Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.04.2013, 21:26   #1
tseb
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Hallo,

habe vorgerstern eine vollständige Systemuntersuchung durch Kaspersky durchgeführt. Hierbei wurde folgende "Malware" gefunden:

HEUR:Exploit.Java.CVE-2012-0507.gen

Der Status steht auf "gefunden, nicht verarbeitet". Ich glaube unmittelbar nach der Systemuntersuchung ergänzte Kaspersky auch "irreparabel". Löschen kann ich den Trojaner also nicht.

Was mir am PC aufgefallen ist in den letzten Tagen / Wochen:
- Videos (YouTube) laden sehr langsam
- Bilder in eBay lassen sich nicht öffen bzw. werden nicht angezeigt (geht mittlerweile wieder)
- sehr viele Spam-Emails in meinem web.de-Postfach (hatte ich früher eigentlich nie Probleme mit), Betreff immer ganz profan: "Hi" oder so in der Art, wurde aber immer als Spam erkannt und sofort gelöscht, nie geöffnet

Was kann ich jetzt tun? Ich bin leider kein Experte was Comuter angeht (wenn möglich nicht mit Fachbegriffen erklären )

Gruß

Alt 17.04.2013, 14:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Hallo und

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 17.04.2013, 20:25   #3
tseb
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Hallo cosinus,

ja, wenn ich unter "Erkannte Bedrohungen" gehe wird einiges aus der Vergangenheit aufgelistet (wurde aber von Kaspersky immer auf "Inaktiv" gesetzt, die o.g. Malware ist die erste die als "Gefunden, nicht verarbeitet" angezeigt wird. Ist einiges, hier ein Screenshot:
(wie kann ich in Kaspersky den genauen Bericht zum Fund aufrufen und hier einstellen?)
__________________
Angehängte Grafiken
Dateityp: png 1.png (52,6 KB, 238x aufgerufen)
Dateityp: png 2.png (53,6 KB, 299x aufgerufen)

Alt 18.04.2013, 12:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.04.2013, 22:38   #5
tseb
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Hallo cosinus,

hier die beiden Logfiles:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/18/2013 11:14:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XYZ\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 56.85% Memory free
6.00 Gb Paging File | 4.32 Gb Available in Paging File | 72.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 803.84 Gb Free Space | 90.28% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
 
Computer Name: XYZ | User Name: XYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XYZ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\BackStage.exe (Conduit Ltd.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB04
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{432C657B-AB37-491E-8C53-C4B369D39B1B}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{4D3A3268-0704-4E74-8AF4-A180761461D7}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE415
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{A291A10C-3FC2-4308-A71D-A28B9849B72A}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB04
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{C31C8515-CC6B-4FA7-B621-A7AA4DE7497E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{FC3A14B0-228A-4D08-988E-AEBAC666BE78}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/21 19:05:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/01/21 19:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/21 22:13:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@web.de: C:\Program Files\WEB.DE Toolbar IE8\Firefox\WEBDE_toolbar [2011/03/30 12:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1463205399-554048611-282685520-1000..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3F26A8-CAA2-45C6-9B8B-7AC9D5B5A0FF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{62f5894c-976f-11e1-932c-6c626d5ce55e}\Shell - "" = AutoRun
O33 - MountPoints2\{62f5894c-976f-11e1-932c-6c626d5ce55e}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/18 22:14:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XYZ\Desktop\OTL.exe
[2013/04/10 18:28:28 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/10 18:28:25 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 18:28:25 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 18:28:24 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/10 18:28:20 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/04/10 18:28:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/04/10 18:28:10 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/10 18:28:10 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/04/10 18:28:09 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/04/10 18:28:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/04/10 18:28:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/04/10 18:28:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/10 18:28:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/10 18:28:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/10 18:28:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/04/10 18:28:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/10 18:28:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/04/10 18:28:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/04/04 10:07:59 | 000,000,000 | R--D | C] -- C:\Users\XYZ\Desktop
[2013/04/03 22:30:35 | 000,000,000 | ---D | C] -- C:\Users\XYZ\Auto
[2013/03/28 21:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Becker Content Manager
[2013/03/26 19:38:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[211 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/18 23:17:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/18 22:14:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XYZ\Desktop\OTL.exe
[2013/04/18 22:11:38 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/18 22:11:38 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/18 22:04:15 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/18 22:04:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/18 22:03:53 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/11 23:25:54 | 000,693,922 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2013/04/11 23:25:54 | 000,691,660 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013/04/11 23:25:54 | 000,690,194 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013/04/11 23:25:54 | 000,689,576 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2013/04/11 23:25:54 | 000,679,810 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2013/04/11 23:25:54 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/11 23:25:54 | 000,632,648 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2013/04/11 23:25:54 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/11 23:25:54 | 000,610,670 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2013/04/11 23:25:54 | 000,148,520 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2013/04/11 23:25:54 | 000,137,272 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2013/04/11 23:25:54 | 000,135,050 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013/04/11 23:25:54 | 000,133,962 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2013/04/11 23:25:54 | 000,133,150 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013/04/11 23:25:54 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/11 23:25:54 | 000,127,354 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2013/04/11 23:25:54 | 000,121,736 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2013/04/11 23:25:54 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/10 20:44:17 | 000,368,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/04 00:49:24 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2013/03/28 21:50:07 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Becker Content Manager.lnk
[211 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/04 00:49:24 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2013/03/28 21:50:07 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Becker Content Manager.lnk
[2012/04/14 22:22:34 | 000,000,288 | ---- | C] () -- C:\Users\XYZ\AppData\Roaming\.backup.dm
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Techno Kit
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tables
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\System Image Utility
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\Synth Textures
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\Synth Pads
[2012/03/18 18:02:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/03/18 18:02:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Vocal Transformer
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\User Pictures
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\URLs
[2012/03/18 18:02:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/01/14 19:53:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012/01/07 23:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\XYZ\AppData\Local\keyfile3.drm
[2011/12/27 22:33:11 | 000,017,408 | ---- | C] () -- C:\Users\XYZ\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---




Hier der 2.:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/18/2013 11:14:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XYZ\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 56.85% Memory free
6.00 Gb Paging File | 4.32 Gb Available in Paging File | 72.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 803.84 Gb Free Space | 90.28% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
 
Computer Name: XYZ | User Name: XYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B74180-D76A-4C8F-A6F6-3103E109E941}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{07646CDD-4BD2-4800-94BF-8D1DDF9C754B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0C96CB0D-2A7A-4A88-AFE0-BA38E61B4FE9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1310D265-A30C-4FCE-9A40-94039462C0CD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1ABA908A-78FE-4717-8768-7E751053645B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1BCF41E0-8F66-4F4A-A7C7-ABA7FB11B270}" = rport=138 | protocol=17 | dir=out | app=system | 
"{30FCB229-31D0-4705-AD07-8B7E61490568}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5787F921-5431-4BA2-A3E2-0FAD3C661A8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D2B11F8-A097-4992-A229-DC6AA51A9A22}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{73BC6293-9162-4966-82B4-3042E2D74DEB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7714FED0-79FC-4D57-B4DD-B98B4A1A9DC6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7B3AE9FE-3D74-4F90-B772-FF9ABF0FC216}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8C1A9568-F520-4BBC-AB24-8B809B571F84}" = lport=445 | protocol=6 | dir=in | app=system | 
"{93D50508-69FE-4C5E-B532-0C511EB50E75}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9ACDED70-11A1-4D4C-8ECD-A482449B92AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0CC27A7-9A11-4826-925A-6F85F9A33CAF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A15040A5-2E7D-47D3-B496-55133D56F708}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A35DC2EA-9E0D-4F08-8681-48AD467A2981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF10D220-3861-4641-BCDB-ACFA81EDF20A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D3F7F406-992C-4FD0-B448-970A8BAABB26}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D964598F-3CD9-4F7E-BB08-767C59DCB4A4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DE2E95B6-C0E2-4763-9E92-2496398CEE48}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DFEABD30-BFC3-4CCE-A191-7C4D90990D82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F66BCFBD-B2E1-443A-AE50-D696DE926991}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FC471ED0-36BF-403A-98C6-924DDDA231A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053BC0F2-836E-4A84-B8F6-7A6A083BE34E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{056F4C23-7EB4-468C-AD6E-11CD8DCEE687}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{087EFD99-E62A-4F9F-84EA-5F639E1BA320}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0972544F-A9EF-4820-A959-BC5652A47D61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B5B3474-02D5-41FB-8BE7-1A00B93CB5BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0DD76F02-0CB6-4CEE-965F-16849E1338F5}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{18D5E152-030D-433B-8459-F85965F86922}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{1E8312E3-AD9C-4571-81CA-096E569236F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{26B4EB06-280F-4994-B6CC-B3DA46B68444}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{2B14787F-8F01-49ED-9062-8067830607BF}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{2F1F19AA-2CC0-4CF2-A561-4F7E64587125}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{34307912-13DA-47F9-84BD-EEFC76C89661}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{4342EE36-DF66-48A8-BF20-4E7C975ADC6F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{47113460-FF6D-44AB-A9F0-8CD28615B7DC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{57B951B6-CC36-4F94-9D41-52F345B58648}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5BC15063-A98C-42EF-8687-F2C22B1E6D91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5BFE8A42-CCD1-4057-8B4D-DF256BE8C2FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6F2811AE-0F27-4702-9F6F-3C9333937DD9}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{6F71CB98-89D4-4E4D-B6A8-18EB3F758F9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{708A2176-7AFC-4F3E-8458-55C8DF4B08F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9BF3B4EF-16AF-4778-874A-5D57E96D710B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{9D9FCCDC-E783-484A-B2CE-DBF502633089}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1AC82B1-4E9F-49D1-896E-27467F231803}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A60207D4-5143-47B2-BEB6-1CD7EC4F8017}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{AFE24910-1896-442A-A6D7-335F4C877CB1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B5197E2F-C93E-449B-A3FB-0C37728F25F8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{BAF72E62-8F83-4521-9CC8-5D5DEB333F70}" = protocol=6 | dir=out | app=system | 
"{C1EF6C8D-FC59-418B-95FE-4931E86AC009}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C687FEEC-0745-40B9-81DB-A81853269CF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D0CAABE8-6F10-45E2-95D6-6EB995F26B48}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{DC23138F-AB29-4B58-BCCD-F6B2B4D8BD89}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{F9063565-9DE5-418F-986D-848F6E68A389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD006F46-67D8-44BB-986F-3772F16FD129}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28F11027-A8BC-44D3-A59A-CA018ED73E8C}" = Compact&Easy
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80D847BF-3610-4BE4-9F05-970BADEADB9A}" = Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{BE7785D6-045F-44FB-A1E4-3FA555874415}" = pdfforge Toolbar v7.0
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EB788378-C27A-468F-BEAC-00C123D216E6}" = WEB.DE Toolbar MSVC90 CRT
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Becker Content Manager" = Becker Content Manager 5.20.1008
"Content Manager 2" = Content Manager 2
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"ICQToolbar" = ICQ Toolbar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/12/2013 2:55:47 PM | Computer Name = XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17267,
 Zeitstempel: 0x51317269  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000004  ID des fehlerhaften
 Prozesses: 0x14c4  Startzeit der fehlerhaften Anwendung: 0x01ce37aeda71f89a  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 9563d935-a3a2-11e2-92d1-6c626d5ce55e
 
Error - 4/12/2013 3:27:42 PM | Computer Name = XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17267,
 Zeitstempel: 0x51317269  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000004  ID des fehlerhaften
 Prozesses: 0xbac  Startzeit der fehlerhaften Anwendung: 0x01ce37af57feb79d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 0b21c64b-a3a7-11e2-92d1-6c626d5ce55e
 
Error - 4/12/2013 3:47:16 PM | Computer Name = XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17267,
 Zeitstempel: 0x51317269  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000004  ID des fehlerhaften
 Prozesses: 0x127c  Startzeit der fehlerhaften Anwendung: 0x01ce37b60e9df6ac  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: c6c3603a-a3a9-11e2-92d1-6c626d5ce55e
 
Error - 4/14/2013 11:22:35 PM | Computer Name = XYZ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Spigot\Search Settings\SearchSettings64.exe".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 13
Description = 
 
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 8193
Description = 
 
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 13
Description = 
 
Error - 4/15/2013 1:08:41 AM | Computer Name = XYZ | Source = VSS | ID = 8193
Description = 
 
Error - 4/16/2013 4:11:52 PM | Computer Name = XYZ | Source = Application Hang | ID = 1002
Description = Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 128c    Startzeit: 01ce3ad73a94ae92    Endzeit: 0    Anwendungspfad: 
C:\Windows\system32\rundll32.exe    Berichts-ID:   
 
Error - 4/16/2013 4:11:52 PM | Computer Name = XYZ | Source = Application Hang | ID = 1002
Description = Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 9cc    Startzeit: 01ce3ad73cb106f0    Endzeit: 0    Anwendungspfad: C:\Windows\system32\rundll32.exe

Berichts-ID:
   
 
[ System Events ]
Error - 4/14/2013 11:37:31 PM | Computer Name = XYZ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1043
Description = Das Sprachpaket für tr-TR kann von CBS nicht entfernt werden. Zurückgegebener
 CBS-Fehlercode: 0x80073701.
 
Error - 4/14/2013 11:38:32 PM | Computer Name = XYZ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = CBS-Fehler 0x80073701 '' bei Verwendung des Benutzeroberflächen-Sprachpakets
 für hu-HU.
 
Error - 4/14/2013 11:38:32 PM | Computer Name = XYZ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1043
Description = Das Sprachpaket für hu-HU kann von CBS nicht entfernt werden. Zurückgegebener
 CBS-Fehlercode: 0x80073701.
 
Error - 4/15/2013 1:08:15 AM | Computer Name = XYZ | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7
 
Error - 4/16/2013 4:30:53 PM | Computer Name = XYZ | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7
 
Error - 4/17/2013 3:02:20 PM | Computer Name = XYZ | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?04.?2013 um 22:30:16 unerwartet heruntergefahren.
 
Error - 4/17/2013 3:24:55 PM | Computer Name = XYZ | Source = DCOM | ID = 10016
Description = 
 
Error - 4/17/2013 3:24:55 PM | Computer Name = XYZ | Source = DCOM | ID = 10016
Description = 
 
Error - 4/17/2013 5:43:06 PM | Computer Name = XYZ | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7
 
Error - 4/18/2013 4:04:04 PM | Computer Name = XYZ | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?04.?2013 um 23:43:08 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---


Alt 19.04.2013, 01:03   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen

Alt 19.04.2013, 21:41   #7
tseb
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Hallo,

Schritt 1) Rootkitscan mit GMER hat funkioniert.

Zu Schritt 2) Malwarebytes Anti-Rootkit (MBAR) habe ich Fragen / Verständnisprobleme. Ich habe das MBAR auf dem Desktop gespeichert. Es ist ein ZIP-Ordner.

Was meinst du mit "Entpacke das Archiv auf deinem Desktop"? Das verstehe ich nicht. Dann: "Im neu erstellten Ordner starte bitte die mbar.exe" - meinst du in diesem ZIP-Ordner die Anwendung mbar? Wenn ich das drücke wird angezeigt, dass die Dateien vorher extrahiert werden müssen (was heißt das)?

Alt 20.04.2013, 17:18   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Zitat:
Schritt 1) Rootkitscan mit GMER hat funkioniert.
Und wo ist das Log?

Zitat:
Was meinst du mit "Entpacke das Archiv auf deinem Desktop"? Das verstehe ich nicht
Hast du noch nie was von komprimierten Dateien gehört?
Zb ZIP-Dateiformat ? Wikipedia oder 7-Zip ? Wikipedia

7zip Download: mit 7-Zip Dateien packen und entpacken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.04.2013, 18:01   #9
tseb
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Hier das Log zu Schritt 1:

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-19 21:54:26
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JP4O 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\XYZ\AppData\Local\Temp\uxlcypod.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwAdjustPrivilegesToken [0x8CCDD392]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwAlpcConnectPort [0x8CCF824A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwAlpcCreatePort [0x8CCF8580]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwAlpcSendWaitReceivePort [0x8CCF88F6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwClose [0x8CCDDE0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwConnectPort [0x8CCF7F32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwCreateEvent [0x8CCDE37E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwCreateMutant [0x8CCDE26C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwCreatePort [0x8CCF83F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwCreateSection [0x8CCDD14E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwCreateSemaphore [0x8CCDE496]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwCreateThread [0x8CCDD9C2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwCreateThreadEx [0x8CCDDB32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwCreateUserProcess [0x8CCDE5AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwCreateWaitablePort [0x8CCF84B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwDebugActiveProcess [0x8CCDE856]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwDeviceIoControlFile [0x8CCDDE4E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwDuplicateObject [0x8CCDF858]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwLoadDriver [0x8CCDE948]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwMapViewOfSection [0x8CCDEEB4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwNotifyChangeKey [0x8CCF6722]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwOpenEvent [0x8CCDE410]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwOpenMutant [0x8CCDE2F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwOpenProcess [0x8CCDD5CC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwOpenSection [0x8CCDEC98]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwOpenSemaphore [0x8CCDE528]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwOpenThread [0x8CCDD4C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwQueryDirectoryObject [0x8CCDE664]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwQueryObject [0x8CCF691A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwQuerySection [0x8CCDF1DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwQueueApcThread [0x8CCDEAE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwReplyPort [0x8CCF86E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwReplyWaitReceivePort [0x8CCF8632]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwRequestWaitReplyPort [0x8CCF8750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwResumeThread [0x8CCDF6FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwSecureConnectPort [0x8CCF80BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwSetContextThread [0x8CCDDCAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwSetInformationToken [0x8CCDE702]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwSetSystemInformation [0x8CCDF32A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwSuspendProcess [0x8CCDF41E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwSuspendThread [0x8CCDF558]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwSystemDebugControl [0x8CCDE778]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwTerminateProcess [0x8CCDD76C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwTerminateThread [0x8CCDD6C2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwUnmapViewOfSection [0x8CCDF092]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                           ZwWriteVirtualMemory [0x8CCDD858]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13F9                                                                       83487829 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                          834AC132 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 230                                                                             834B3910 4 Bytes  [92, D3, CD, 8C]
.text           ntkrnlpa.exe!RtlSidHashLookup + 258                                                                             834B3938 8 Bytes  [4A, 82, CF, 8C, 80, 85, CF, ...]
.text           ntkrnlpa.exe!RtlSidHashLookup + 29C                                                                             834B397C 4 Bytes  [F6, 88, CF, 8C]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2C8                                                                             834B39A8 4 Bytes  [0C, DE, CD, 8C] {OR AL, 0xde; INT 0x8c}
.text           ntkrnlpa.exe!RtlSidHashLookup + 2EC                                                                             834B39CC 4 Bytes  [32, 7F, CF, 8C]
.text           ...                                                                                                             
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                        section is writeable [0x92C31000, 0x2FBAB4, 0xE8000020]

---- User code sections - GMER 2.1 ----

?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] C:\Windows\SYSTEM32\ntdll.dll     time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] ntdll.dll!NtProtectVirtualMemory  77465000 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; unknown module: KERNELBASE.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1964] USER32.dll!NotifyWinEvent + 48B   76B8F724 4 Bytes  [E0, 13, 54, 67]
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] C:\Windows\SYSTEM32\ntdll.dll     time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] ntdll.dll!NtProtectVirtualMemory  77465000 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; unknown module: KERNELBASE.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2560] USER32.dll!NotifyWinEvent + 48B   76B8F724 4 Bytes  [E0, 13, 54, 67]
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueExA                               76E21B96 5 Bytes  JMP 5A67BDF0 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueExW                               76E21C82 6 Bytes  JMP 6A8615A4 C:\Program Files\Common Files\Spigot\Search Settings\wth160.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueW                                 76E3FA72 6 Bytes  JMP 5A67BD70 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] ADVAPI32.dll!RegSetValueA                                 76E6F529 5 Bytes  JMP 5A67BD00 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!CreateWindowExW                                76B80E51 5 Bytes  JMP 69A58177 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxIndirectParamW                        76BA4AA7 5 Bytes  JMP 69B81FE8 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!TrackPopupMenu                                 76BA4B3B 5 Bytes  JMP 5A675D00 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxParamW                                76BA564A 5 Bytes  JMP 5A671380 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!TrackPopupMenuEx                               76BA5F72 5 Bytes  JMP 5A675D80 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxParamA                                76BBCF6A 5 Bytes  JMP 69B81F85 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxIndirectParamA                        76BBD29C 5 Bytes  JMP 69B8204B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxIndirectA                            76BCE8C9 5 Bytes  JMP 69B81F1A C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxIndirectW                            76BCE9C3 5 Bytes  JMP 69B81EAF C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxExA                                  76BCEA29 5 Bytes  JMP 69B81E4D C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxExW                                  76BCEA4D 5 Bytes  JMP 69B81DEB C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] ADVAPI32.dll!RegSetValueExA                               76E21B96 5 Bytes  JMP 5A67BDF0 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] ADVAPI32.dll!RegSetValueExW                               76E21C82 6 Bytes  JMP 6A8615A4 C:\Program Files\Common Files\Spigot\Search Settings\wth160.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogParamW                             76B79BFF 5 Bytes  JMP 699AC5A8 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!EnableWindow                                   76B7A72E 5 Bytes  JMP 699AC523 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!GetAsyncKeyState                               76B7C09A 5 Bytes  JMP 6996D6D9 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!UnhookWindowsHookEx                            76B7CC7B 5 Bytes  JMP 69A683A2 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CallNextHookEx                                 76B7CC8F 5 Bytes  JMP 69A49D5C C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateWindowExW                                76B80E51 5 Bytes  JMP 69A58177 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SetWindowsHookExW                              76B8210A 5 Bytes  JMP 69A0464B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!GetKeyState                                    76B84FDA 5 Bytes  JMP 699AD79A C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!IsDialogMessageW                               76B86F06 5 Bytes  JMP 69974274 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogParamA                             76B93E79 5 Bytes  JMP 69B82BE9 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!IsDialogMessage                                76B9407A 5 Bytes  JMP 69B8248A C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogIndirectParamA                     76B99110 5 Bytes  JMP 69B82C20 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!CreateDialogIndirectParamW                     76BA08AD 5 Bytes  JMP 69B82C57 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxIndirectParamW                        76BA4AA7 5 Bytes  JMP 69B81FE8 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!TrackPopupMenu                                 76BA4B3B 5 Bytes  JMP 5A675D00 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!EndDialog                                      76BA555C 5 Bytes  JMP 69975AD9 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxParamW                                76BA564A 5 Bytes  JMP 5A671380 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!TrackPopupMenuEx                               76BA5F72 5 Bytes  JMP 5A675D80 C:\Users\XYZ\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\ConduitHook.DLL
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SetKeyboardState                               76BA6B52 5 Bytes  JMP 69B827EF C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SendInput                                      76BA7055 5 Bytes  JMP 69B833B4 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!SetCursorPos                                   76BBC1D8 5 Bytes  JMP 69B8340C C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxParamA                                76BBCF6A 5 Bytes  JMP 69B81F85 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxIndirectParamA                        76BBD29C 5 Bytes  JMP 69B8204B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxIndirectA                            76BCE8C9 5 Bytes  JMP 69B81F1A C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxIndirectW                            76BCE9C3 5 Bytes  JMP 69B81EAF C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxExA                                  76BCEA29 5 Bytes  JMP 69B81E4D C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxExW                                  76BCEA4D 5 Bytes  JMP 69B81DEB C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!keybd_event                                    76BCEC9B 5 Bytes  JMP 69B8373F C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] SHELL32.dll!SHChangeNotification_Lock + 45BA              7590B440 4 Bytes  [11, 36, 05, 6B]
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] SHELL32.dll!SHChangeNotification_Lock + 45C2              7590B448 8 Bytes  [5F, 35, 05, 6B, D0, 73, 04, ...] {POP EDI; XOR EAX, 0x73d06b05; ADD AL, 0x6b}
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] ole32.dll!OleLoadFromStream                               772C5BF6 3 Bytes  JMP 69B82346 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] ole32.dll!OleLoadFromStream + 4                           772C5BFA 1 Byte  [F2]
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] ole32.dll!CoCreateInstance                                7731590C 5 Bytes  JMP 69A58C65 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!closesocket                                    76F93BED 5 Bytes  JMP 5F6141DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!socket                                         76F93F00 5 Bytes  JMP 5F61354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!recv                                           76F947DF 5 Bytes  JMP 5F614549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!connect                                        76F948BE 5 Bytes  JMP 5F6135DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!getaddrinfo                                    76F96737 5 Bytes  JMP 5F613704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5556] ws2_32.DLL!send                                           76F9C4C8 5 Bytes  JMP 5F613B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                         kl1.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                         kl1.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                       kl1.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                           unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---




Schritt 2): Es wurde keine Malware gefunden! WIe kann das denn sein? Hier das Logfile dazu:


Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.20.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
XYZ :: XYZ [administrator]

20.04.2013 18:56:45
mbar-log-2013-04-20 (18-56-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30405
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Geändert von tseb (20.04.2013 um 18:07 Uhr)

Alt 20.04.2013, 18:03   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.04.2013, 22:17   #11
tseb
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Gibt es in diesen Protokollen außer dem Namen noch weitere Daten die zwecks Datenschutz zu entfernen sind wenn ich sie hier einstelle?

aswMBR:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-20 22:44:34
-----------------------------
22:44:34.436 OS Version: Windows 6.1.7600
22:44:34.436 Number of processors: 2 586 0x170A
22:44:34.436 ComputerName: XYZ UserName:
22:44:38.446 Initialize success
22:52:52.689 AVAST engine defs: 13042000
23:06:32.408 The log file has been saved successfully to "C:\Users\XYZ\Desktop\aswMBR.txt"




TDSS-Killer:

23:08:21.0 4804 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:08:21.0950 4804 ============================================================
23:08:21.0950 4804 Current date / time: 2013/04/20 23:08:21.0950
23:08:21.0950 4804 SystemInfo:
23:08:21.0950 4804
23:08:21.0950 4804 OS Version: 6.1.7600 ServicePack: 0.0
23:08:21.0950 4804 Product type: Workstation
23:08:21.0950 4804 ComputerName: XYZ
23:08:21.0950 4804 UserName: XYZ
23:08:21.0950 4804 Windows directory: C:\Windows
23:08:21.0950 4804 System windows directory: C:\Windows
23:08:21.0950 4804 Processor architecture: Intel x86
23:08:21.0950 4804 Number of processors: 2
23:08:21.0950 4804 Page size: 0x1000
23:08:21.0950 4804 Boot type: Normal boot
23:08:21.0950 4804 ============================================================
23:08:22.0543 4804 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:08:22.0543 4804 ============================================================
23:08:22.0543 4804 \Device\Harddisk0\DR0:
23:08:22.0543 4804 MBR partitions:
23:08:22.0543 4804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:08:22.0543 4804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3000
23:08:22.0543 4804 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6F505800, BlocksNum 0x5000000
23:08:22.0543 4804 ============================================================
23:08:22.0574 4804 C: <-> \Device\Harddisk0\DR0\Partition2
23:08:22.0637 4804 D: <-> \Device\Harddisk0\DR0\Partition3
23:08:22.0637 4804 ============================================================
23:08:22.0637 4804 Initialize success
23:08:22.0637 4804 ============================================================
23:08:38.0097 6284 ============================================================
23:08:38.0097 6284 Scan started
23:08:38.0097 6284 Mode: Manual;
23:08:38.0097 6284 ============================================================
23:08:39.0704 6284 ================ Scan system memory ========================
23:08:39.0704 6284 System memory - ok
23:08:39.0704 6284 ================ Scan services =============================
23:08:39.0923 6284 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:08:39.0923 6284 1394ohci - ok
23:08:40.0063 6284 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:08:40.0063 6284 ACDaemon - ok
23:08:40.0125 6284 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:08:40.0125 6284 ACPI - ok
23:08:40.0172 6284 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:08:40.0188 6284 AcpiPmi - ok
23:08:40.0297 6284 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:08:40.0297 6284 adp94xx - ok
23:08:40.0391 6284 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:08:40.0391 6284 adpahci - ok
23:08:40.0453 6284 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:08:40.0469 6284 adpu320 - ok
23:08:40.0500 6284 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:08:40.0500 6284 AeLookupSvc - ok
23:08:40.0625 6284 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
23:08:40.0625 6284 AFD - ok
23:08:40.0656 6284 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:08:40.0718 6284 agp440 - ok
23:08:40.0734 6284 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:08:40.0749 6284 aic78xx - ok
23:08:40.0765 6284 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:08:40.0765 6284 ALG - ok
23:08:40.0781 6284 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:08:40.0812 6284 aliide - ok
23:08:40.0827 6284 [ 60201AD353105D8C6796C1B69E6C49F0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:08:40.0843 6284 AMD External Events Utility - ok
23:08:40.0859 6284 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
23:08:40.0874 6284 amdagp - ok
23:08:40.0905 6284 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:08:40.0921 6284 amdide - ok
23:08:40.0937 6284 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:08:40.0952 6284 AmdK8 - ok
23:08:41.0061 6284 [ 51610B74A9A1D84DC86FCE1019BEAFF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:08:41.0108 6284 amdkmdag - ok
23:08:41.0124 6284 [ CD1D86AB81EECE67D7BD6F7EF9786CCC ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:08:41.0139 6284 amdkmdap - ok
23:08:41.0155 6284 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:08:41.0155 6284 AmdPPM - ok
23:08:41.0186 6284 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:08:41.0233 6284 amdsata - ok
23:08:41.0264 6284 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:08:41.0264 6284 amdsbs - ok
23:08:41.0280 6284 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:08:41.0280 6284 amdxata - ok
23:08:41.0295 6284 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
23:08:41.0295 6284 AppID - ok
23:08:41.0327 6284 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:08:41.0327 6284 AppIDSvc - ok
23:08:41.0342 6284 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
23:08:41.0342 6284 Appinfo - ok
23:08:41.0420 6284 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:08:41.0420 6284 Apple Mobile Device - ok
23:08:41.0529 6284 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
23:08:41.0529 6284 Application Updater - ok
23:08:41.0561 6284 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:08:41.0576 6284 arc - ok
23:08:41.0592 6284 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:08:41.0592 6284 arcsas - ok
23:08:41.0607 6284 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:41.0607 6284 AsyncMac - ok
23:08:41.0639 6284 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:08:41.0639 6284 atapi - ok
23:08:41.0701 6284 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
23:08:41.0732 6284 AtiHdmiService - ok
23:08:41.0763 6284 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:08:41.0763 6284 AudioEndpointBuilder - ok
23:08:41.0779 6284 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:08:41.0779 6284 Audiosrv - ok
23:08:41.0810 6284 AVP - ok
23:08:41.0826 6284 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:08:41.0826 6284 AxInstSV - ok
23:08:41.0857 6284 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:08:41.0888 6284 b06bdrv - ok
23:08:41.0904 6284 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:08:41.0919 6284 b57nd60x - ok
23:08:41.0966 6284 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:08:41.0966 6284 BDESVC - ok
23:08:41.0982 6284 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:08:41.0982 6284 Beep - ok
23:08:41.0997 6284 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
23:08:42.0013 6284 BFE - ok
23:08:42.0044 6284 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
23:08:42.0060 6284 BITS - ok
23:08:42.0075 6284 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:08:42.0075 6284 blbdrive - ok
23:08:42.0122 6284 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:08:42.0138 6284 Bonjour Service - ok
23:08:42.0153 6284 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:08:42.0153 6284 bowser - ok
23:08:42.0185 6284 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:08:42.0247 6284 BrFiltLo - ok
23:08:42.0278 6284 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:08:42.0278 6284 BrFiltUp - ok
23:08:42.0309 6284 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
23:08:42.0309 6284 Browser - ok
23:08:42.0325 6284 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:08:42.0356 6284 Brserid - ok
23:08:42.0387 6284 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:08:42.0419 6284 BrSerWdm - ok
23:08:42.0434 6284 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:08:42.0481 6284 BrUsbMdm - ok
23:08:42.0497 6284 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:08:42.0512 6284 BrUsbSer - ok
23:08:42.0528 6284 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:08:42.0543 6284 BTHMODEM - ok
23:08:42.0559 6284 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:08:42.0559 6284 bthserv - ok
23:08:42.0590 6284 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:08:42.0590 6284 cdfs - ok
23:08:42.0621 6284 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:08:42.0621 6284 cdrom - ok
23:08:42.0637 6284 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
23:08:42.0637 6284 CertPropSvc - ok
23:08:42.0653 6284 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:08:42.0668 6284 circlass - ok
23:08:42.0684 6284 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:08:42.0684 6284 CLFS - ok
23:08:42.0731 6284 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:42.0731 6284 clr_optimization_v2.0.50727_32 - ok
23:08:42.0762 6284 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:08:42.0809 6284 clr_optimization_v4.0.30319_32 - ok
23:08:42.0840 6284 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:08:42.0871 6284 CmBatt - ok
23:08:42.0902 6284 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:08:42.0933 6284 cmdide - ok
23:08:42.0965 6284 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
23:08:42.0965 6284 CNG - ok
23:08:42.0980 6284 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:08:42.0996 6284 Compbatt - ok
23:08:43.0043 6284 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:08:43.0043 6284 CompositeBus - ok
23:08:43.0058 6284 COMSysApp - ok
23:08:43.0074 6284 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:08:43.0074 6284 crcdisk - ok
23:08:43.0121 6284 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:08:43.0121 6284 CryptSvc - ok
23:08:43.0183 6284 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:08:43.0199 6284 cvhsvc - ok
23:08:43.0245 6284 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
23:08:43.0261 6284 DcomLaunch - ok
23:08:43.0292 6284 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:08:43.0292 6284 defragsvc - ok
23:08:43.0323 6284 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:08:43.0323 6284 DfsC - ok
23:08:43.0339 6284 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:08:43.0355 6284 Dhcp - ok
23:08:43.0370 6284 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:08:43.0370 6284 discache - ok
23:08:43.0386 6284 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:08:43.0386 6284 Disk - ok
23:08:43.0417 6284 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:08:43.0417 6284 Dnscache - ok
23:08:43.0417 6284 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
23:08:43.0433 6284 dot3svc - ok
23:08:43.0448 6284 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
23:08:43.0448 6284 DPS - ok
23:08:43.0479 6284 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:08:43.0479 6284 drmkaud - ok
23:08:43.0511 6284 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:08:43.0526 6284 DXGKrnl - ok
23:08:43.0542 6284 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:08:43.0542 6284 EapHost - ok
23:08:43.0604 6284 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:08:43.0635 6284 ebdrv - ok
23:08:43.0651 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
23:08:43.0651 6284 EFS - ok
23:08:43.0698 6284 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:08:43.0713 6284 ehRecvr - ok
23:08:43.0729 6284 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:08:43.0745 6284 ehSched - ok
23:08:43.0776 6284 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:08:43.0807 6284 elxstor - ok
23:08:43.0838 6284 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:08:43.0854 6284 ErrDev - ok
23:08:43.0885 6284 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:08:43.0901 6284 EventSystem - ok
23:08:43.0916 6284 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:08:43.0916 6284 exfat - ok
23:08:43.0932 6284 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:08:43.0932 6284 fastfat - ok
23:08:43.0963 6284 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
23:08:43.0963 6284 Fax - ok
23:08:43.0994 6284 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:08:43.0994 6284 fdc - ok
23:08:44.0010 6284 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:08:44.0010 6284 fdPHost - ok
23:08:44.0025 6284 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:08:44.0025 6284 FDResPub - ok
23:08:44.0057 6284 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:08:44.0057 6284 FileInfo - ok
23:08:44.0072 6284 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:08:44.0072 6284 Filetrace - ok
23:08:44.0088 6284 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:08:44.0103 6284 flpydisk - ok
23:08:44.0119 6284 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:08:44.0135 6284 FltMgr - ok
23:08:44.0166 6284 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
23:08:44.0166 6284 FontCache - ok
23:08:44.0228 6284 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:08:44.0228 6284 FontCache3.0.0.0 - ok
23:08:44.0244 6284 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:08:44.0244 6284 FsDepends - ok
23:08:44.0275 6284 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:08:44.0275 6284 Fs_Rec - ok
23:08:44.0306 6284 [ 4732E596BB1C50D9F9188C5074EE7782 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:08:44.0306 6284 fvevol - ok
23:08:44.0337 6284 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:08:44.0337 6284 gagp30kx - ok
23:08:44.0369 6284 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:08:44.0369 6284 GEARAspiWDM - ok
23:08:44.0400 6284 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
23:08:44.0415 6284 gpsvc - ok
23:08:44.0447 6284 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:08:44.0462 6284 gupdate - ok
23:08:44.0478 6284 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:08:44.0478 6284 gupdatem - ok
23:08:44.0493 6284 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:08:44.0493 6284 gusvc - ok
23:08:44.0525 6284 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:08:44.0540 6284 hcw85cir - ok
23:08:44.0556 6284 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:08:44.0603 6284 HdAudAddService - ok
23:08:44.0634 6284 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:08:44.0634 6284 HDAudBus - ok
23:08:44.0649 6284 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:08:44.0649 6284 HidBatt - ok
23:08:44.0665 6284 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:08:44.0665 6284 HidBth - ok
23:08:44.0681 6284 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:08:44.0681 6284 HidIr - ok
23:08:44.0712 6284 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
23:08:44.0712 6284 hidserv - ok
23:08:44.0727 6284 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:08:44.0727 6284 HidUsb - ok
23:08:44.0759 6284 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:08:44.0759 6284 hkmsvc - ok
23:08:44.0774 6284 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:08:44.0774 6284 HomeGroupListener - ok
23:08:44.0805 6284 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:08:44.0805 6284 HomeGroupProvider - ok
23:08:44.0821 6284 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:08:44.0837 6284 HpSAMD - ok
23:08:44.0852 6284 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:08:44.0852 6284 HTTP - ok
23:08:44.0868 6284 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:08:44.0868 6284 hwpolicy - ok
23:08:44.0915 6284 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:08:44.0915 6284 i8042prt - ok
23:08:44.0930 6284 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:08:44.0930 6284 iaStor - ok
23:08:44.0961 6284 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:08:44.0977 6284 IAStorDataMgrSvc - ok
23:08:44.0993 6284 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:08:44.0993 6284 iaStorV - ok
23:08:45.0055 6284 [ B1A28FA1AFDE10B95FF9354B15701D70 ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe
23:08:45.0071 6284 ICQ Service - ok
23:08:45.0117 6284 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:08:45.0195 6284 IDriverT - ok
23:08:45.0258 6284 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:08:45.0273 6284 idsvc - ok
23:08:45.0398 6284 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:08:45.0476 6284 igfx - ok
23:08:45.0507 6284 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:08:45.0539 6284 iirsp - ok
23:08:45.0570 6284 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
23:08:45.0585 6284 IKEEXT - ok
23:08:45.0679 6284 [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:08:45.0788 6284 IntcAzAudAddService - ok
23:08:45.0804 6284 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:08:45.0804 6284 intelide - ok
23:08:45.0835 6284 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:08:45.0835 6284 intelppm - ok
23:08:45.0851 6284 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:08:45.0866 6284 IPBusEnum - ok
23:08:45.0866 6284 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:08:45.0882 6284 IpFilterDriver - ok
23:08:45.0897 6284 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:08:45.0913 6284 iphlpsvc - ok
23:08:45.0929 6284 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:08:46.0038 6284 IPMIDRV - ok
23:08:46.0053 6284 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:08:46.0053 6284 IPNAT - ok
23:08:46.0100 6284 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:08:46.0178 6284 iPod Service - ok
23:08:46.0209 6284 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:08:46.0225 6284 IRENUM - ok
23:08:46.0225 6284 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:08:46.0241 6284 isapnp - ok
23:08:46.0272 6284 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:08:46.0272 6284 iScsiPrt - ok
23:08:46.0303 6284 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:08:46.0303 6284 kbdclass - ok
23:08:46.0334 6284 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:08:46.0334 6284 kbdhid - ok
23:08:46.0350 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
23:08:46.0350 6284 KeyIso - ok
23:08:46.0397 6284 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
23:08:46.0397 6284 KL1 - ok
23:08:46.0412 6284 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
23:08:46.0412 6284 kl2 - ok
23:08:46.0443 6284 [ D4C57824767D3ECBD89883A33F4FD87A ] KLIF C:\Windows\system32\DRIVERS\klif.sys
23:08:46.0459 6284 KLIF - ok
23:08:46.0490 6284 [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
23:08:46.0490 6284 KLIM6 - ok
23:08:46.0506 6284 [ 3DE1771C135328420315E21DDE229BBA ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
23:08:46.0506 6284 klmouflt - ok
23:08:46.0537 6284 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:08:46.0537 6284 KSecDD - ok
23:08:46.0553 6284 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:08:46.0553 6284 KSecPkg - ok
23:08:46.0584 6284 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:08:46.0584 6284 KtmRm - ok
23:08:46.0615 6284 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
23:08:46.0615 6284 LanmanServer - ok
23:08:46.0646 6284 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:08:46.0646 6284 LanmanWorkstation - ok
23:08:46.0677 6284 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:08:46.0693 6284 lltdio - ok
23:08:46.0693 6284 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:08:46.0709 6284 lltdsvc - ok
23:08:46.0709 6284 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:08:46.0709 6284 lmhosts - ok
23:08:46.0740 6284 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:08:46.0740 6284 LSI_FC - ok
23:08:46.0755 6284 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:08:46.0771 6284 LSI_SAS - ok
23:08:46.0787 6284 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:08:46.0802 6284 LSI_SAS2 - ok
23:08:46.0818 6284 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:08:46.0833 6284 LSI_SCSI - ok
23:08:46.0849 6284 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:08:46.0849 6284 luafv - ok
23:08:46.0880 6284 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:08:46.0880 6284 Mcx2Svc - ok
23:08:46.0896 6284 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:08:46.0896 6284 megasas - ok
23:08:46.0911 6284 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:08:46.0927 6284 MegaSR - ok
23:08:46.0943 6284 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:08:46.0943 6284 MMCSS - ok
23:08:46.0958 6284 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:08:46.0958 6284 Modem - ok
23:08:46.0989 6284 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:08:46.0989 6284 monitor - ok
23:08:47.0005 6284 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:08:47.0005 6284 mouclass - ok
23:08:47.0036 6284 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:08:47.0052 6284 mouhid - ok
23:08:47.0067 6284 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:08:47.0067 6284 mountmgr - ok
23:08:47.0083 6284 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:08:47.0099 6284 mpio - ok
23:08:47.0099 6284 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:08:47.0114 6284 mpsdrv - ok
23:08:47.0145 6284 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
23:08:47.0145 6284 MpsSvc - ok
23:08:47.0161 6284 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:08:47.0161 6284 MRxDAV - ok
23:08:47.0192 6284 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:08:47.0192 6284 mrxsmb - ok
23:08:47.0255 6284 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:08:47.0255 6284 mrxsmb10 - ok
23:08:47.0270 6284 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:08:47.0286 6284 mrxsmb20 - ok
23:08:47.0317 6284 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:08:47.0317 6284 msahci - ok
23:08:47.0333 6284 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:08:47.0348 6284 msdsm - ok
23:08:47.0364 6284 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:08:47.0364 6284 MSDTC - ok
23:08:47.0395 6284 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:08:47.0395 6284 Msfs - ok
23:08:47.0411 6284 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:08:47.0411 6284 mshidkmdf - ok
23:08:47.0426 6284 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:08:47.0426 6284 msisadrv - ok
23:08:47.0457 6284 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:08:47.0473 6284 MSiSCSI - ok
23:08:47.0473 6284 msiserver - ok
23:08:47.0504 6284 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:08:47.0504 6284 MSKSSRV - ok
23:08:47.0520 6284 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:08:47.0520 6284 MSPCLOCK - ok
23:08:47.0535 6284 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:08:47.0535 6284 MSPQM - ok
23:08:47.0551 6284 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:08:47.0567 6284 MsRPC - ok
23:08:47.0582 6284 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:08:47.0582 6284 mssmbios - ok
23:08:47.0598 6284 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:08:47.0598 6284 MSTEE - ok
23:08:47.0613 6284 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:08:47.0629 6284 MTConfig - ok
23:08:47.0645 6284 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:08:47.0645 6284 Mup - ok
23:08:47.0660 6284 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
23:08:47.0660 6284 napagent - ok
23:08:47.0691 6284 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:08:47.0691 6284 NativeWifiP - ok
23:08:47.0723 6284 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:08:47.0723 6284 NDIS - ok
23:08:47.0738 6284 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:08:47.0738 6284 NdisCap - ok
23:08:47.0769 6284 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:08:47.0769 6284 NdisTapi - ok
23:08:47.0769 6284 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:08:47.0769 6284 Ndisuio - ok
23:08:47.0785 6284 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:08:47.0785 6284 NdisWan - ok
23:08:47.0801 6284 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:08:47.0801 6284 NDProxy - ok
23:08:47.0816 6284 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:08:47.0816 6284 NetBIOS - ok
23:08:47.0832 6284 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:08:47.0832 6284 NetBT - ok
23:08:47.0832 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
23:08:47.0847 6284 Netlogon - ok
23:08:47.0863 6284 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:08:47.0863 6284 Netman - ok
23:08:47.0879 6284 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:08:47.0879 6284 netprofm - ok
23:08:47.0910 6284 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:08:47.0910 6284 NetTcpPortSharing - ok
23:08:47.0925 6284 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:08:47.0941 6284 nfrd960 - ok
23:08:47.0941 6284 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
23:08:47.0957 6284 NlaSvc - ok
23:08:47.0957 6284 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:08:47.0972 6284 Npfs - ok
23:08:47.0972 6284 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:08:47.0972 6284 nsi - ok
23:08:48.0003 6284 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:08:48.0003 6284 nsiproxy - ok
23:08:48.0050 6284 [ A458A5F7FD79C477D40ED42CF5A230CB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:08:48.0081 6284 Ntfs - ok
23:08:48.0097 6284 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:08:48.0097 6284 Null - ok
23:08:48.0113 6284 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:08:48.0113 6284 nvraid - ok
23:08:48.0128 6284 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:08:48.0128 6284 nvstor - ok
23:08:48.0144 6284 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:08:48.0159 6284 nv_agp - ok
23:08:48.0159 6284 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:08:48.0175 6284 ohci1394 - ok
23:08:48.0206 6284 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:08:48.0206 6284 ose - ok
23:08:48.0315 6284 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:08:48.0534 6284 osppsvc - ok
23:08:48.0565 6284 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:08:48.0565 6284 p2pimsvc - ok
23:08:48.0581 6284 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:08:48.0581 6284 p2psvc - ok
23:08:48.0596 6284 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:08:48.0627 6284 Parport - ok
23:08:48.0659 6284 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:08:48.0659 6284 partmgr - ok
23:08:48.0674 6284 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:08:48.0690 6284 Parvdm - ok
23:08:48.0705 6284 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:08:48.0705 6284 PcaSvc - ok
23:08:48.0721 6284 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
23:08:48.0721 6284 pci - ok
23:08:48.0737 6284 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:08:48.0737 6284 pciide - ok
23:08:48.0768 6284 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:08:48.0768 6284 pcmcia - ok
23:08:48.0783 6284 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:08:48.0783 6284 pcw - ok
23:08:48.0815 6284 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:08:48.0815 6284 PEAUTH - ok
23:08:48.0861 6284 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
23:08:48.0893 6284 pla - ok
23:08:48.0908 6284 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:08:48.0908 6284 PlugPlay - ok
23:08:48.0924 6284 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:08:48.0924 6284 PNRPAutoReg - ok
23:08:48.0939 6284 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:08:48.0939 6284 PNRPsvc - ok
23:08:48.0955 6284 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:08:48.0955 6284 PolicyAgent - ok
23:08:48.0986 6284 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
23:08:48.0986 6284 Power - ok
23:08:49.0017 6284 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:08:49.0017 6284 PptpMiniport - ok
23:08:49.0033 6284 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:08:49.0033 6284 Processor - ok
23:08:49.0080 6284 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
23:08:49.0080 6284 ProfSvc - ok
23:08:49.0080 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:08:49.0095 6284 ProtectedStorage - ok
23:08:49.0111 6284 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:08:49.0111 6284 Psched - ok
23:08:49.0142 6284 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:08:49.0158 6284 PSI_SVC_2 - ok
23:08:49.0189 6284 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:08:49.0220 6284 ql2300 - ok
23:08:49.0251 6284 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:08:49.0267 6284 ql40xx - ok
23:08:49.0283 6284 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:08:49.0298 6284 QWAVE - ok
23:08:49.0314 6284 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:08:49.0314 6284 QWAVEdrv - ok
23:08:49.0329 6284 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:08:49.0329 6284 RasAcd - ok
23:08:49.0345 6284 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:08:49.0345 6284 RasAgileVpn - ok
23:08:49.0361 6284 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:08:49.0361 6284 RasAuto - ok
23:08:49.0376 6284 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:08:49.0376 6284 Rasl2tp - ok
23:08:49.0407 6284 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
23:08:49.0407 6284 RasMan - ok
23:08:49.0423 6284 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:08:49.0423 6284 RasPppoe - ok
23:08:49.0423 6284 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:08:49.0423 6284 RasSstp - ok
23:08:49.0439 6284 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:08:49.0439 6284 rdbss - ok
23:08:49.0470 6284 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:08:49.0470 6284 rdpbus - ok
23:08:49.0485 6284 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:08:49.0485 6284 RDPCDD - ok
23:08:49.0517 6284 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:08:49.0517 6284 RDPENCDD - ok
23:08:49.0517 6284 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:08:49.0517 6284 RDPREFMP - ok
23:08:49.0563 6284 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:08:49.0563 6284 RDPWD - ok
23:08:49.0595 6284 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:08:49.0595 6284 rdyboost - ok
23:08:49.0610 6284 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:08:49.0610 6284 RemoteAccess - ok
23:08:49.0641 6284 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:08:49.0641 6284 RemoteRegistry - ok
23:08:49.0657 6284 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:08:49.0657 6284 RpcEptMapper - ok
23:08:49.0673 6284 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:08:49.0673 6284 RpcLocator - ok
23:08:49.0688 6284 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
23:08:49.0688 6284 RpcSs - ok
23:08:49.0704 6284 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:08:49.0704 6284 rspndr - ok
23:08:49.0735 6284 [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
23:08:49.0751 6284 RTL8167 - ok
23:08:49.0797 6284 [ 51ADEF77E4C929535FD50DA153774E79 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
23:08:49.0813 6284 RTL8192su - ok
23:08:49.0813 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
23:08:49.0829 6284 SamSs - ok
23:08:49.0844 6284 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:08:49.0844 6284 sbp2port - ok
23:08:49.0860 6284 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:08:49.0875 6284 SCardSvr - ok
23:08:49.0891 6284 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:08:49.0891 6284 scfilter - ok
23:08:49.0922 6284 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
23:08:49.0922 6284 Schedule - ok
23:08:49.0938 6284 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:08:49.0938 6284 SCPolicySvc - ok
23:08:49.0969 6284 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:08:49.0969 6284 SDRSVC - ok
23:08:50.0031 6284 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:08:50.0031 6284 SeaPort - ok
23:08:50.0047 6284 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:08:50.0094 6284 secdrv - ok
23:08:50.0109 6284 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:08:50.0109 6284 seclogon - ok
23:08:50.0125 6284 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
23:08:50.0125 6284 SENS - ok
23:08:50.0141 6284 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:08:50.0141 6284 SensrSvc - ok
23:08:50.0172 6284 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:08:50.0187 6284 Serenum - ok
23:08:50.0203 6284 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:08:50.0219 6284 Serial - ok
23:08:50.0219 6284 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:08:50.0250 6284 sermouse - ok
23:08:50.0281 6284 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
23:08:50.0281 6284 SessionEnv - ok
23:08:50.0297 6284 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:08:50.0312 6284 sffdisk - ok
23:08:50.0328 6284 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:08:50.0328 6284 sffp_mmc - ok
23:08:50.0343 6284 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:08:50.0343 6284 sffp_sd - ok
23:08:50.0359 6284 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:08:50.0359 6284 sfloppy - ok
23:08:50.0390 6284 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
23:08:50.0406 6284 Sftfs - ok
23:08:50.0453 6284 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
23:08:50.0453 6284 sftlist - ok
23:08:50.0484 6284 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:08:50.0499 6284 Sftplay - ok
23:08:50.0499 6284 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:08:50.0499 6284 Sftredir - ok
23:08:50.0515 6284 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
23:08:50.0531 6284 Sftvol - ok
23:08:50.0546 6284 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
23:08:50.0546 6284 sftvsa - ok
23:08:50.0562 6284 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:08:50.0562 6284 SharedAccess - ok
23:08:50.0593 6284 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:08:50.0609 6284 ShellHWDetection - ok
23:08:50.0624 6284 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
23:08:50.0655 6284 sisagp - ok
23:08:50.0671 6284 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:08:50.0702 6284 SiSRaid2 - ok
23:08:50.0718 6284 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:08:50.0733 6284 SiSRaid4 - ok
23:08:50.0749 6284 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:08:50.0765 6284 Smb - ok
23:08:50.0874 6284 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:08:50.0874 6284 SNMPTRAP - ok
23:08:50.0905 6284 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:08:50.0905 6284 spldr - ok
23:08:50.0952 6284 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
23:08:50.0952 6284 Spooler - ok
23:08:51.0030 6284 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
23:08:51.0061 6284 sppsvc - ok
23:08:51.0077 6284 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:08:51.0092 6284 sppuinotify - ok
23:08:51.0123 6284 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:08:51.0123 6284 srv - ok
23:08:51.0139 6284 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:08:51.0139 6284 srv2 - ok
23:08:51.0139 6284 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:08:51.0139 6284 srvnet - ok
23:08:51.0170 6284 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:08:51.0170 6284 SSDPSRV - ok
23:08:51.0186 6284 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:08:51.0186 6284 SstpSvc - ok
23:08:51.0201 6284 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:08:51.0233 6284 stexstor - ok
23:08:51.0279 6284 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
23:08:51.0295 6284 StiSvc - ok
23:08:51.0295 6284 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:08:51.0326 6284 swenum - ok
23:08:51.0342 6284 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:08:51.0357 6284 swprv - ok
23:08:51.0389 6284 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
23:08:51.0404 6284 SysMain - ok
23:08:51.0420 6284 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:08:51.0435 6284 TabletInputService - ok
23:08:51.0435 6284 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
23:08:51.0451 6284 TapiSrv - ok
23:08:51.0451 6284 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:08:51.0467 6284 TBS - ok
23:08:51.0513 6284 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:08:51.0529 6284 Tcpip - ok
23:08:51.0560 6284 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:08:51.0560 6284 TCPIP6 - ok
23:08:51.0591 6284 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:08:51.0591 6284 tcpipreg - ok
23:08:51.0607 6284 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:08:51.0607 6284 TDPIPE - ok
23:08:51.0623 6284 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:08:51.0623 6284 TDTCP - ok
23:08:51.0638 6284 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:08:51.0638 6284 tdx - ok
23:08:51.0654 6284 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:08:51.0654 6284 TermDD - ok
23:08:51.0685 6284 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
23:08:51.0685 6284 TermService - ok
23:08:51.0747 6284 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:08:51.0747 6284 Themes - ok
23:08:51.0763 6284 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:08:51.0763 6284 THREADORDER - ok
23:08:51.0794 6284 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:08:51.0794 6284 TrkWks - ok
23:08:51.0857 6284 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:08:51.0857 6284 TrustedInstaller - ok
23:08:51.0872 6284 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:08:51.0872 6284 tssecsrv - ok
23:08:51.0919 6284 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:08:51.0919 6284 tunnel - ok
23:08:51.0935 6284 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:08:51.0966 6284 uagp35 - ok
23:08:51.0981 6284 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:08:51.0981 6284 udfs - ok
23:08:51.0997 6284 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:08:51.0997 6284 UI0Detect - ok
23:08:52.0013 6284 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:08:52.0028 6284 uliagpkx - ok
23:08:52.0044 6284 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:08:52.0075 6284 umbus - ok
23:08:52.0106 6284 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:08:52.0106 6284 UmPass - ok
23:08:52.0137 6284 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:08:52.0137 6284 upnphost - ok
23:08:52.0184 6284 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:08:52.0184 6284 USBAAPL - ok
23:08:52.0215 6284 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:08:52.0231 6284 usbccgp - ok
23:08:52.0247 6284 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:08:52.0247 6284 usbcir - ok
23:08:52.0262 6284 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:08:52.0293 6284 usbehci - ok
23:08:52.0309 6284 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:08:52.0325 6284 usbhub - ok
23:08:52.0340 6284 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:08:52.0340 6284 usbohci - ok
23:08:52.0387 6284 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:08:52.0387 6284 usbprint - ok
23:08:52.0403 6284 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:08:52.0403 6284 usbscan - ok
23:08:52.0403 6284 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:08:52.0418 6284 USBSTOR - ok
23:08:52.0434 6284 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:08:52.0449 6284 usbuhci - ok
23:08:52.0465 6284 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:08:52.0465 6284 UxSms - ok
23:08:52.0481 6284 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
23:08:52.0481 6284 VaultSvc - ok
23:08:52.0512 6284 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:08:52.0512 6284 vdrvroot - ok
23:08:52.0527 6284 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
23:08:52.0543 6284 vds - ok
23:08:52.0543 6284 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:08:52.0559 6284 vga - ok
23:08:52.0574 6284 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:08:52.0574 6284 VgaSave - ok
23:08:52.0605 6284 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:08:52.0637 6284 vhdmp - ok
23:08:52.0652 6284 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
23:08:52.0668 6284 viaagp - ok
23:08:52.0683 6284 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:08:52.0683 6284 ViaC7 - ok
23:08:52.0699 6284 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:08:52.0715 6284 viaide - ok
23:08:52.0730 6284 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:08:52.0730 6284 volmgr - ok
23:08:52.0746 6284 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:08:52.0746 6284 volmgrx - ok
23:08:52.0761 6284 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:08:52.0761 6284 volsnap - ok
23:08:52.0793 6284 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:08:52.0824 6284 vsmraid - ok
23:08:52.0855 6284 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
23:08:52.0871 6284 VSS - ok
23:08:52.0886 6284 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:08:52.0886 6284 vwifibus - ok
23:08:52.0902 6284 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:08:52.0902 6284 vwififlt - ok
23:08:52.0933 6284 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:08:52.0933 6284 W32Time - ok
23:08:52.0964 6284 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:08:52.0980 6284 WacomPen - ok
23:08:52.0995 6284 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:08:52.0995 6284 WANARP - ok
23:08:52.0995 6284 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:08:52.0995 6284 Wanarpv6 - ok
23:08:53.0027 6284 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
23:08:53.0042 6284 wbengine - ok
23:08:53.0058 6284 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:08:53.0058 6284 WbioSrvc - ok
23:08:53.0089 6284 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:08:53.0089 6284 wcncsvc - ok
23:08:53.0120 6284 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:08:53.0120 6284 WcsPlugInService - ok
23:08:53.0151 6284 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:08:53.0151 6284 Wd - ok
23:08:53.0183 6284 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:08:53.0198 6284 Wdf01000 - ok
23:08:53.0214 6284 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:08:53.0214 6284 WdiServiceHost - ok
23:08:53.0229 6284 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:08:53.0229 6284 WdiSystemHost - ok
23:08:53.0261 6284 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
23:08:53.0261 6284 WebClient - ok
23:08:53.0276 6284 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:08:53.0276 6284 Wecsvc - ok
23:08:53.0292 6284 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:08:53.0292 6284 wercplsupport - ok
23:08:53.0323 6284 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:08:53.0323 6284 WerSvc - ok
23:08:53.0354 6284 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:08:53.0354 6284 WfpLwf - ok
23:08:53.0370 6284 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:08:53.0370 6284 WIMMount - ok
23:08:53.0401 6284 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:08:53.0417 6284 WinDefend - ok
23:08:53.0417 6284 WinHttpAutoProxySvc - ok
23:08:53.0463 6284 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:08:53.0479 6284 Winmgmt - ok
23:08:53.0510 6284 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
23:08:53.0526 6284 WinRM - ok
23:08:53.0573 6284 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:08:53.0588 6284 WinUsb - ok
23:08:53.0619 6284 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:08:53.0635 6284 Wlansvc - ok
23:08:53.0697 6284 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:08:53.0775 6284 wlidsvc - ok
23:08:53.0791 6284 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:08:53.0807 6284 WmiAcpi - ok
23:08:53.0838 6284 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:08:53.0838 6284 wmiApSrv - ok
23:08:53.0885 6284 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:08:53.0900 6284 WMPNetworkSvc - ok
23:08:53.0916 6284 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:08:53.0916 6284 WPCSvc - ok
23:08:53.0931 6284 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:08:53.0931 6284 WPDBusEnum - ok
23:08:53.0947 6284 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:08:53.0947 6284 ws2ifsl - ok
23:08:53.0963 6284 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
23:08:53.0978 6284 wscsvc - ok
23:08:53.0978 6284 WSearch - ok
23:08:54.0041 6284 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:08:54.0056 6284 wuauserv - ok
23:08:54.0087 6284 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:08:54.0087 6284 WudfPf - ok
23:08:54.0103 6284 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:08:54.0103 6284 WUDFRd - ok
23:08:54.0134 6284 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:08:54.0134 6284 wudfsvc - ok
23:08:54.0165 6284 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:08:54.0165 6284 WwanSvc - ok
23:08:54.0181 6284 ================ Scan global ===============================
23:08:54.0197 6284 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
23:08:54.0228 6284 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
23:08:54.0243 6284 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
23:08:54.0259 6284 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:08:54.0275 6284 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:08:54.0290 6284 [Global] - ok
23:08:54.0290 6284 ================ Scan MBR ==================================
23:08:54.0290 6284 [ C79B30CB8852157F6F908E4698CFE0D0 ] \Device\Harddisk0\DR0
23:08:56.0521 6284 \Device\Harddisk0\DR0 - ok
23:08:56.0521 6284 ================ Scan VBR ==================================
23:08:56.0521 6284 [ A96290B5401C2DA5A08BB9471D76D503 ] \Device\Harddisk0\DR0\Partition1
23:08:56.0521 6284 \Device\Harddisk0\DR0\Partition1 - ok
23:08:56.0537 6284 [ 046BBD7303F14EB983A3F0C302651470 ] \Device\Harddisk0\DR0\Partition2
23:08:56.0537 6284 \Device\Harddisk0\DR0\Partition2 - ok
23:08:56.0583 6284 [ 376B50B18DD730F4A63E4B8227F4638C ] \Device\Harddisk0\DR0\Partition3
23:08:56.0583 6284 \Device\Harddisk0\DR0\Partition3 - ok
23:08:56.0583 6284 ============================================================
23:08:56.0583 6284 Scan finished
23:08:56.0583 6284 ============================================================
23:08:56.0599 3320 Detected object count: 0
23:08:56.0599 3320 Actual detected object count: 0701

Alt 21.04.2013, 00:01   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Nochmal: Bitte die (folgenden) Logs in CODE-Tags posten, wurde anfangs schon ausführlichst beschrieben wie das geht. aswMBR lief nicht richtig, bitte nochmal wiederholen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.04.2013, 10:36   #13
tseb
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Also das aswMBR funktioniert irgendwie nicht richtig, ich denke es hängt sich nach einigen Minuten immer auf.

Zitat:
"Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja."

-> diese Frage wurde mir gar nicht gestellt. Es wurde nur von Kaspersky gemeldet, ich habe es freigegeben und dann Scan gedrückt. Die Meldung " Scan finished successfully " ist auch nicht gekommen.

Das Tool läuft einige Miunuten und bleibt dann an der Stelle wie im Anhang zu sehen stehen.
Angehängte Grafiken
Dateityp: png 123.png (96,0 KB, 186x aufgerufen)

Alt 21.04.2013, 22:52   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



Guck mal was da noch in der Anleitung stand:

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.04.2013, 22:13   #15
tseb
 
Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Standard

Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen



So, zunächst hat es sich nochmal aufgehangen. Anschließend mit der Einstellung "none" hat es funktioniert:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-20 22:44:34
-----------------------------
22:44:34.436    OS Version: Windows 6.1.7600 
22:44:34.436    Number of processors: 2 586 0x170A
22:44:34.436    ComputerName: ´XYZ  UserName: 
22:44:38.446    Initialize success
22:52:52.689    AVAST engine defs: 13042000
23:06:32.408    The log file has been saved successfully to "C:\Users\XYZ\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-22 22:55:17
-----------------------------
22:55:17.984    OS Version: Windows 6.1.7600 
22:55:17.984    Number of processors: 2 586 0x170A
22:55:17.994    ComputerName:   UserName: 
22:55:20.074    Initialize success
22:55:31.045    AVAST engine defs: 13042201
22:55:42.672    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:55:42.672    Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
22:55:43.232    Disk 0 MBR read successfully
22:55:43.232    Disk 0 MBR scan
22:55:43.604    Disk 0 unknown MBR code
22:55:43.834    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:55:44.134    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       911782 MB offset 206848
22:55:44.194    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 1867536384
22:55:44.444    Disk 0 Partition 4 00     12  Compaq diag NTFS         1025 MB offset 1951422464
22:55:44.494    Disk 0 scanning sectors +1953521664
22:55:45.314    Disk 0 scanning C:\Windows\system32\drivers
22:56:08.797    Service scanning
22:56:16.550    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:56:16.620    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
22:56:16.730    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:56:16.760    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:56:27.472    Modules scanning
22:56:45.340    Disk 0 trace - called modules:
22:56:45.380    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
22:56:45.380    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88d9d7a0]
22:56:45.390    3 CLASSPNP.SYS[8cb9359e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86edf028]
22:56:45.400    Scan finished successfully
23:08:01.143    Disk 0 MBR has been saved successfully to "C:\Users\\Desktop\MBR.dat"
23:08:01.153    The log file has been saved successfully to "C:\Users\\Desktop\aswMBR.txt"
         

Antwort

Themen zu Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen
angezeigt, betreff, bilder, comuter, ebay, erkannt, erklären, experte, folge, folgende, gelöscht, heur, heur:exploit.java.cve-2012-0507.gen, kaspersky, laden, löschen, malware, nciht, probleme, sofort, status, troja, trojaner, videos, woche, wochen, youtube



Ähnliche Themen: Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen


  1. Kaspersky findet 2 trojanische Programme (Windows 7): HEUR:Exploit.Java.CVE-2012-1723.gen und Exploit.Java.CVE-2012-1723.nh
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (14)
  2. Kaspersky erkennt HEUR:Exploit.Java.CVE-2012-0507/1723.gen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2013 (3)
  3. HEUR:Exploit.Java.CVE-2012-0507.GEN weg oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 28.04.2013 (17)
  4. Exploit:Java/CVE-2012-0507
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (3)
  5. Kasperskay meldet "Gefunden: HEUR: Exploit.Java.CVE-2012-0507.gen"
    Log-Analyse und Auswertung - 03.04.2013 (21)
  6. HEUR:Exploit.Java.CVE-2012-0507.gen
    Log-Analyse und Auswertung - 03.04.2013 (13)
  7. HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme
    Log-Analyse und Auswertung - 01.04.2013 (4)
  8. HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (40)
  9. HEUR:Exploit.Java.CVE-2012-0507.gen (von Kaspersky gefunden)
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (11)
  10. HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt
    Log-Analyse und Auswertung - 15.02.2013 (23)
  11. Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 26.01.2013 (24)
  12. HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (3)
  13. Befall durch HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (25)
  14. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  15. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  16. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Mülltonne - 11.06.2012 (0)
  17. Exploit.Java.CVE-2012-0507.be in C:\Documents and Settings\Jonathan\Appdata\LocalLow\Sun\Java [...]
    Log-Analyse und Auswertung - 16.04.2012 (8)

Zum Thema Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen - Hallo, habe vorgerstern eine vollständige Systemuntersuchung durch Kaspersky durchgeführt. Hierbei wurde folgende "Malware" gefunden: HEUR:Exploit.Java.CVE-2012-0507.gen Der Status steht auf "gefunden, nicht verarbeitet". Ich glaube unmittelbar nach der Systemuntersuchung ergänzte Kaspersky - Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen...
Archiv
Du betrachtest: Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.