files\Carl Zeiss\MTB 2011 File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_update) -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe ()
SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (Sophos AutoUpdate Service) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe ()
SRV - (Sophos Web Control Service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (CZCanSrv) -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe (Carl Zeiss MicroImaging GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (appdrvrem01) -- C:\Windows\System32\appdrvrem01.exe (Protection Technology)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Sara\AppData\Local\Temp\catchme.sys File not found
DRV - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys File not found
DRV - (5689) -- C:\Users\Sara\AppData\Local\Temp\5689.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (sdcfilter) -- C:\Windows\System32\drivers\sdcfilter.sys (Sophos Limited)
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Plc)
DRV - (appdrv01) -- C:\Windows\System32\drivers\appdrv01.sys (Protection Technology)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (SaiU04E5) -- C:\Windows\System32\drivers\SaiU04E5.sys (Saitek)
DRV - (LVMST) -- C:\Windows\System32\drivers\LVMST.sys (Animation Technologies Inc.)
DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sara\Desktop
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A9 C6 2E 52 FC CB 01  [binary data]
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.explosm.net/comics/"
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:5.0.3
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= "
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.09.07 12:59:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.09.07 12:59:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
 
[2011.04.16 17:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\Extensions
[2012.12.13 00:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions
[2012.04.25 22:26:34 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.10.11 21:28:40 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions\ich@maltegoetz.de
[2012.12.13 00:10:27 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2011.10.31 18:43:35 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.21 22:19:22 | 000,001,330 | ---- | M] () -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\searchplugins\wikipedia-en.xml
 
O1 HOSTS File: ([2012.12.13 00:44:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [PDFPrint] d:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000..\Run: [PopUpStopperFreeEdition] D:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.44.1.9 141.44.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DEAF9CC-1C04-4C18-97A5-A0FC19BC5A7B}: DhcpNameServer = 192.168.48.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B452B358-AAC2-4317-98EA-D4CD4DC4AEF3}: DhcpNameServer = 141.44.1.9 141.44.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.08 00:15:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
[2013.01.03 11:00:41 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sara\Desktop\tdsskiller.exe
[2013.01.03 03:00:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.01.03 03:00:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.01.03 03:00:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.01.03 03:00:37 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.01.03 03:00:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.01.03 03:00:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.01.03 03:00:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.01.03 03:00:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.01.02 03:06:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.01.02 03:06:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.01.01 18:14:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.01 18:14:28 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.01.01 18:14:28 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.01 18:14:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.01 18:14:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.01 18:14:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.01 18:14:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.01.01 18:14:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.01 18:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.01.01 18:13:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.31 23:39:06 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.31 12:46:52 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\handyfotos
[2012.12.13 23:31:18 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Sara\Desktop\aswMBR.exe
[2012.12.13 00:44:27 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.12.13 00:42:04 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\temp
[2012.12.13 00:16:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.13 00:10:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.13 00:10:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.13 00:09:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.13 00:08:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.13 00:04:35 | 005,011,065 | R--- | C] (Swearware) -- C:\Users\Sara\Desktop\ComboFix.exe
[4 C:\Users\Sara\Desktop\*.tmp files -> C:\Users\Sara\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.08 00:15:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
[2013.01.07 23:51:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.07 23:40:19 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 23:40:19 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 23:32:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.07 23:32:03 | 2212,892,672 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.04 00:02:55 | 000,551,997 | ---- | M] () -- C:\Users\Sara\Desktop\adwcleaner.exe
[2013.01.03 11:00:45 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sara\Desktop\tdsskiller.exe
[2013.01.02 19:49:55 | 445,378,435 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.02 03:24:18 | 000,317,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.31 12:42:34 | 000,697,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.31 12:42:34 | 000,652,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.31 12:42:34 | 000,148,346 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.31 12:42:34 | 000,121,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.13 23:31:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Sara\Desktop\aswMBR.exe
[2012.12.13 23:31:10 | 000,302,592 | ---- | M] () -- C:\Users\Sara\Desktop\y6m9erhm.exe
[2012.12.13 00:44:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.13 00:04:49 | 005,011,065 | R--- | M] (Swearware) -- C:\Users\Sara\Desktop\ComboFix.exe
[2012.12.10 19:15:33 | 000,145,918 | ---- | M] () -- C:\Users\Sara\Desktop\Reportf9895b92-03f7-4954-9db5-861ede88b884.pdf
[4 C:\Users\Sara\Desktop\*.tmp files -> C:\Users\Sara\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.04 00:02:32 | 000,551,997 | ---- | C] () -- C:\Users\Sara\Desktop\adwcleaner.exe
[2013.01.02 19:49:55 | 445,378,435 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.13 23:31:02 | 000,302,592 | ---- | C] () -- C:\Users\Sara\Desktop\y6m9erhm.exe
[2012.12.13 00:10:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.13 00:10:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.13 00:10:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.13 00:10:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.13 00:10:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.10 19:15:31 | 000,145,918 | ---- | C] () -- C:\Users\Sara\Desktop\Reportf9895b92-03f7-4954-9db5-861ede88b884.pdf
[2012.08.23 08:41:06 | 000,000,218 | ---- | C] () -- C:\Users\Sara\.recently-used.xbel
[2012.07.09 20:15:21 | 000,004,221 | ---- | C] () -- C:\Users\Sara\.Dendroscope.def
[2012.07.07 20:21:10 | 000,000,660 | ---- | C] () -- C:\Users\Sara\.jalview_properties
[2012.07.07 16:36:27 | 000,011,301 | ---- | C] () -- C:\Users\Sara\gsview32.ini
[2012.02.02 16:53:19 | 000,072,192 | ---- | C] () -- C:\Users\Sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.21 08:33:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.20 17:56:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.16 16:44:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
OTL-extras

Code:
ATTFilter
OTL Extras logfile created on: 08.01.2013 00:22:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sara\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 35,71% Memory free
5,49 Gb Paging File | 3,37 Gb Available in Paging File | 61,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 0,04 Gb Free Space | 0,15% Space Free | Partition Type: NTFS
Drive D: | 202,12 Gb Total Space | 5,12 Gb Free Space | 2,53% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{5972C7EF-A198-44D3-9582-958E344AAB37}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{709A6FC5-7FD4-4375-9D2F-84C5A1A63E17}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{82F7A8E9-8BC2-421E-A543-AE20EFD92E43}D:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{2A856DD4-9864-4A5C-B8C6-5C22E6FF4191}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{322E4640-D753-4773-8B70-0672F3BFC397}D:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{53BBB37E-01D7-431F-946B-EAB6B15D6F2B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00659A90-8645-C0C1-FA31-2AA63016E48A}" = CCC Help Chinese Standard
"{0681606A-13CD-4365-9B19-684B577FA9E9}_is1" = TreeView 1.6.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ABA6238-1A62-FFC6-9ACC-4DB9FEFB6A6E}" = CCC Help Spanish
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1966341E-0539-4698-ADEA-278A91CFCCC8}" = NIS-Elements Viewer 4.0 (build 770)
"{1F4FC05D-DEE6-AD4C-5CC6-31D642343F09}" = AMD Fuel
"{25E6D9E3-3CA4-D2CF-6F18-9A08C4FF2885}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{36C36970-394C-40C4-E11B-7CF635AFB989}" = CCC Help Hungarian
"{37AB6736-3C58-B2AD-9232-BBCF074F9A9C}" = Catalyst Control Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FAF398F-CCD0-AC9F-2345-A473D1AE077B}" = CCC Help Chinese Traditional
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEBF3CF-1119-3902-4D37-A9274DDB54E1}" = CCC Help Danish
"{4F3A978C-35D6-8FDF-4D00-50F5D659D3BB}" = CCC Help German
"{4FD59143-0B17-CCC6-CEFD-C745955A70C7}" = CCC Help Korean
"{528EE462-2993-51F9-9F68-7C9F9BD7DCC3}" = CCC Help Italian
"{60C5FF36-67E1-6B1D-781F-579C30BE41AA}" = CCC Help French
"{69C302CE-8972-1637-6857-F73A08052054}" = CCC Help Polish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{72F77561-7DD8-4D01-6698-16DFDCCBCED6}" = CCC Help Czech
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BCDD54-0B5A-8C86-4E7E-A16F3CE60B81}" = Catalyst Control Center Localization All
"{84123D75-4CD1-8E59-3B05-4928F122FCC2}" = CCC Help Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D261060-84D3-FCF3-177D-969A30DB7FAA}" = Catalyst Control Center InstallProxy
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95D1FD8D-9209-4C68-B7E4-95536D21BBD1}" = AK vs DR
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE46F22-B053-4F67-81AA-50FFF822684D}" = ZEN 2011 x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A04C0520-4B34-4A58-ADC6-EFF04BB0C4D6}" = Stalingrad
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{ABE130EB-EC1A-0500-B607-D1AA01082308}" = CCC Help Thai
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACBA6D88-0035-E98C-A678-BF60D063ECA1}" = CCC Help Dutch
"{B2DB5CE2-5A7B-B321-3C29-F54D235C811F}" = CCC Help Norwegian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC1E438B-1292-C544-D333-6D9E7D9D8726}" = ATI Catalyst Install Manager
"{C42AA487-8DB6-EEDF-0DA5-27B2B710671E}" = Catalyst Control Center Graphics Previews Common
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD99FD27-BC00-07F3-91A3-E130C4CE78F5}" = CCC Help Turkish
"{CDF450C8-4B6E-1ED1-6F2D-E68597E154FE}" = CCC Help Finnish
"{E3E77710-D43D-79AD-8701-45A498760A9F}" = ccc-utility
"{E5A8A937-0D7F-9E53-820B-F28FD400026D}" = CCC Help Swedish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F84E8B79-E754-81D8-BBD6-BC8C622AE382}" = CCC Help Portuguese
"{FAED5381-DDC7-7002-07A8-CC45828D84DA}" = CCC Help Greek
"{FB04F74B-20AF-D902-250F-EBC2F7C6D5D4}" = CCC Help Japanese
"{FCB29739-3E50-4B12-B459-116ADDC60221}" = Soldiers - Heroes of World War II
"01730370C5F33FD3683B6B55F72D58B76FF402AC" = Windows-Treiberpaket - Carl Zeiss MicroImaging GmbH (tvmcam) Image  (10/06/2010 8.2.0.0)
"1489-3350-5074-6281" = JDownloader 0.9
"3637-0812-9190-9529" = Dendroscope 3.2.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BH - RT" = Blitzkrieg Anthology: BH - RT
"Blitzkrieg" = Blitzkrieg Anthology: Blitzkrieg
"Blitzkrieg 2" = Blitzkrieg 2
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Darkest Hour.A Hearts Of Iron Game_is1" = Darkest Hour.A Hearts Of Iron Game
"D-Day" = D-Day
"Foxit Reader" = Foxit Reader
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GPL Ghostscript 9.05" = GPL Ghostscript
"Green Devils" = Green Devils
"GSview 5.0" = GSview 5.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inkscape" = Inkscape 0.48.2
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MatlabR2008a" = MATLAB R2008a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Moscow to Berlin" = Moscow to Berlin : Red Siege
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Panzerkrieg Bundle" = Panzerkrieg Bundle 
"pdfsam" = pdfsam
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Peter Games Officers" = Peter Games Officers
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"Sudden Strike II" = Sudden Strike II
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Write-N-Cite" = Write-N-Cite
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Jalview" = Jalview
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.01.2013 06:13:02 | Computer Name = Laptop | Source = Software Protection Platform Service | ID = 8211
Description = Fehler bei der Aktualisierung der Windows-Lizenz- und Product Key-Tokens:
 0x80070070.   
 
Error - 01.01.2013 11:17:46 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 02.01.2013 09:21:31 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 03.01.2013 06:43:40 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 04.01.2013 03:42:45 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 04.01.2013 04:22:40 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 04.01.2013 04:22:40 | Computer Name = Laptop | Source = System Restore | ID = 8211
Description = 
 
Error - 04.01.2013 19:25:41 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 07.01.2013 03:16:09 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 07.01.2013 18:34:47 | Computer Name = Laptop | Source = MsiInstaller | ID = 11609
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 617 Invoked Function: AddRoute Return Code: -33095642 (0xFE070026) Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_ALREADY_EXISTS
the
 interface appears to be available
 
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 601 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 601 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ Media Center Events ]
Error - 04.12.2012 14:41:22 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:41:22 - Fehler beim Herstellen der Internetverbindung.  19:41:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.12.2012 14:41:43 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:41:27 - Fehler beim Herstellen der Internetverbindung.  19:41:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.12.2012 18:09:32 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 23:09:32 - Fehler beim Herstellen der Internetverbindung.  23:09:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.12.2012 18:09:43 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 23:09:37 - Fehler beim Herstellen der Internetverbindung.  23:09:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.12.2012 14:52:24 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:52:24 - Fehler beim Herstellen der Internetverbindung.  19:52:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.12.2012 14:52:35 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:52:29 - Fehler beim Herstellen der Internetverbindung.  19:52:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.12.2012 14:24:49 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:24:49 - Fehler beim Herstellen der Internetverbindung.  19:24:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.12.2012 14:25:06 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:24:54 - Fehler beim Herstellen der Internetverbindung.  19:24:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.12.2012 15:25:10 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 20:25:10 - Fehler beim Herstellen der Internetverbindung.  20:25:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.12.2012 15:25:22 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 20:25:15 - Fehler beim Herstellen der Internetverbindung.  20:25:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 13.06.2011 12:22:10 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9491
 seconds with 1440 seconds of active time.  This session ended with a crash.
 
Error - 28.01.2012 11:33:38 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 22347 seconds with 12060 seconds of active time.  This session ended with
 a crash.
 
Error - 23.02.2012 06:02:05 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1725
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 15.07.2012 17:30:43 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36624
 seconds with 10860 seconds of active time.  This session ended with a crash.
 
Error - 07.08.2012 08:00:38 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2906
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 08.08.2012 15:41:28 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 113224
 seconds with 20220 seconds of active time.  This session ended with a crash.
 
Error - 14.08.2012 20:44:42 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 132496
 seconds with 28860 seconds of active time.  This session ended with a crash.
 
Error - 14.08.2012 21:06:16 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1254
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.01.2013 18:31:57 | Computer Name = Laptop | Source = Application Popup | ID = 875
Description = Treiber prosync1.sys konnte nicht geladen werden.
 
Error - 07.01.2013 18:31:57 | Computer Name = Laptop | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
 
Error - 07.01.2013 18:32:02 | Computer Name = Laptop | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
 
Error - 07.01.2013 18:32:09 | Computer Name = Laptop | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 07.01.2013 18:32:09 | Computer Name = Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 07.01.2013 18:32:47 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "5689" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 07.01.2013 18:33:07 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sophos AutoUpdate Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%5
 
Error - 07.01.2013 18:33:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 07.01.2013 18:33:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   prodrv06  prohlp02  prosync1  sfdrv01  sfhlp01  sfsync02
 
Error - 07.01.2013 18:33:16 | Computer Name = Laptop | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         

VIELEN DANK NOCHMAL FÜR DIE HILFE!!

Antwort

Themen zu Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34
administrator, anti-malware, appdata, autostart, chkdsk, code, dateien, explorer, festplatte, folge, google, ide, internet, langsam, laptop, logdatei, malwarebytes, microsoft, nicht mehr, scan, sehr langsam, software, temp, trojan.agent.fsa34, trojan.lameshield, trojaner, verdacht



Ähnliche Themen: Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34


  1. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  2. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  3. Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (8)
  4. Trojan.Fakesmoke, Trojan.Agent-128337, Trojan.Agent-128287 bei Desinfect 2012 (Clam AV)
    Log-Analyse und Auswertung - 06.02.2013 (17)
  5. Trojaner gefunden: Win 32:Patcher [Trj], Win.Trojan.Agent-36124, Win.Trojan.Agent-44393
    Log-Analyse und Auswertung - 02.02.2013 (7)
  6. TR/ATRAPS.Gen und TR/Kazy durch Antivir gemeldet; ferner Trojan.Agent.MRGGen, Trojan.0Access, Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (10)
  7. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  8. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  9. Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (35)
  10. Trojan.LameShield wie weg bekommen
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (5)
  11. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  12. Security Shield trojan.lameshield
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (31)
  13. EXP/2008-5353.AO TR/Kazy.80527.3 Trojan.BT.Soft.Gen Trojan.Banker Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (5)
  14. Security Shield (Trojan.LameShield)
    Log-Analyse und Auswertung - 09.07.2012 (18)
  15. Trojan.Agent, Trojan.FakeAltert, Trojan.Hiloti.Gen gefunden und gelöscht,aber wirklich weg?
    Log-Analyse und Auswertung - 27.04.2011 (11)
  16. Trojan.BHO, Spyware.Passwords.XGen, Trojan.Dropper und Trojan.Agent mit Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  17. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)

Zum Thema Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 - Hi Leute, mein Laptop ist seit einiger Zeit sehr langsam, sobald ich im Internet bin und google kann nicht mehr geladen werden. Zuerst hatte ich den verdacht es könnte was - Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34...
Archiv
Du betrachtest: Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.