| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TubeSaver1.125Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.07.2013, 16:19
| #1 |
 |  TubeSaver1.125 seit ein paar tagen werden alle möglichen seiten in firefox total komisch angezeigt: es sind wahllos worte doppelt grün unterstrichen und scheinbar mit einem pseudo-suchdienst verlinkt. weisz nicht genau, wo es hinführt, hab nicht angeklickt. bei der suche nach der ursache dieser neuen extravaganz fiel mir ein add-on auf, dass ich ganz sicher nicht installiert habe: das ding heiszt TubeSaver1.125. habs gegooglet, aber da erscheinen nur mies übersetzte seiten... sagt das irgendwem was? Habs jetzt erstmal deaktiviert und scheinbar ist zumindest diese unterstreichung damit eingestellt. |
|
30.07.2013, 16:22
| #2 |
| /// Malware-holic   | TubeSaver1.125 Hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
30.07.2013, 17:09
| #3 |
| | TubeSaver1.125 danke für die fixe antwort! hoffentlich hab ich alles richtig verstanden.
__________________hier also die dateien FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03
Ran by *** (administrator) on 30-07-2013 17:58:13
Running from C:\Users\***\Desktop
Microsoft® Windows Vista™ Home Premium (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(BitTorrent Inc.) C:\Users\***\AppData\Roaming\uTorrent\uTorrent.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\***\Desktop\Post\GnuPT\WPT\WinPT.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\GNUzwei\GnuPG\dirmngr.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
() C:\Program Files\GNUzwei\GnuPG\gpg-agent.exe
() C:\Windows\system32\lxcfcoms.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4317184 2007-02-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [118784 2007-01-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [LogitechCommunicationsManager] - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] ()
HKLM\...\Run: [LXCFCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-10-29] (Ask)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [2647872 2011-09-29] (Piriform Ltd)
HKCU\...\Run: [uTorrent] - C:\Users\***\AppData\Roaming\uTorrent\uTorrent.exe [802136 2013-05-17] (BitTorrent Inc.)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [135672 2013-06-21] (PC Utilities Pro)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -update plugin [813448 2013-05-31] (Adobe Systems Incorporated)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {03b06498-f377-11e0-82df-0013a9ca1d09} - vatra\\pecka.exe
MountPoints2: {cc37f8eb-4c55-11e1-87cc-0013a9ca1d09} - H:\Startme.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2006-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Privacy Tray.lnk
ShortcutTarget: Windows Privacy Tray.lnk -> C:\Users\***\Desktop\Post\GnuPT\WPT\WinPT.exe ()
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.sony.com/de
hxxp://www.club-vaio.com/vbc
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://partnerpage.google.com/eu.sony.com/de
hxxp://www.club-vaio.com/vbc
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKLM - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=26D400197E6BF6D8&affID=120692&tt=160713_91114&tsp=4946
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=26D400197E6BF6D8&affID=120692&tt=160713_91114&tsp=4946
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=86f68a40-1cd0-4ecd-a9ee-2d3b7e0db83c&apn_sauid=B4A21FB3-6BDC-4104-8C1A-CAEEC57C9EF0
BHO: No Name - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: TubeSaver - {57F2FC14-BE99-4DFB-B9F1-2458A4F496AB} - C:\Program Files\TubeSaver\125.dll (istqt Soft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: TubeSaver - {E7673D9C-270D-4805-B619-5556A9977909} - C:\Program Files\TubeSaver\116.dll No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 27 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: inforiot.de
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=86f68a40-1cd0-4ecd-a9ee-2d3b7e0db83c&apn_ptnrs=%5EAGS&apn_sauid=B4A21FB3-6BDC-4104-8C1A-CAEEC57C9EF0&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\searchplugins\delta.xml
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: DoNotTrackMe - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\donottrackplus@abine.com
FF Extension: Delta Toolbar - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\ffxtlbr@delta.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\ich@maltegoetz.de
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\toolbar@ask.com
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [Tubesaver@istqt.co] C:\Program Files\TubeSaver\125.xpi
FF Extension: No Name - C:\Program Files\TubeSaver\125.xpi
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
S2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-11-17] (Symantec Corporation)
R2 DirMngr; C:\Program Files\GNUzwei\GnuPG\dirmngr.exe [224256 2011-03-02] ()
S3 ISPwdSvc; C:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-11-17] (Symantec Corporation)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
R3 lxcf_device; C:\Windows\system32\lxcfcoms.exe [491520 2005-04-15] ()
R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [28933976 2007-02-05] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2007-02-05] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [57344 2006-12-14] ()
S3 Sony Ericsson PCComp***on; C:\Program Files\Sony Ericsson\Sony Ericsson PC Comp***on\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-11-17] (Symantec Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-01-10] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [182392 2007-02-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-11-28] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [172032 2006-11-28] (Sony Corporation)
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2006-11-28] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
S3 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [202872 2006-11-17] (Symantec Corporation)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-10-12] (Malwarebytes Corporation)
S3 QCDonner; C:\Windows\System32\DRIVERS\LVCD.sys [474304 2004-04-26] (Logitech Inc.)
R3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [27520 2007-02-06] (Sony Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2007-02-26] (Symantec Corporation)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [807424 2007-02-08] (Texas Instruments)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-30 17:58 - 2013-07-30 17:58 - 00000000 ____D C:\FRST
2013-07-30 17:57 - 2013-07-30 17:57 - 01222114 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-26 16:25 - 2013-07-26 16:25 - 00000000 ____D C:\Users\***\Desktop\sampler
2013-07-23 13:26 - 2013-07-23 13:26 - 00000000 ____D C:\Program Files\TubeSaver
2013-07-19 12:24 - 2013-07-19 12:24 - 00000075 _____ C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-17 17:24 - 2013-07-17 17:25 - 00637534 _____ C:\Users\***\Documents\SMS Konversationen.html
2013-07-17 13:45 - 2013-07-17 13:45 - 00480657 _____ C:\Users\***\Documents\Backup ***phone 2013-07-17.mpb
2013-07-17 13:38 - 2013-07-17 13:38 - 00000000 ____D C:\Users\***\.android
2013-07-17 13:37 - 2013-07-17 13:37 - 00000000 ____D C:\Users\***\AppData\Roaming\Optimizer Pro
2013-07-17 13:37 - 2013-07-17 13:37 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-07-17 13:36 - 2013-07-26 13:26 - 00000344 _____ C:\Windows\Tasks\TubeSaver Update.job
2013-07-17 13:36 - 2013-07-23 20:55 - 00000000 ____D C:\Users\***\AppData\Roaming\MyPhoneExplorer
2013-07-17 13:36 - 2013-07-17 13:36 - 00001854 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-17 13:36 - 2013-07-17 13:36 - 00000000 ____D C:\Users\***\AppData\Roaming\BabSolution
2013-07-17 13:36 - 2013-07-17 13:36 - 00000000 ____D C:\Program Files\Delta
2013-07-17 13:35 - 2013-07-17 13:36 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-07-17 13:35 - 2013-07-17 13:35 - 00000000 ____D C:\Users\***\AppData\Roaming\Babylon
2013-07-17 13:35 - 2013-07-17 13:35 - 00000000 ____D C:\ProgramData\Babylon
2013-07-17 13:31 - 2013-07-17 13:31 - 07134488 _____ C:\Users\***\Downloads\MyPhoneExplorer_Setup_1.8.4.exe
2013-07-17 13:17 - 2013-07-17 13:18 - 00008767 _____ C:\Windows\WindowsUpdate.log
2013-07-13 14:26 - 2013-07-13 14:26 - 00000022 _____ C:\Windows\S.dirmngr
2013-07-01 21:42 - 2013-07-13 21:48 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2013-07-30 17:57 - 2013-07-30 17:57 - 01222114 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-30 17:55 - 2013-02-22 17:15 - 00000000 ____D C:\Users\***\AppData\Roaming\uTorrent
2013-07-30 17:52 - 2006-11-02 14:47 - 00003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 17:52 - 2006-11-02 14:47 - 00003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 08:34 - 2011-10-22 21:42 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-28 16:29 - 2013-03-20 21:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-28 14:34 - 2011-10-22 21:42 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 16:25 - 2013-07-26 16:25 - 00000000 ____D C:\Users\***\Desktop\sampler
2013-07-26 13:26 - 2013-07-17 13:36 - 00000344 _____ C:\Windows\Tasks\TubeSaver Update.job
2013-07-24 18:13 - 2011-10-11 13:36 - 00000000 ___RD C:\Users\***\Desktop\#1
2013-07-24 18:02 - 2013-01-24 16:14 - 00000000 ____D C:\Users\***\Desktop\gesammelt
2013-07-23 20:55 - 2013-07-17 13:36 - 00000000 ____D C:\Users\***\AppData\Roaming\MyPhoneExplorer
2013-07-23 13:26 - 2013-07-23 13:26 - 00000000 ____D C:\Program Files\TubeSaver
2013-07-21 22:31 - 2013-03-20 22:01 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-21 21:49 - 2011-10-10 21:38 - 00000000 ____D C:\Users\***\AppData\Roaming\Winamp
2013-07-19 12:24 - 2013-07-19 12:24 - 00000075 _____ C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-19 12:01 - 2006-11-02 12:33 - 01617722 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-17 17:25 - 2013-07-17 17:24 - 00637534 _____ C:\Users\***\Documents\SMS Konversationen.html
2013-07-17 13:45 - 2013-07-17 13:45 - 00480657 _____ C:\Users\***\Documents\Backup ***phone 2013-07-17.mpb
2013-07-17 13:38 - 2013-07-17 13:38 - 00000000 ____D C:\Users\***\.android
2013-07-17 13:38 - 2011-10-10 21:11 - 00000000 ____D C:\Users\***
2013-07-17 13:37 - 2013-07-17 13:37 - 00000000 ____D C:\Users\***\AppData\Roaming\Optimizer Pro
2013-07-17 13:37 - 2013-07-17 13:37 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-07-17 13:36 - 2013-07-17 13:36 - 00001854 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-17 13:36 - 2013-07-17 13:36 - 00000000 ____D C:\Users\***\AppData\Roaming\BabSolution
2013-07-17 13:36 - 2013-07-17 13:36 - 00000000 ____D C:\Program Files\Delta
2013-07-17 13:36 - 2013-07-17 13:35 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-07-17 13:35 - 2013-07-17 13:35 - 00000000 ____D C:\Users\***\AppData\Roaming\Babylon
2013-07-17 13:35 - 2013-07-17 13:35 - 00000000 ____D C:\ProgramData\Babylon
2013-07-17 13:31 - 2013-07-17 13:31 - 07134488 _____ C:\Users\***\Downloads\MyPhoneExplorer_Setup_1.8.4.exe
2013-07-17 13:18 - 2013-07-17 13:17 - 00008767 _____ C:\Windows\WindowsUpdate.log
2013-07-13 22:00 - 2013-01-24 14:01 - 00000000 ____D C:\Users\***\AppData\Roaming\gnupg
2013-07-13 21:48 - 2013-07-01 21:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-07-13 21:48 - 2012-04-27 18:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-13 14:26 - 2013-07-13 14:26 - 00000022 _____ C:\Windows\S.dirmngr
2013-07-13 14:26 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 14:25 - 2006-11-02 15:01 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 12:34 - 2012-07-29 15:06 - 00000000 ____D C:\Users\***\Desktop\haus4_WiLMa
2013-07-04 20:13 - 2013-05-26 16:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-01 19:27 - 2012-02-24 12:14 - 00002161 _____ C:\lxcf.log
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4061229319-778602753-3459304342-1003\$35e98341865a7168209c0b91755073f5
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$35e98341865a7168209c0b91755073f5
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2006-11-02 10:47] - [2006-11-02 11:45] - 2923520 ____A (Microsoft Corporation) FD8C53FB002217F6F888BCF6F5D7084D
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 10:38] - [2006-11-02 11:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 10:52] - [2006-11-02 11:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6
LastRegBack: 2013-07-13 14:34
==================== End Of Log ============================
--- --- --- und hier der rest: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2013 03
Ran by *** at 2013-07-30 17:58:39
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
µTorrent (Version: 3.3.0.29625)
7-Zip 9.20
Adobe Acrobat 6.0 Professional - English, Français, Deutsch (Version: 006.000.000)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Flash Player 9 ActiveX (Version: 9)
Alps Pointing-device for VAIO
AppCore (Version: 1)
Apple Application Support (Version: 1.1.0)
Apple Software Update (Version: 2.1.1.116)
Ask Toolbar (Version: 1.15.11.0)
Avira Free Antivirus (Version: 13.0.0.3884)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.3.30498)
BitTorrent (Version: 7.6.0)
Browser Address Error Redirector
ccCommon (Version: 106.1.1.4)
CCleaner (Version: 3.11)
Click to DVD 2.0.05 Menu Data (Version: 2.0.05)
Click to DVD 2.6.00 (Version: 2.6.00)
Delta Chrome Toolbar
Delta toolbar (Version: 1.8.21.5)
DivX-Setup (Version: 2.6.1.5)
Dropbox (HKCU Version: 2.0.22)
FUJIFILM MyFinePix Studio 3.1
GenoPro 2.5.4.1
GnuPT Version 4.5.0 (Version: 4.5.0)
Google Update Helper (Version: 1.3.21.153)
Gpg4win (2.1.0) (Version: 2.1.0)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only) (Version: 4.27)
Java Auto Updater (Version: 2.1.6.0)
Java(TM) 7 Update 5 (Version: 7.0.50)
Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0)
JavaFX 2.1.1 (Version: 2.1.1)
LAN-Express AS IEEE 802.11 Wireless LAN (Version: 7.1.0.116)
Lexmark 730 Series
Logitech QuickCam (Version: 11.50.1169)
Logitech QuickCam-Treiberpaket
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) (Version: 9.1.2047.00)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0822)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)
MSRedist (Version: 1.0.0.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MyPhoneExplorer (Version: 1.8.4)
Nokia Connectivity Cable Driver (Version: 7.1.69.0)
Nokia PC Suite (Version: 7.1.180.46)
Norton Internet Security (Symantec Corporation) (Version: 10.1.0.26)
Norton Internet Security (Version: 10.1.0.26)
OpenMG Limited Patch 4.7-07-13-24-01
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
OpenOffice.org 3.4 (Version: 3.4.9590)
Optimizer Pro v3.0 (Version: 3.0)
PC Connectivity Solution (Version: 11.5.22.0)
QuickTime (Version: 7.65.17.80)
RAF (Version: 1.00.0001)
RAW FILE CONVERTER EX powered by SILKYPIX (Version: 3)
Realtek High Definition Audio Driver (Version: 6.0.1.5350)
Setting Utility Series (Version: 2.1.00.13300)
Skype™ 5.5 (Version: 5.5.124)
Sony Ericsson PC Comp***on 2.02.015 (Version: 2.02.015)
Sony Ericsson Update Engine (Version: 2.12.2.14)
Sony Utilities DLL (Version: 7.1.00.13300)
Sony Video Shared Library (Version: 3.1.03)
SymNet (Version: 7.1.0.27)
System Progressive Protection
TubeSaver
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.2047.00)
VAIO Aqua Breeze Wallpaper (Version: 1.0.11.13240)
VAIO Control Center (Version: 2.0.00.11060)
VAIO Cozy Orange Wallpaper (Version: 1.0.11.13240)
VAIO Data Restore Tool (Version: 1.0.01.02070)
VAIO Entertainment Platform (Version: 2.0.02.13290)
VAIO Event Service (Version: 3.1.00.14130)
VAIO Hardware Diagnostics
VAIO Media (Version: 6.0.10)
VAIO Media 6.0 (Version: 6.0.10)
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.0
VAIO Media Redistribution 6.0 (Version: 6.0.10)
VAIO Media Registration Tool (Version: 6.0.10)
VAIO Media Registration Tool 6.0 (Version: 6.0.10)
VAIO Original Screen Saver
VAIO Photo 2007 (Version: 1.0.01.01250)
VAIO Power Management (Version: 2.1.00.14090)
VAIO Tender Green Wallpaper (Version: 1.0.11.10180)
VAIO Update 3 (Version: 3.0.01.02050)
VAIO Video & Photo Suite (Version: 1.1.00.13301)
VAIO Video & Photo Suite (Version: 1.1.00.13301)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 1.1.11 (Version: 1.1.11)
Winamp (Version: 5.581 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinDVD for VAIO (Version: 8.0-B6.113)
Wireless Switch Setting Utility (Version: 3.6.00.13120)
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)
==================== Restore Points =========================
13-07-2013 13:28:57 Geplanter Prüfpunkt
14-07-2013 17:42:07 Geplanter Prüfpunkt
15-07-2013 22:00:02 Geplanter Prüfpunkt
16-07-2013 22:00:03 Geplanter Prüfpunkt
19-07-2013 08:30:37 Geplanter Prüfpunkt
20-07-2013 22:00:03 Geplanter Prüfpunkt
22-07-2013 09:26:50 Geplanter Prüfpunkt
22-07-2013 22:00:03 Geplanter Prüfpunkt
23-07-2013 22:00:03 Geplanter Prüfpunkt
24-07-2013 22:00:04 Geplanter Prüfpunkt
25-07-2013 22:00:03 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1790BB7F-6CAC-419E-8708-1010A37C4899} - System32\Tasks\MCVRegistrationReminder1 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {20063BB2-142A-4A27-8DB6-2A7CECF16876} - System32\Tasks\MCVSurveyReminder2 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {2D69436B-2541-437B-BB11-11D958EF676E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.)
Task: {2E4F4B73-42D7-4E23-9129-3BB1661779DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {3095EE8B-AEBA-424A-B760-6FE0896C1DBC} - System32\Tasks\TubeSaver Update => C:\Program Files\TubeSaver\tbsUd.exe [2013-07-22] (istqt Soft)
Task: {34B81208-03DF-4BB1-BE9F-9266FC7BBB5D} - System32\Tasks\MCVSurveyReminder4 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {38FCB278-DF31-4B26-96A3-A50AA27C5D26} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {42285F7C-E8A0-442A-A956-F633B71CF827} - System32\Tasks\MCVRegistrationReminder3 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {621FB1B7-0A9E-4150-9C13-9B5890F43C9E} - System32\Tasks\MCVSurveyReminder3 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {6D4FFB42-42B5-4AE2-A53D-BE89BB30B41F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-10-29] ()
Task: {6F1FE12A-67CD-43B3-B0E7-BC084D32CEC0} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [2007-02-05] (Sony Corporation)
Task: {74A56C0B-3DC2-4FDF-9B23-B104E0729A9D} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2006-11-02] (Microsoft Corp.)
Task: {8ADDCA81-5434-48D3-AD74-6F928888FDFE} - System32\Tasks\MCVSurveyReminder1 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {910A2C64-2C5F-4F0E-8DE5-1BDA6BE72619} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.)
Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2006-11-02] (Microsoft Corporation)
Task: {AEE7196D-A740-4A19-B9D7-8CFAD1CFD86A} - System32\Tasks\LaunchMCV => C:\Windows\System32\DeleteLauncher.vbs No File
Task: {AF79E16A-9937-460E-82B8-929679BA725A} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-01-11] (Sony Corporation)
Task: {BAC5A039-AC3B-410D-8279-5F3996DFB957} - System32\Tasks\MCVRegistrationReminder2 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {CA1C91DE-389D-4921-B7F9-D1EB6A9438BC} - System32\Tasks\MCVRegistrationReminder4 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {F116675D-DA8A-463E-8DD2-2403FC639BF0} - System32\Tasks\EPUpdater => C:\Users\***\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\TubeSaver Update.job => C:\Program Files\TubeSaver\tbsUd.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/21/2013 09:49:26 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung winamp.exe, Version 5.5.8.2985, Zeitstempel 0x4c3b43ea, fehlerhaftes Modul winamp.exe, Version 5.5.8.2985, Zeitstempel 0x4c3b43ea, Ausnahmecode 0xc0000005, Fehleroffset 0x0003fa19,
Prozess-ID 0x431c, Anwendungsstartzeit winamp.exe0.
Error: (05/20/2013 06:37:06 PM) (Source: System Restore) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).
Error: (05/20/2013 06:37:06 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Hr = 0x81000101).
Error: (03/21/2013 00:55:41 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung lxcfcoms.exe, Version 1.154.7.0, Zeitstempel 0x42602ef0, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x002300c9,
Prozess-ID 0x14d8, Anwendungsstartzeit lxcfcoms.exe0.
Error: (02/25/2013 10:07:19 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 18.0.2.4780 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 13b0
Anfangszeit: 01ce0e1b3a0cd360
Zeitpunkt der Beendigung: 314
Error: (02/16/2013 00:53:57 PM) (Source: MsiInstaller) (User: ***-pc)
Description: Produkt: Adobe Acrobat 6.0 Professional - English, Français, Deutsch -- Fehler 1706. Für das Produkt Adobe Acrobat 6.0 Professional - English, Français, Deutsch wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets "AcroPro.msi".
Error: (02/06/2013 05:35:14 PM) (Source: System Restore) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).
Error: (02/06/2013 05:35:14 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Hr = 0x81000101).
Error: (02/06/2013 05:29:40 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "\\?\Volume{cdd21cca-f371-11e0-ab69-806e6f6e6963}\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000], Leerung[0x00000000], Freigabe[0x80042314], Ausführung[0x00000000].
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (01/24/2013 04:44:57 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
System errors:
=============
Error: (07/13/2013 02:26:46 PM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker hp psc 1300 series nicht unter dem Namen hp psc 1300 series freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.
Error: (07/10/2013 04:16:21 PM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse 0013A9CA1D09 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (07/01/2013 09:30:44 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman
Error: (07/01/2013 07:30:41 PM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE
Error: (07/01/2013 07:30:41 PM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE
Error: (07/01/2013 07:30:41 PM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060
Error: (07/01/2013 07:30:41 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (07/01/2013 07:29:09 PM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker hp psc 1300 series nicht unter dem Namen hp psc 1300 series freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.
Error: (07/01/2013 07:27:57 PM) (Source: Service Control Manager) (User: )
Description: lxcf_device%%1053
Error: (07/01/2013 07:27:57 PM) (Source: Service Control Manager) (User: )
Description: 30000lxcf_device
Microsoft Office Sessions:
=========================
Error: (07/21/2013 09:49:26 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.8.29854c3b43eawinamp.exe5.5.8.29854c3b43eac00000050003fa19431c01ce86110b271600
Error: (05/20/2013 06:37:06 PM) (Source: System Restore)(User: )
Description: 0x81000101
Error: (05/20/2013 06:37:06 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x81000101
Error: (03/21/2013 00:55:41 AM) (Source: Application Error)(User: )
Description: lxcfcoms.exe1.154.7.042602ef0unknown0.0.0.000000000c0000005002300c914d801ce25be06391687
Error: (02/25/2013 10:07:19 PM) (Source: Application Hang)(User: )
Description: firefox.exe18.0.2.478013b001ce0e1b3a0cd360314
Error: (02/16/2013 00:53:57 PM) (Source: MsiInstaller)(User: ***-pc)
Description: Produkt: Adobe Acrobat 6.0 Professional - English, Français, Deutsch -- Fehler 1706. Für das Produkt Adobe Acrobat 6.0 Professional - English, Français, Deutsch wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets "AcroPro.msi".(NULL)(NULL)(NULL)(NULL)
Error: (02/06/2013 05:35:14 PM) (Source: System Restore)(User: )
Description: 0x81000101
Error: (02/06/2013 05:35:14 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x81000101
Error: (02/06/2013 05:29:40 PM) (Source: VSS)(User: )
Description: \\?\Volume{cdd21cca-f371-11e0-ab69-806e6f6e6963}\00x000000000x000000000x800423140x00000000
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (01/24/2013 04:44:57 PM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
==================== Memory info ===========================
Percentage of memory in use: 57%
Total physical RAM: 2037.56 MB
Available physical RAM: 859.87 MB
Total Pagefile: 4292.69 MB
Available Pagefile: 2709.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.23 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:102.48 GB) (Free:40.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 64D81BAE)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=102 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
31.07.2013, 12:31
| #4 |
| /// Malware-holic | TubeSaver1.125 Hi, es sind 2 Logs zu erstellen, poste diese möglichst gleichzeitig. 1. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
2. 2. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.07.2013, 19:38
| #5 |
| | TubeSaver1.125 so. ohne zu verstehen warum u was da vorgeht... Code:
ATTFilter 19:51:04.0452 6308 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:51:04.0753 6308 ============================================================
19:51:04.0753 6308 Current date / time: 2013/07/31 19:51:04.0753
19:51:04.0753 6308 SystemInfo:
19:51:04.0753 6308
19:51:04.0753 6308 OS Version: 6.0.6000 ServicePack: 0.0
19:51:04.0753 6308 Product type: Workstation
19:51:04.0753 6308 ComputerName: ***-PC
19:51:04.0753 6308 UserName: ***
19:51:04.0753 6308 Windows directory: C:\Windows
19:51:04.0753 6308 System windows directory: C:\Windows
19:51:04.0753 6308 Processor architecture: Intel x86
19:51:04.0753 6308 Number of processors: 2
19:51:04.0753 6308 Page size: 0x1000
19:51:04.0753 6308 Boot type: Normal boot
19:51:04.0753 6308 ============================================================
19:51:06.0686 6308 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:51:06.0690 6308 ============================================================
19:51:06.0690 6308 \Device\Harddisk0\DR0:
19:51:06.0690 6308 MBR partitions:
19:51:06.0690 6308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12A0800, BlocksNum 0xCCF3800
19:51:06.0690 6308 ============================================================
19:51:06.0771 6308 C: <-> \Device\Harddisk0\DR0\Partition1
19:51:06.0771 6308 ============================================================
19:51:06.0771 6308 Initialize success
19:51:06.0771 6308 ============================================================
19:51:15.0488 5420 ============================================================
19:51:15.0488 5420 Scan started
19:51:15.0488 5420 Mode: Manual; SigCheck; TDLFS;
19:51:15.0488 5420 ============================================================
19:51:16.0466 5420 ================ Scan system memory ========================
19:51:16.0466 5420 System memory - ok
19:51:16.0466 5420 ================ Scan services =============================
19:51:16.0634 5420 [ 192BDBD1540645C4A2AA69F24CCE197F ] ACPI C:\Windows\system32\drivers\acpi.sys
19:51:16.0760 5420 ACPI - ok
19:51:16.0796 5420 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:51:16.0822 5420 adp94xx - ok
19:51:16.0853 5420 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:51:16.0871 5420 adpahci - ok
19:51:16.0908 5420 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:51:16.0920 5420 adpu160m - ok
19:51:16.0981 5420 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:51:16.0996 5420 adpu320 - ok
19:51:17.0042 5420 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:51:17.0131 5420 AeLookupSvc - ok
19:51:17.0154 5420 [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD C:\Windows\system32\drivers\afd.sys
19:51:17.0286 5420 AFD - ok
19:51:17.0351 5420 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:51:17.0361 5420 agp440 - ok
19:51:17.0390 5420 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:51:17.0403 5420 aic78xx - ok
19:51:17.0427 5420 [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG C:\Windows\System32\alg.exe
19:51:17.0497 5420 ALG - ok
19:51:17.0505 5420 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
19:51:17.0515 5420 aliide - ok
19:51:17.0533 5420 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:51:17.0544 5420 amdagp - ok
19:51:17.0563 5420 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
19:51:17.0574 5420 amdide - ok
19:51:17.0595 5420 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:51:17.0675 5420 AmdK7 - ok
19:51:17.0703 5420 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:51:17.0779 5420 AmdK8 - ok
19:51:17.0900 5420 [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:51:17.0909 5420 AntiVirSchedulerService - ok
19:51:17.0944 5420 [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:51:17.0954 5420 AntiVirService - ok
19:51:17.0999 5420 [ 53DDEA96AA407C3E2BCEF68A44E31A59 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:51:18.0048 5420 AntiVirWebService - ok
19:51:18.0116 5420 [ 7C2F57BCE81FA74933F0E1C84A97C9DB ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:51:18.0168 5420 ApfiltrService - ok
19:51:18.0239 5420 [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo C:\Windows\System32\appinfo.dll
19:51:18.0317 5420 Appinfo - ok
19:51:18.0481 5420 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
19:51:18.0550 5420 arc - ok
19:51:18.0852 5420 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:51:18.0864 5420 arcsas - ok
19:51:18.0903 5420 [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:19.0000 5420 AsyncMac - ok
19:51:19.0023 5420 [ 4F4FCB8B6EA06784FB6D475B7EC7300F ] atapi C:\Windows\system32\drivers\atapi.sys
19:51:19.0032 5420 atapi - ok
19:51:19.0071 5420 [ B600E2C287E9FB70FFBD7CC103C10BEE ] athr C:\Windows\system32\DRIVERS\athr.sys
19:51:19.0159 5420 athr - ok
19:51:19.0219 5420 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:51:19.0282 5420 AudioEndpointBuilder - ok
19:51:19.0290 5420 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:51:19.0350 5420 Audiosrv - ok
19:51:19.0400 5420 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:51:19.0431 5420 avgntflt - ok
19:51:19.0465 5420 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:51:19.0476 5420 avipbb - ok
19:51:19.0493 5420 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:51:19.0503 5420 avkmgr - ok
19:51:19.0564 5420 [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep C:\Windows\system32\drivers\Beep.sys
19:51:19.0642 5420 Beep - ok
19:51:19.0653 5420 blbdrive - ok
19:51:19.0693 5420 [ 913CD06FBE9105CE6077E90FD4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:51:19.0780 5420 bowser - ok
19:51:19.0814 5420 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:51:19.0895 5420 BrFiltLo - ok
19:51:19.0921 5420 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:51:19.0977 5420 BrFiltUp - ok
19:51:20.0013 5420 [ BEB6470532B7461D7BB426E3FACB424F ] Browser C:\Windows\System32\browser.dll
19:51:20.0094 5420 Browser - ok
19:51:20.0182 5420 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:51:20.0240 5420 Brserid - ok
19:51:20.0274 5420 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:51:20.0354 5420 BrSerWdm - ok
19:51:20.0377 5420 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:51:20.0460 5420 BrUsbMdm - ok
19:51:20.0491 5420 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:51:20.0572 5420 BrUsbSer - ok
19:51:20.0600 5420 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:51:20.0671 5420 BTHMODEM - ok
19:51:20.0779 5420 [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
19:51:20.0789 5420 ccEvtMgr - ok
19:51:20.0794 5420 [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
19:51:20.0803 5420 ccSetMgr - ok
19:51:20.0828 5420 [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:51:20.0903 5420 cdfs - ok
19:51:20.0955 5420 [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:51:21.0012 5420 cdrom - ok
19:51:21.0039 5420 [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc C:\Windows\System32\certprop.dll
19:51:21.0114 5420 CertPropSvc - ok
19:51:21.0146 5420 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
19:51:21.0202 5420 circlass - ok
19:51:21.0223 5420 [ 51B4B82560E49C415AE5B1337D635C3F ] CLFS C:\Windows\system32\CLFS.sys
19:51:21.0240 5420 CLFS - ok
19:51:21.0317 5420 [ D3BF342F47996E18490970FCFB8126A8 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:51:21.0348 5420 clr_optimization_v2.0.50727_32 - ok
19:51:21.0379 5420 [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] CLTNetCnService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
19:51:21.0388 5420 CLTNetCnService - ok
19:51:21.0412 5420 [ 0FED59EDB4A83FF17F1778827B88AB1A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:51:21.0492 5420 CmBatt - ok
19:51:21.0532 5420 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:51:21.0542 5420 cmdide - ok
19:51:21.0604 5420 [ 7CE352882828C12DD7632B172253A02C ] comHost C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
19:51:21.0613 5420 comHost - ok
19:51:21.0639 5420 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:51:21.0649 5420 Compbatt - ok
19:51:21.0655 5420 COMSysApp - ok
19:51:21.0662 5420 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:51:21.0672 5420 crcdisk - ok
19:51:21.0685 5420 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:51:21.0764 5420 Crusoe - ok
19:51:21.0813 5420 [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:51:21.0872 5420 CryptSvc - ok
19:51:21.0930 5420 [ B46D8EA6DD30BAA49F674DACDC4C491F ] DcomLaunch C:\Windows\system32\rpcss.dll
19:51:22.0045 5420 DcomLaunch - ok
19:51:22.0077 5420 [ A7179DE59AE269AB70345527894CCD7C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:51:22.0132 5420 DfsC - ok
19:51:22.0281 5420 [ E0D584AA76C7D845BA9F3A788260528F ] DFSR C:\Windows\system32\DFSR.exe
19:51:22.0384 5420 DFSR - ok
19:51:22.0443 5420 [ 17210D8064EC116A3FC6B5E45E577D43 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:51:22.0572 5420 Dhcp - ok
19:51:22.0645 5420 [ 4F26BB00747D41E7C0FE8EBB2900F862 ] DirMngr C:\Program Files\GNUzwei\GnuPG\dirmngr.exe
19:51:22.0672 5420 DirMngr ( UnsignedFile.Multi.Generic ) - warning
19:51:22.0672 5420 DirMngr - detected UnsignedFile.Multi.Generic (1)
19:51:22.0725 5420 [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk C:\Windows\system32\drivers\disk.sys
19:51:22.0737 5420 disk - ok
19:51:22.0859 5420 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
19:51:22.0870 5420 DMICall - ok
19:51:22.0918 5420 [ 7EF78529439683570884F9308A02EC11 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:51:23.0042 5420 Dnscache - ok
19:51:23.0146 5420 [ 1F795D214820E496BF1124434A6DB546 ] dot3svc C:\Windows\System32\dot3svc.dll
19:51:23.0240 5420 dot3svc - ok
19:51:23.0276 5420 [ 8EF243E3BAF1AB4F6202EDEB8890319B ] DPS C:\Windows\system32\dps.dll
19:51:23.0361 5420 DPS - ok
19:51:23.0404 5420 [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:51:23.0490 5420 drmkaud - ok
19:51:23.0621 5420 [ F032A2F91287A0B800891C7BEF9CA7A8 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:51:23.0697 5420 DXGKrnl - ok
19:51:23.0918 5420 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:51:24.0026 5420 E1G60 - ok
19:51:24.0174 5420 [ 90A0A875642E18618010645311B4E89E ] EapHost C:\Windows\System32\eapsvc.dll
19:51:24.0290 5420 EapHost - ok
19:51:24.0333 5420 [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache C:\Windows\system32\drivers\ecache.sys
19:51:24.0345 5420 Ecache - ok
19:51:24.0407 5420 [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:51:24.0446 5420 ehRecvr - ok
19:51:24.0471 5420 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:51:24.0505 5420 ehSched - ok
19:51:24.0544 5420 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:51:24.0591 5420 ehstart - ok
19:51:24.0636 5420 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:51:24.0655 5420 elxstor - ok
19:51:24.0705 5420 [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:51:24.0835 5420 EMDMgmt - ok
19:51:24.0917 5420 [ DFB250BAC1A9108ABD777EA181E32015 ] EventSystem C:\Windows\system32\es.dll
19:51:25.0056 5420 EventSystem - ok
19:51:25.0100 5420 [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:51:25.0158 5420 fastfat - ok
19:51:25.0177 5420 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:51:25.0259 5420 fdc - ok
19:51:25.0298 5420 [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost C:\Windows\system32\fdPHost.dll
19:51:25.0382 5420 fdPHost - ok
19:51:25.0427 5420 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:51:25.0500 5420 FDResPub - ok
19:51:25.0545 5420 [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:51:25.0556 5420 FileInfo - ok
19:51:25.0572 5420 [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:51:25.0665 5420 Filetrace - ok
19:51:25.0704 5420 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:51:25.0759 5420 flpydisk - ok
19:51:25.0779 5420 [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:51:25.0794 5420 FltMgr - ok
19:51:25.0873 5420 [ 7EF57375636991F794BF40B522A8E7EF ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:51:25.0924 5420 FontCache3.0.0.0 - ok
19:51:25.0949 5420 [ 1ED8599E1E08BA40F2B7301F0B83583A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:51:26.0025 5420 Fs_Rec - ok
19:51:26.0059 5420 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:51:26.0069 5420 gagp30kx - ok
19:51:26.0105 5420 [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc C:\Windows\System32\gpsvc.dll
19:51:26.0162 5420 gpsvc - ok
19:51:26.0292 5420 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:51:26.0303 5420 gupdate - ok
19:51:26.0310 5420 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:51:26.0319 5420 gupdatem - ok
19:51:26.0396 5420 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:51:26.0457 5420 HdAudAddService - ok
19:51:26.0479 5420 [ FFB271303BA3C59D9C97B7AF1175DE95 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:51:26.0532 5420 HDAudBus - ok
19:51:26.0555 5420 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:51:26.0634 5420 HidBth - ok
19:51:26.0662 5420 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:51:26.0745 5420 HidIr - ok
19:51:26.0789 5420 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
19:51:26.0870 5420 hidserv - ok
19:51:26.0909 5420 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:51:26.0985 5420 HidUsb - ok
19:51:27.0026 5420 [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc C:\Windows\system32\kmsvc.dll
19:51:27.0082 5420 hkmsvc - ok
19:51:27.0096 5420 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:51:27.0107 5420 HpCISSs - ok
19:51:27.0182 5420 [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:51:27.0255 5420 HSF_DPV - ok
19:51:27.0293 5420 [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:51:27.0336 5420 HSXHWAZL - ok
19:51:27.0372 5420 [ F31D27CCF514549A17E79BEBE01B40B6 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:51:27.0440 5420 HTTP - ok
19:51:27.0494 5420 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:51:27.0504 5420 i2omp - ok
19:51:27.0545 5420 [ 1060F1377F395A242E27719440ECE602 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:51:27.0626 5420 i8042prt - ok
19:51:27.0666 5420 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:51:27.0683 5420 iaStorV - ok
19:51:27.0746 5420 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:51:27.0772 5420 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:51:27.0772 5420 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:51:27.0885 5420 [ 6D1D3CAB85BA0C63CB83296A8A1825F9 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:51:27.0923 5420 idsvc - ok
19:51:28.0073 5420 [ 78432A57D085328CF8BAF125985425D2 ] IDSvix86 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys
19:51:28.0087 5420 IDSvix86 - ok
19:51:28.0198 5420 [ A4FBA5B34E69E46315A7C5223A470A17 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:51:28.0290 5420 igfx - ok
19:51:28.0338 5420 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:51:28.0348 5420 iirsp - ok
19:51:28.0396 5420 [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT C:\Windows\System32\ikeext.dll
19:51:28.0462 5420 IKEEXT - ok
19:51:28.0620 5420 [ C61B3B87F3856CEF0C9F204028C6860D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:51:28.0750 5420 IntcAzAudAddService - ok
19:51:28.0803 5420 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
19:51:28.0813 5420 intelide - ok
19:51:28.0856 5420 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:51:28.0934 5420 intelppm - ok
19:51:29.0006 5420 [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:51:29.0066 5420 IPBusEnum - ok
19:51:29.0092 5420 [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:51:29.0148 5420 IpFilterDriver - ok
19:51:29.0154 5420 IpInIp - ok
19:51:29.0166 5420 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:51:29.0252 5420 IPMIDRV - ok
19:51:29.0387 5420 [ 10077C35845101548037DF04FD1A420B ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:51:29.0566 5420 IPNAT - ok
19:51:29.0638 5420 [ A82F328F4792304184642D6D397BB1E3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:51:29.0759 5420 IRENUM - ok
19:51:29.0795 5420 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:51:29.0805 5420 isapnp - ok
19:51:29.0839 5420 [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:51:29.0851 5420 iScsiPrt - ok
19:51:29.0907 5420 [ 36474FDE02F8422B8B1A52EAD9894DBC ] ISPwdSvc C:\Program Files\Norton Internet Security\isPwdSvc.exe
19:51:29.0916 5420 ISPwdSvc - ok
19:51:29.0939 5420 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:51:29.0949 5420 iteatapi - ok
19:51:29.0989 5420 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:51:29.0999 5420 iteraid - ok
19:51:30.0016 5420 [ 1A48765F92BA1A88445FC25C9C9D94FC ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:51:30.0027 5420 kbdclass - ok
19:51:30.0039 5420 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:51:30.0100 5420 kbdhid - ok
19:51:30.0136 5420 [ 6A0E382E74280E4CC0DF17FE2661D003 ] KeyIso C:\Windows\system32\lsass.exe
19:51:30.0184 5420 KeyIso - ok
19:51:30.0233 5420 [ 11D0BC1F2AFD8ABBB5A3DC47A042DE54 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:51:30.0271 5420 KSecDD - ok
19:51:30.0335 5420 [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm C:\Windows\system32\msdtckrm.dll
19:51:30.0440 5420 KtmRm - ok
19:51:30.0485 5420 [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer C:\Windows\system32\srvsvc.dll
19:51:30.0563 5420 LanmanServer - ok
19:51:30.0613 5420 [ A6A0DFF37BC17ECD6705FBDB90EECD92 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:51:30.0693 5420 LanmanWorkstation - ok
19:51:30.0721 5420 [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:51:30.0838 5420 lltdio - ok
19:51:30.0899 5420 [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:51:31.0000 5420 lltdsvc - ok
19:51:31.0033 5420 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:51:31.0145 5420 lmhosts - ok
19:51:31.0204 5420 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:51:31.0226 5420 LSI_FC - ok
19:51:31.0250 5420 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:51:31.0265 5420 LSI_SAS - ok
19:51:31.0297 5420 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:51:31.0312 5420 LSI_SCSI - ok
19:51:31.0337 5420 [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv C:\Windows\system32\drivers\luafv.sys
19:51:31.0422 5420 luafv - ok
19:51:31.0557 5420 [ 8113133EC42DD6C566908008CE913EDD ] LVcKap C:\Windows\system32\DRIVERS\LVcKap.sys
19:51:31.0654 5420 LVcKap - ok
19:51:31.0778 5420 [ 9E41266C68C11D7101A2D18CD1F7553E ] LVCOMSer C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
19:51:31.0789 5420 LVCOMSer - ok
19:51:31.0884 5420 [ 0DD5B8AF4917A2821047450195C511B3 ] LVMVDrv C:\Windows\system32\DRIVERS\LVMVDrv.sys
19:51:32.0027 5420 LVMVDrv - ok
19:51:32.0086 5420 [ 406B1D186F75B4B4832D6237859E1B00 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
19:51:32.0098 5420 LVPr2Mon - ok
19:51:32.0150 5420 [ 85C2E84BC1224C75A20B5560D5A15DB9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:51:32.0165 5420 LVPrcSrv - ok
19:51:32.0183 5420 [ 656180E9C0C5199520972426C44BC2F0 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
19:51:32.0196 5420 LVSrvLauncher - ok
19:51:32.0218 5420 lxcf_device - ok
19:51:32.0262 5420 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
19:51:32.0274 5420 MBAMSwissArmy - ok
19:51:32.0301 5420 [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:51:32.0343 5420 Mcx2Svc - ok
19:51:32.0380 5420 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:51:32.0432 5420 mdmxsdk - ok
19:51:32.0492 5420 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
19:51:32.0501 5420 megasas - ok
19:51:32.0527 5420 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS C:\Windows\system32\mmcss.dll
19:51:32.0612 5420 MMCSS - ok
19:51:32.0642 5420 [ 21755967298A46FB6ADFEC9DB6012211 ] Modem C:\Windows\system32\drivers\modem.sys
19:51:32.0698 5420 Modem - ok
19:51:32.0724 5420 [ EC839BA91E45CCE6EADAFC418FFF8206 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:51:32.0780 5420 monitor - ok
19:51:32.0790 5420 [ 3C9469DFB3440555DAB070716D768B1E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:51:32.0800 5420 mouclass - ok
19:51:32.0813 5420 [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:51:32.0887 5420 mouhid - ok
19:51:32.0914 5420 [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:51:32.0924 5420 MountMgr - ok
19:51:33.0005 5420 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:51:33.0019 5420 MozillaMaintenance - ok
19:51:33.0046 5420 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
19:51:33.0056 5420 mpio - ok
19:51:33.0081 5420 [ 8D326E8B321685D4784AFA1C55169D73 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:51:33.0139 5420 mpsdrv - ok
19:51:33.0151 5420 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:51:33.0161 5420 Mraid35x - ok
19:51:33.0181 5420 [ 93224014A418B72356462B8F7DE6E8C9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:51:33.0216 5420 MRxDAV - ok
19:51:33.0248 5420 [ FCA7563D87F71C6DB0182CA67CC19AA7 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:51:33.0307 5420 mrxsmb - ok
19:51:33.0317 5420 [ 58A9AB5754FA4CABEDE7401283B5A771 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:51:33.0397 5420 mrxsmb10 - ok
19:51:33.0428 5420 [ 79B09504E4A790104683722CD04F76B4 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:51:33.0484 5420 mrxsmb20 - ok
19:51:33.0516 5420 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
19:51:33.0527 5420 msahci - ok
19:51:33.0618 5420 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
19:51:33.0624 5420 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
19:51:33.0624 5420 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
19:51:33.0662 5420 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:51:33.0672 5420 msdsm - ok
19:51:33.0718 5420 [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC C:\Windows\System32\msdtc.exe
19:51:33.0759 5420 MSDTC - ok
19:51:33.0791 5420 [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:51:33.0847 5420 Msfs - ok
19:51:33.0890 5420 [ 5F454A16A5146CD91A176D70F0CFA3EC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:51:33.0900 5420 msisadrv - ok
19:51:33.0956 5420 [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:51:34.0034 5420 MSiSCSI - ok
19:51:34.0039 5420 msiserver - ok
19:51:34.0067 5420 [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:51:34.0123 5420 MSKSSRV - ok
19:51:34.0145 5420 [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:51:34.0221 5420 MSPCLOCK - ok
19:51:34.0248 5420 [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:51:34.0325 5420 MSPQM - ok
19:51:34.0356 5420 [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:51:34.0371 5420 MsRPC - ok
19:51:34.0393 5420 [ 4385C80EDE885E25492D408CAD91BD6F ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:51:34.0402 5420 mssmbios - ok
19:51:34.0466 5420 MSSQL$VAIO_VEDB - ok
19:51:34.0527 5420 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:51:34.0539 5420 MSSQLServerADHelper - ok
19:51:34.0596 5420 [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:51:34.0710 5420 MSTEE - ok
19:51:34.0857 5420 [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup C:\Windows\system32\Drivers\mup.sys
19:51:34.0868 5420 Mup - ok
19:51:34.0979 5420 [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent C:\Windows\system32\qagentRT.dll
19:51:35.0071 5420 napagent - ok
19:51:35.0147 5420 [ 497DE786240303EE67AB01F5690C24C2 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:51:35.0166 5420 NativeWifiP - ok
19:51:35.0203 5420 [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:51:35.0232 5420 NDIS - ok
19:51:35.0247 5420 [ 7584F1794B23B83D63CC124A8C56D103 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:51:35.0304 5420 NdisTapi - ok
19:51:35.0330 5420 [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:51:35.0385 5420 Ndisuio - ok
19:51:35.0404 5420 [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:51:35.0484 5420 NdisWan - ok
19:51:35.0507 5420 [ 874C12E3AD1431CABC854697D302C563 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:51:35.0586 5420 NDProxy - ok
19:51:35.0613 5420 [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:51:35.0695 5420 NetBIOS - ok
19:51:35.0730 5420 [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:51:35.0790 5420 netbt - ok
19:51:35.0803 5420 [ 6A0E382E74280E4CC0DF17FE2661D003 ] Netlogon C:\Windows\system32\lsass.exe
19:51:35.0816 5420 Netlogon - ok
19:51:35.0850 5420 [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman C:\Windows\System32\netman.dll
19:51:35.0936 5420 Netman - ok
19:51:35.0967 5420 [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm C:\Windows\System32\netprofm.dll
19:51:36.0048 5420 netprofm - ok
19:51:36.0100 5420 [ B418382DE04FF58567AA07A2B66B2332 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:51:36.0115 5420 NetTcpPortSharing - ok
19:51:36.0221 5420 [ ACC6170D80C69E50145B370023B64ED3 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
19:51:36.0329 5420 NETw3v32 - ok
19:51:36.0372 5420 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:51:36.0381 5420 nfrd960 - ok
19:51:36.0456 5420 [ C424117A562F2DE37A42266894C79AEB ] NlaSvc C:\Windows\System32\nlasvc.dll
19:51:36.0541 5420 NlaSvc - ok
19:51:36.0595 5420 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
19:51:36.0661 5420 nmwcd - ok
19:51:36.0683 5420 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
19:51:36.0739 5420 nmwcdc - ok
19:51:36.0771 5420 [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:51:36.0827 5420 Npfs - ok
19:51:36.0860 5420 [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi C:\Windows\system32\nsisvc.dll
19:51:36.0923 5420 nsi - ok
19:51:36.0942 5420 [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:51:37.0035 5420 nsiproxy - ok
19:51:37.0164 5420 [ 3F379380A4A2637F559444E338CF1B51 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:51:37.0274 5420 Ntfs - ok
19:51:37.0356 5420 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:51:37.0412 5420 ntrigdigi - ok
19:51:37.0430 5420 [ EC5EFB3C60F1B624648344A328BCE596 ] Null C:\Windows\system32\drivers\Null.sys
19:51:37.0504 5420 Null - ok
19:51:37.0529 5420 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:51:37.0540 5420 nvraid - ok
19:51:37.0551 5420 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:51:37.0560 5420 nvstor - ok
19:51:37.0579 5420 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:51:37.0592 5420 nv_agp - ok
19:51:37.0598 5420 NwlnkFlt - ok
19:51:37.0604 5420 NwlnkFwd - ok
19:51:37.0631 5420 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:51:37.0713 5420 ohci1394 - ok
19:51:37.0812 5420 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:51:37.0821 5420 ose - ok
19:51:37.0874 5420 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:51:37.0928 5420 p2pimsvc - ok
19:51:37.0943 5420 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc C:\Windows\system32\p2psvc.dll
19:51:38.0036 5420 p2psvc - ok
19:51:38.0105 5420 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
19:51:38.0124 5420 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
19:51:38.0124 5420 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
19:51:38.0166 5420 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:51:38.0223 5420 Parport - ok
19:51:38.0247 5420 [ 555A5B2C8022983BC7467BC925B222EE ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:51:38.0258 5420 partmgr - ok
19:51:38.0275 5420 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:51:38.0330 5420 Parvdm - ok
19:51:38.0365 5420 [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:51:38.0382 5420 PcaSvc - ok
19:51:38.0430 5420 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:51:38.0492 5420 pccsmcfd - ok
19:51:38.0500 5420 [ 1085D75657807E0E8B32F9E19A1647C3 ] pci C:\Windows\system32\drivers\pci.sys
19:51:38.0512 5420 pci - ok
19:51:38.0529 5420 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:51:38.0539 5420 pciide - ok
19:51:38.0560 5420 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:51:38.0573 5420 pcmcia - ok
19:51:38.0625 5420 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:51:38.0782 5420 PEAUTH - ok
19:51:38.0921 5420 [ CD05A38D166BEADE18030BAFC0C0A939 ] pla C:\Windows\system32\pla.dll
19:51:39.0267 5420 pla - ok
19:51:39.0333 5420 [ 99F45FF202A0C8F2C948557FA404AF4C ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:51:39.0413 5420 PlugPlay - ok
19:51:39.0473 5420 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:51:39.0542 5420 PNRPAutoReg - ok
19:51:39.0558 5420 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:51:39.0666 5420 PNRPsvc - ok
19:51:39.0722 5420 [ 05AB8CBD7056B6EA16E5FAB14326AAEE ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:51:39.0880 5420 PolicyAgent - ok
19:51:39.0930 5420 [ 6C359AC71D7B550A0D41F9DB4563CE05 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:51:39.0987 5420 PptpMiniport - ok
19:51:40.0002 5420 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
19:51:40.0078 5420 Processor - ok
19:51:40.0130 5420 [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc C:\Windows\system32\profsvc.dll
19:51:40.0220 5420 ProfSvc - ok
19:51:40.0236 5420 [ 6A0E382E74280E4CC0DF17FE2661D003 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:51:40.0250 5420 ProtectedStorage - ok
19:51:40.0299 5420 [ B74EDF14453C9987E99E66535047EBEE ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:51:40.0385 5420 PSched - ok
19:51:40.0472 5420 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:51:40.0480 5420 PxHelp20 - ok
19:51:40.0581 5420 [ B1AD87B4C97B6B59FCD075001E76865F ] QCDonner C:\Windows\system32\DRIVERS\LVCD.sys
19:51:40.0680 5420 QCDonner - ok
19:51:40.0747 5420 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:51:40.0791 5420 ql2300 - ok
19:51:40.0825 5420 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:51:40.0836 5420 ql40xx - ok
19:51:40.0910 5420 [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE C:\Windows\system32\qwave.dll
19:51:40.0977 5420 QWAVE - ok
19:51:41.0003 5420 [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:51:41.0020 5420 QWAVEdrv - ok
19:51:41.0091 5420 [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:51:41.0166 5420 RasAcd - ok
19:51:41.0189 5420 [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto C:\Windows\System32\rasauto.dll
19:51:41.0248 5420 RasAuto - ok
19:51:41.0267 5420 [ 88587DD843E2059848995B407B67F6CF ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:51:41.0325 5420 Rasl2tp - ok
19:51:41.0345 5420 [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan C:\Windows\System32\rasmans.dll
19:51:41.0406 5420 RasMan - ok
19:51:41.0413 5420 [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:51:41.0503 5420 RasPppoe - ok
19:51:41.0532 5420 [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:51:41.0615 5420 rdbss - ok
19:51:41.0654 5420 [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:51:41.0735 5420 RDPCDD - ok
19:51:41.0983 5420 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:51:42.0068 5420 rdpdr - ok
19:51:42.0076 5420 [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:51:42.0132 5420 RDPENCDD - ok
19:51:42.0168 5420 [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:51:42.0229 5420 RDPWD - ok
19:51:42.0278 5420 [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess C:\Windows\System32\mprdim.dll
19:51:42.0353 5420 RemoteAccess - ok
19:51:42.0398 5420 [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:51:42.0486 5420 RemoteRegistry - ok
19:51:42.0515 5420 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:51:42.0528 5420 RpcLocator - ok
19:51:42.0564 5420 [ B46D8EA6DD30BAA49F674DACDC4C491F ] RpcSs C:\Windows\system32\rpcss.dll
19:51:42.0640 5420 RpcSs - ok
19:51:42.0700 5420 [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:51:42.0755 5420 rspndr - ok
19:51:42.0761 5420 [ 6A0E382E74280E4CC0DF17FE2661D003 ] SamSs C:\Windows\system32\lsass.exe
19:51:42.0775 5420 SamSs - ok
19:51:42.0812 5420 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:51:42.0823 5420 sbp2port - ok
19:51:42.0867 5420 [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:51:42.0925 5420 SCardSvr - ok
19:51:42.0965 5420 [ 5C72614E6625D39CC1504BF078FDC4CA ] Schedule C:\Windows\system32\schedsvc.dll
19:51:43.0059 5420 Schedule - ok
19:51:43.0084 5420 [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:51:43.0140 5420 SCPolicySvc - ok
19:51:43.0162 5420 [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:51:43.0195 5420 SDRSVC - ok
19:51:43.0226 5420 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:51:43.0282 5420 secdrv - ok
19:51:43.0304 5420 [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon C:\Windows\system32\seclogon.dll
19:51:43.0385 5420 seclogon - ok
19:51:43.0413 5420 [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS C:\Windows\System32\sens.dll
19:51:43.0497 5420 SENS - ok
19:51:43.0516 5420 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:51:43.0572 5420 Serenum - ok
19:51:43.0595 5420 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:51:43.0651 5420 Serial - ok
19:51:43.0688 5420 [ FD06895F55C0BEC3CBD84BDA14E1C6B7 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:51:43.0821 5420 sermouse - ok
19:51:43.0904 5420 [ E802089FEC30A95FDFD218995308F9B3 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:51:43.0995 5420 ServiceLayer - ok
19:51:44.0080 5420 [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv C:\Windows\system32\sessenv.dll
19:51:44.0162 5420 SessionEnv - ok
19:51:44.0230 5420 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:51:44.0286 5420 sffdisk - ok
19:51:44.0319 5420 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:51:44.0374 5420 sffp_mmc - ok
19:51:44.0391 5420 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:51:44.0447 5420 sffp_sd - ok
19:51:44.0467 5420 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:51:44.0537 5420 sfloppy - ok
19:51:44.0577 5420 [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:51:44.0619 5420 ShellHWDetection - ok
19:51:44.0643 5420 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:51:44.0653 5420 sisagp - ok
19:51:44.0675 5420 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:51:44.0686 5420 SiSRaid2 - ok
19:51:44.0742 5420 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:51:44.0753 5420 SiSRaid4 - ok
19:51:44.0890 5420 [ 7610645679BB5994210D21A347E0C479 ] slsvc C:\Windows\system32\SLsvc.exe
19:51:45.0212 5420 slsvc - ok
19:51:45.0268 5420 [ 49670F3E42A0178A0AB425AE15D88E7C ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:51:45.0351 5420 SLUINotify - ok
19:51:45.0377 5420 [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:51:45.0458 5420 Smb - ok
19:51:45.0494 5420 [ DB31D8989B3450569C29780E7FA98C48 ] SNC C:\Windows\system32\Drivers\SonyNC.sys
19:51:45.0527 5420 SNC - ok
19:51:45.0554 5420 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:51:45.0569 5420 SNMPTRAP - ok
19:51:45.0652 5420 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
19:51:45.0705 5420 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - warning
19:51:45.0705 5420 Sony Ericsson PCCompanion - detected UnsignedFile.Multi.Generic (1)
19:51:45.0752 5420 [ 426F9B029AA9162CECCF65369457D046 ] spldr C:\Windows\system32\drivers\spldr.sys
19:51:45.0762 5420 spldr - ok
19:51:45.0797 5420 [ DA612EF2556776DF2630B68BF2D48935 ] Spooler C:\Windows\System32\spoolsv.exe
19:51:45.0812 5420 Spooler - ok
19:51:45.0881 5420 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
19:51:45.0886 5420 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
19:51:45.0886 5420 SPTISRV - detected UnsignedFile.Multi.Generic (1)
19:51:45.0939 5420 [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:51:45.0955 5420 SQLBrowser - ok
19:51:45.0963 5420 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:51:45.0974 5420 SQLWriter - ok
19:51:46.0027 5420 [ 2C677528B24D64D22886ECBE5CD97F20 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:51:46.0117 5420 srv - ok
19:51:46.0216 5420 [ 382BAF4DCBD7648CED6C64A8A1E335B2 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:51:46.0322 5420 srv2 - ok
19:51:46.0353 5420 [ F8E47A77E1690D8574962B69CB22BEB3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:51:46.0480 5420 srvnet - ok
19:51:46.0515 5420 [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:51:46.0575 5420 SSDPSRV - ok
19:51:46.0615 5420 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:51:46.0624 5420 ssmdrv - ok
19:51:46.0686 5420 [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc C:\Windows\System32\wiaservc.dll
19:51:46.0716 5420 stisvc - ok
19:51:46.0746 5420 [ 1379BDB336F8158C176A465E30759F57 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:51:46.0756 5420 swenum - ok
19:51:46.0828 5420 [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv C:\Windows\System32\swprv.dll
19:51:46.0915 5420 swprv - ok
19:51:46.0978 5420 [ 2FE779B1A07747FED8074C433C3C4604 ] SymAppCore C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
19:51:46.0986 5420 SymAppCore - ok
19:51:47.0023 5420 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:51:47.0033 5420 Symc8xx - ok
19:51:47.0055 5420 [ 9D98270B5F10A4C84E8DA417C30756E1 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
19:51:47.0066 5420 SymEvent - ok
19:51:47.0105 5420 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:51:47.0115 5420 Sym_hi - ok
19:51:47.0162 5420 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:51:47.0172 5420 Sym_u3 - ok
19:51:47.0224 5420 [ C1FDFF9AFD8C6C905485981B41DCFB40 ] SysMain C:\Windows\system32\sysmain.dll
19:51:47.0321 5420 SysMain - ok
19:51:47.0351 5420 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:51:47.0389 5420 TabletInputService - ok
19:51:47.0420 5420 [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:51:47.0482 5420 TapiSrv - ok
19:51:47.0503 5420 [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS C:\Windows\System32\tbssvc.dll
19:51:47.0560 5420 TBS - ok
19:51:47.0606 5420 [ D944522B048A5FEB7700B5170D3D9423 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:51:47.0759 5420 Tcpip - ok
19:51:47.0778 5420 [ D944522B048A5FEB7700B5170D3D9423 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:51:47.0883 5420 Tcpip6 - ok
19:51:47.0915 5420 [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:51:47.0970 5420 tcpipreg - ok
19:51:47.0996 5420 [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:51:48.0051 5420 TDPIPE - ok
19:51:48.0072 5420 [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:51:48.0139 5420 TDTCP - ok
19:51:48.0164 5420 [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:51:48.0223 5420 tdx - ok
19:51:48.0242 5420 [ 2C549BD9DD091FBFAA0A2A48E82EC2FB ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:51:48.0253 5420 TermDD - ok
19:51:48.0291 5420 [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService C:\Windows\System32\termsrv.dll
19:51:48.0395 5420 TermService - ok
19:51:48.0433 5420 [ B264DFA21677728613267FE63802B332 ] Themes C:\Windows\system32\shsvcs.dll
19:51:48.0453 5420 Themes - ok
19:51:48.0472 5420 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER C:\Windows\system32\mmcss.dll
19:51:48.0531 5420 THREADORDER - ok
19:51:48.0595 5420 [ DCD46A3FC856167FD985507492AE610A ] ti21sony C:\Windows\system32\drivers\ti21sony.sys
19:51:48.0646 5420 ti21sony - ok
19:51:48.0694 5420 [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks C:\Windows\System32\trkwks.dll
19:51:48.0753 5420 TrkWks - ok
19:51:48.0846 5420 [ CD987375605E6F9C3230E99EDA9D9C6D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:51:48.0885 5420 TrustedInstaller - ok
19:51:48.0939 5420 [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:51:49.0006 5420 tssecsrv - ok
19:51:49.0067 5420 [ 80FC4AC81602C88E7D23618E6EFBA2C6 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:51:49.0123 5420 tunmp - ok
19:51:49.0130 5420 [ 52DAA1FA3B5A40D6A6627B44C60A9B78 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:51:49.0186 5420 tunnel - ok
19:51:49.0221 5420 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:51:49.0233 5420 uagp35 - ok
19:51:49.0262 5420 [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:51:49.0342 5420 udfs - ok
19:51:49.0389 5420 [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:51:49.0403 5420 UI0Detect - ok
19:51:49.0432 5420 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:51:49.0442 5420 uliagpkx - ok
19:51:49.0473 5420 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:51:49.0490 5420 uliahci - ok
19:51:49.0520 5420 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:51:49.0532 5420 UlSata - ok
19:51:49.0558 5420 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:51:49.0570 5420 ulsata2 - ok
19:51:49.0605 5420 [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:51:49.0661 5420 umbus - ok
19:51:49.0688 5420 [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost C:\Windows\System32\upnphost.dll
19:51:49.0752 5420 upnphost - ok
19:51:49.0792 5420 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:51:49.0851 5420 upperdev - ok
19:51:49.0905 5420 [ F6BF998AE33E3FB6C7D27F0560F1173F ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:51:49.0963 5420 usbaudio - ok
19:51:49.0982 5420 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:51:50.0062 5420 usbccgp - ok
19:51:50.0080 5420 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:51:50.0139 5420 usbcir - ok
19:51:50.0182 5420 [ 63FE924D8A1113C3BA6750693FBEC7D3 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:51:50.0239 5420 usbehci - ok
19:51:50.0260 5420 [ 5EDEC5510592C905E91817707DCE62A2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:51:50.0319 5420 usbhub - ok
19:51:50.0350 5420 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:51:50.0421 5420 usbohci - ok
19:51:50.0438 5420 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:51:50.0494 5420 usbprint - ok
19:51:50.0557 5420 [ B1F95285C08DDFE00C0B955462637EC7 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:51:50.0612 5420 usbscan - ok
19:51:50.0662 5420 [ C0488CC01A1C686B08A3D360C7F50324 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
19:51:50.0733 5420 usbser - ok
19:51:50.0786 5420 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:51:50.0817 5420 UsbserFilt - ok
19:51:50.0858 5420 [ FDBAABF07244C60B0F4E0A6E71A107C6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:51:50.0913 5420 USBSTOR - ok
19:51:50.0944 5420 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:51:51.0022 5420 usbuhci - ok
19:51:51.0055 5420 [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms C:\Windows\System32\uxsms.dll
19:51:51.0111 5420 UxSms - ok
19:51:51.0173 5420 [ 4E9C6BF8D0655BB7538088DC6F2306D9 ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
19:51:51.0180 5420 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
19:51:51.0180 5420 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
19:51:51.0280 5420 [ 8A9F18ADAD471402236CA931553BF79B ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
19:51:51.0291 5420 VAIO Event Service - ok
19:51:51.0486 5420 [ 88DC6B884824A578B0E1E9C3790C105B ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
19:51:51.0833 5420 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
19:51:51.0833 5420 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
19:51:51.0916 5420 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
19:51:51.0935 5420 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
19:51:51.0935 5420 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
19:51:52.0006 5420 [ ADDF0E4E19BD2FF0A0B852D324FDC281 ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
19:51:52.0063 5420 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
19:51:52.0063 5420 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
19:51:52.0165 5420 [ 52D4F568FE7D05AE5026B8717EEB59EB ] VAIOMediaPlatform-UCLS-AppServer C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
19:51:52.0238 5420 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - warning
19:51:52.0239 5420 VAIOMediaPlatform-UCLS-AppServer - detected UnsignedFile.Multi.Generic (1)
19:51:52.0427 5420 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-UCLS-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
19:51:52.0514 5420 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - warning
19:51:52.0514 5420 VAIOMediaPlatform-UCLS-HTTP - detected UnsignedFile.Multi.Generic (1)
19:51:52.0822 5420 [ ADDF0E4E19BD2FF0A0B852D324FDC281 ] VAIOMediaPlatform-UCLS-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
19:51:52.0980 5420 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - warning
19:51:52.0980 5420 VAIOMediaPlatform-UCLS-UPnP - detected UnsignedFile.Multi.Generic (1)
19:51:52.0986 5420 Vcsw - ok
19:51:53.0023 5420 [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds C:\Windows\System32\vds.exe
19:51:53.0077 5420 vds - ok
19:51:53.0167 5420 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:51:53.0223 5420 vga - ok
19:51:53.0251 5420 [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:51:53.0324 5420 VgaSave - ok
19:51:53.0345 5420 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:51:53.0356 5420 viaagp - ok
19:51:53.0372 5420 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:51:53.0441 5420 ViaC7 - ok
19:51:53.0455 5420 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
19:51:53.0465 5420 viaide - ok
19:51:53.0490 5420 [ 103E84C95832D0ED93507997CC7B54E8 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:51:53.0500 5420 volmgr - ok
19:51:53.0512 5420 [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:51:53.0531 5420 volmgrx - ok
19:51:53.0554 5420 [ 11EF6C1CAEF76B685233450A126125D6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:51:53.0569 5420 volsnap - ok
19:51:53.0601 5420 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:51:53.0612 5420 vsmraid - ok
19:51:53.0678 5420 [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS C:\Windows\system32\vssvc.exe
19:51:53.0815 5420 VSS - ok
19:51:53.0898 5420 [ 5FEB20D9ED9A2BD4F234222B0A3BB855 ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
19:51:53.0906 5420 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
19:51:53.0906 5420 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
19:51:53.0991 5420 [ 3757DFD3C07896EF660D4060366E7B4E ] VzFw C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
19:51:53.0998 5420 VzFw ( UnsignedFile.Multi.Generic ) - warning
19:51:53.0998 5420 VzFw - detected UnsignedFile.Multi.Generic (1)
19:51:54.0076 5420 [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time C:\Windows\system32\w32time.dll
19:51:54.0140 5420 W32Time - ok
19:51:54.0187 5420 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:51:54.0296 5420 WacomPen - ok
19:51:54.0490 5420 [ 6E1A5BE9A0605F3D932FF35FBA2B22B3 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:51:54.0571 5420 Wanarp - ok
19:51:54.0598 5420 [ 6E1A5BE9A0605F3D932FF35FBA2B22B3 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:51:54.0659 5420 Wanarpv6 - ok
19:51:54.0779 5420 [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:51:54.0829 5420 wcncsvc - ok
19:51:54.0860 5420 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:51:54.0939 5420 WcsPlugInService - ok
19:51:54.0982 5420 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
19:51:54.0992 5420 Wd - ok
19:51:55.0116 5420 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:51:55.0236 5420 Wdf01000 - ok
19:51:55.0270 5420 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:51:55.0305 5420 WdiServiceHost - ok
19:51:55.0311 5420 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:51:55.0329 5420 WdiSystemHost - ok
19:51:55.0530 5420 [ 5BB7DCE05889A1FE2E0DB1CDF451412B ] WebClient C:\Windows\System32\webclnt.dll
19:51:55.0606 5420 WebClient - ok
19:51:55.0637 5420 [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc C:\Windows\system32\wecsvc.dll
19:51:55.0697 5420 Wecsvc - ok
19:51:55.0713 5420 [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:51:55.0783 5420 wercplsupport - ok
19:51:55.0817 5420 [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc C:\Windows\System32\WerSvc.dll
19:51:55.0877 5420 WerSvc - ok
19:51:56.0076 5420 [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:51:56.0166 5420 winachsf - ok
19:51:56.0179 5420 WinHttpAutoProxySvc - ok
19:51:56.0259 5420 [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:51:56.0318 5420 Winmgmt - ok
19:51:56.0372 5420 [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM C:\Windows\system32\WsmSvc.dll
19:51:56.0471 5420 WinRM - ok
19:51:56.0519 5420 [ 424782AC6393CAFD0EE6FA887105BBAE ] Wlansvc C:\Windows\System32\wlansvc.dll
19:51:56.0550 5420 Wlansvc - ok
19:51:56.0575 5420 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:51:56.0631 5420 WmiAcpi - ok
19:51:56.0669 5420 [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:51:56.0683 5420 wmiApSrv - ok
19:51:56.0764 5420 [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:51:56.0889 5420 WMPNetworkSvc - ok
19:51:56.0924 5420 [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:51:56.0963 5420 WPCSvc - ok
19:51:56.0988 5420 [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:51:57.0043 5420 WPDBusEnum - ok
19:51:57.0106 5420 [ 2D27171B16A577EF14C1273668753485 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:51:57.0162 5420 WpdUsb - ok
19:51:57.0203 5420 [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:51:57.0279 5420 ws2ifsl - ok
19:51:57.0284 5420 WSearch - ok
19:51:57.0359 5420 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:51:57.0394 5420 WudfPf - ok
19:51:57.0427 5420 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:51:57.0444 5420 WUDFRd - ok
19:51:57.0465 5420 [ FE0B93B28089C79E9D635434A92995C0 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:51:57.0482 5420 wudfsvc - ok
19:51:57.0506 5420 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
19:51:57.0534 5420 XAudio - ok
19:51:57.0571 5420 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
19:51:57.0612 5420 XAudioService - ok
19:51:57.0649 5420 [ 69222091B6285906AFF82E43681CF826 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
19:51:57.0689 5420 yukonwlh - ok
19:51:57.0697 5420 ================ Scan global ===============================
19:51:57.0756 5420 [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
19:51:57.0796 5420 [ D2E032FC47D59D704B1A49D159C318E5 ] C:\Windows\system32\winsrv.dll
19:51:57.0813 5420 [ D2E032FC47D59D704B1A49D159C318E5 ] C:\Windows\system32\winsrv.dll
19:51:57.0857 5420 [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
19:51:57.0862 5420 [Global] - ok
19:51:57.0862 5420 ================ Scan MBR ==================================
19:51:57.0878 5420 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:51:58.0300 5420 \Device\Harddisk0\DR0 - ok
19:51:58.0301 5420 ================ Scan VBR ==================================
19:51:58.0312 5420 [ EE1CFAEFA6E94C66125683838C076F03 ] \Device\Harddisk0\DR0\Partition1
19:51:58.0401 5420 \Device\Harddisk0\DR0\Partition1 - ok
19:51:58.0401 5420 ============================================================
19:51:58.0401 5420 Scan finished
19:51:58.0401 5420 ============================================================
19:51:58.0416 6288 Detected object count: 15
19:51:58.0416 6288 Actual detected object count: 15
19:52:22.0940 6288 DirMngr ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0941 6288 DirMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0941 6288 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0941 6288 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0944 6288 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0944 6288 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0947 6288 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0947 6288 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0949 6288 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0949 6288 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0952 6288 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0952 6288 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0956 6288 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0956 6288 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0958 6288 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0959 6288 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0961 6288 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0962 6288 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0965 6288 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0966 6288 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0967 6288 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0967 6288 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0971 6288 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0971 6288 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0973 6288 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0973 6288 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0976 6288 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0976 6288 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:22.0979 6288 VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0979 6288 VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter ComboFix 13-07-31.02 - *** 31.07.2013 20:26:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.2038.1368 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-28 bis 2013-07-31 ))))))))))))))))))))))))))))))
.
.
2013-07-31 18:32 . 2013-07-31 18:32 -------- d-----w- c:\users\***\AppData\Local\temp
2013-07-30 15:58 . 2013-07-30 15:58 -------- d-----w- C:\FRST
2013-07-23 11:26 . 2013-07-23 11:26 -------- d-----w- c:\program files\TubeSaver
2013-07-17 11:38 . 2013-07-17 11:38 -------- d-----w- c:\users\***\.android
2013-07-17 11:37 . 2013-07-17 11:37 -------- d-----w- c:\users\***\AppData\Roaming\Optimizer Pro
2013-07-17 11:37 . 2013-07-17 11:37 -------- d-----w- c:\program files\Optimizer Pro
2013-07-17 11:36 . 2013-07-17 11:36 -------- d-----w- c:\users\***\AppData\Roaming\BabSolution
2013-07-17 11:36 . 2013-07-17 11:36 -------- d-----w- c:\program files\Delta
2013-07-17 11:36 . 2013-07-23 18:55 -------- d-----w- c:\users\***\AppData\Roaming\MyPhoneExplorer
2013-07-17 11:35 . 2013-07-17 11:35 -------- d-----w- c:\users\***\AppData\Roaming\Babylon
2013-07-17 11:35 . 2013-07-17 11:35 -------- d-----w- c:\programdata\Babylon
2013-07-17 11:35 . 2013-07-17 11:36 -------- d-----w- c:\program files\MyPhoneExplorer
2013-07-01 19:42 . 2013-07-13 19:48 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-31 19:53 . 2012-05-19 11:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-31 19:53 . 2011-10-11 10:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{57F2FC14-BE99-4DFB-B9F1-2458A4F496AB}]
2013-07-22 14:11 137728 ----a-w- c:\program files\TubeSaver\125.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-09-29 2647872]
"uTorrent"="c:\users\***\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-17 802136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-24 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-24 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-24 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4317184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-12 118784]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-04-27 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Windows Privacy Tray.lnk - c:\users\***\Desktop\Post\GnuPT\WPT\WinPT.exe [2013-1-24 595456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 14:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-11-17 02:08 107112 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-01-22 19:39 321656 ----a-w- c:\program files\sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 14:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2006-11-17 02:05 22696 ----a-w- c:\program files\Norton Internet Security\osCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-02 12:34 1004136 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2006-11-02 12:34 2159104 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 19:41]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 19:41]
.
2013-07-31 c:\windows\Tasks\TubeSaver Update.job
- c:\program files\TubeSaver\tbsUd.exe [2013-07-22 14:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://www.club-vaio.com
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - inforiot.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=86f68a40-1cd0-4ecd-a9ee-2d3b7e0db83c&apn_ptnrs=%5EAGS&apn_sauid=B4A21FB3-6BDC-4104-8C1A-CAEEC57C9EF0&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2013-07-17 13:36; ffxtlbr@delta.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-07-17 13:36; Tubesaver@istqt.co; c:\program files\TubeSaver\125.xpi
FF - user.js: extentions.y2layers.installId - b47af8cb-4e90-4485-a3a2-985a03a01ffa
FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader,BestVideoDownloader,
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 26d46bdb00000000000000197e6bf6d8
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15903
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.513:36
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120692&tt=160713_91114&tsp=4946
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
AddRemove-HDMI - c:\windows\system32\igxpun.exe
AddRemove-System Progressive Protection - c:\programdata\FB40BB586A656BDB0026FB409483D7B6\FB40BB586A656BDB0026FB409483D7B6.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-07-31 20:32
Windows 6.0.6000 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-07-31 20:34:37
ComboFix-quarantined-files.txt 2013-07-31 18:34
.
Vor Suchlauf: 11 Verzeichnis(se), 43.648.348.160 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 43.408.510.976 Bytes frei
.
- - End Of File - - 4AAC3A65FB0BD6394E8C2B45646EA578
5C616939100B85E558DA92B899A0FC36
|
|
31.07.2013, 21:05
| #6 |
| /// Malware-holic | TubeSaver1.125 Hi, es sind mehrere Logs zu erstellen, poste diese möglichst gleichzeitig, sollte es Probleme geben, stoppen und nachfragen. 1. Deinstaliere bitte erst einmal: Ask Toolbar Avira SearchFree Browser Address Error Delta : beide Optimizer Pro TubeSaver Sollte eine Deinstalation nicht funktionieren, mache es mit Rewo: Revo Uninstaller - Download - Filepony Starte nach den deinstalationen neu. 2. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
neustarten. 3. Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
neustarten. 4. Hitmanpro laden: Hitman Pro - Download - Filepony Doppelklicken, Scan klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängenHi, es sind 2 Logs zu erstellen, bitte gleichzeitig posten Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ --> TubeSaver1.125 |
|
31.07.2013, 22:06
| #7 |
| | TubeSaver1.125 wart ma... das is so viel. ihr macht das im normalfall nicht so, dass ihr ansagt, obs n problem gibt und welches? bin etw verunsichert durch die standartisierten anweisungen ohne info, wasde aus den log-datein eigentlich liest.. no offence. würd nur gern wissen, was phase is. geht das? |
|
01.08.2013, 12:02
| #8 |
| /// Malware-holic | TubeSaver1.125 Wenn wir jeden Schritt erklären würden, würde das halt viel zeit kosten, wir entfernen jetzt adware
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.08.2013, 19:10
| #9 |
| | TubeSaver1.125 danke. srry, wollt nicht unverschämt sein. cool, dassde dir die zeit nimmst. hier die log-dateien: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 01/08/2013 um 19:43:11 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\searchplugins\delta.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Babylon
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6000.16386
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.bbDpng", "31");
Gelöscht : user_pref("extensions.delta.cntry", "DE");
Gelöscht : user_pref("extensions.delta.dfltLng", "de");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.hdrMd5", "94E900A13AEA4A3B7EF944FBAAC3E10E");
Gelöscht : user_pref("extensions.delta.id", "26d46bdb00000000000000197e6bf6d8");
Gelöscht : user_pref("extensions.delta.instlDay", "15903");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.513:36:26");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.sg", "azb");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.513:36:26");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=120692&tt=160713_91114&tsp=4946");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Gelöscht : user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
Gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "BestVideoDownloader,BestVideoDownloader,");
Gelöscht : user_pref("extentions.y2layers.installId", "b47af8cb-4e90-4485-a3a2-985a03a01ffa");
Gelöscht : user_pref("extentions.y2layers.lastDnsTest", 371943);
*************************
AdwCleaner[S1].txt - [6167 octets] - [01/08/2013 19:43:11]
########## EOF - C:\AdwCleaner[S1].txt - [6227 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by *** on 01.08.2013 at 19:51:00,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jpzzj47c.default\invalidprefs.js
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jpzzj47c.default\minidumps [39 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.08.2013 at 19:54:55,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter
|
|
01.08.2013, 19:24
| #10 |
| /// Malware-holic | TubeSaver1.125 Hi, ist doch nicht unverschämt wenn du nachfragst :-) starte mal bitte neu,poste ein abschließenes Farbar's Recovery Scan Tool Log. Wir werden später auch die Nutzerkontensteuerung wieder einschalten, sie ist ein guter Anfang um Malware fernzuhalten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.08.2013, 20:59
| #11 |
| | TubeSaver1.125 ok. danke du. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03
Ran by *** (administrator) on 01-08-2013 21:55:46
Running from C:\Users\***\Desktop
Microsoft® Windows Vista™ Home Premium (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(BitTorrent Inc.) C:\Users\***\AppData\Roaming\uTorrent\uTorrent.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\***\Desktop\Post\GnuPT\WPT\WinPT.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\GNUzwei\GnuPG\dirmngr.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4317184 2007-02-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [118784 2007-01-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [LogitechCommunicationsManager] - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] ()
HKLM\...\Run: [LXCFCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [2647872 2011-09-29] (Piriform Ltd)
HKCU\...\Run: [uTorrent] - C:\Users\***\AppData\Roaming\uTorrent\uTorrent.exe [802136 2013-05-17] (BitTorrent Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2006-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Privacy Tray.lnk
ShortcutTarget: Windows Privacy Tray.lnk -> C:\Users\***\Desktop\Post\GnuPT\WPT\WinPT.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.sony.com/de
hxxp://www.club-vaio.com/vbc
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://partnerpage.google.com/eu.sony.com/de
hxxp://www.club-vaio.com/vbc
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKCU - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: No Name - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: DoNotTrackMe - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\donottrackplus@abine.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
S2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-11-17] (Symantec Corporation)
R2 DirMngr; C:\Program Files\GNUzwei\GnuPG\dirmngr.exe [224256 2011-03-02] ()
S3 ISPwdSvc; C:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-11-17] (Symantec Corporation)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
S3 lxcf_device; C:\Windows\system32\lxcfcoms.exe [491520 2005-04-15] ()
R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [28933976 2007-02-05] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2007-02-05] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [57344 2006-12-14] ()
S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-11-17] (Symantec Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-01-10] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [182392 2007-02-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-11-28] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [172032 2006-11-28] (Sony Corporation)
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2006-11-28] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
S3 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [202872 2006-11-17] (Symantec Corporation)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-10-12] (Malwarebytes Corporation)
S3 QCDonner; C:\Windows\System32\DRIVERS\LVCD.sys [474304 2004-04-26] (Logitech Inc.)
R3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [27520 2007-02-06] (Sony Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2007-02-26] (Symantec Corporation)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [807424 2007-02-08] (Texas Instruments)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-01 21:43 - 2013-08-01 21:43 - 00000000 _____ C:\Windows\WindowsUpdate.log
2013-08-01 21:40 - 2013-08-01 21:40 - 00000022 _____ C:\Windows\S.dirmngr
2013-08-01 21:18 - 2013-08-01 21:19 - 00000000 ____D C:\Users\***\Desktop\josis mp3 31.7.13
2013-08-01 20:11 - 2013-08-01 21:55 - 00000000 ____D C:\Users\***\Desktop\viruskacke
2013-08-01 19:50 - 2013-08-01 19:50 - 00000000 ____D C:\Windows\ERUNT
2013-08-01 19:43 - 2013-08-01 19:43 - 00006296 _____ C:\AdwCleaner[S1].txt
2013-07-31 20:34 - 2013-07-31 20:34 - 00013276 _____ C:\ComboFix.txt
2013-07-31 20:24 - 2013-07-31 20:34 - 00000000 ____D C:\ComboFix
2013-07-31 19:57 - 2013-07-31 20:34 - 00000000 ____D C:\Qoobox
2013-07-31 19:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-31 19:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-31 19:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-31 19:56 - 2013-07-31 20:32 - 00000000 ____D C:\Windows\erdnt
2013-07-30 17:58 - 2013-07-30 17:58 - 00000000 ____D C:\FRST
2013-07-30 17:57 - 2013-07-30 17:57 - 01222114 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-26 16:25 - 2013-07-26 16:25 - 00000000 ____D C:\Users\***\Desktop\sampler
2013-07-19 12:24 - 2013-07-19 12:24 - 00000075 _____ C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-17 17:24 - 2013-07-17 17:25 - 00637534 _____ C:\Users\***\Documents\SMS Konversationen.html
2013-07-17 13:45 - 2013-07-17 13:45 - 00480657 _____ C:\Users\***\Documents\Backup ***phone 2013-07-17.mpb
2013-07-17 13:38 - 2013-07-17 13:38 - 00000000 ____D C:\Users\***\.android
2013-07-17 13:36 - 2013-07-23 20:55 - 00000000 ____D C:\Users\***\AppData\Roaming\MyPhoneExplorer
2013-07-17 13:36 - 2013-07-17 13:36 - 00001854 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-17 13:35 - 2013-07-17 13:36 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-07-17 13:31 - 2013-07-17 13:31 - 07134488 _____ C:\Users\***\Downloads\MyPhoneExplorer_Setup_1.8.4.exe
==================== One Month Modified Files and Folders =======
2013-08-01 21:55 - 2013-08-01 20:11 - 00000000 ____D C:\Users\***\Desktop\viruskacke
2013-08-01 21:55 - 2013-02-22 17:15 - 00000000 ____D C:\Users\***\AppData\Roaming\uTorrent
2013-08-01 21:47 - 2006-11-02 12:33 - 01617722 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-01 21:43 - 2013-08-01 21:43 - 00000000 _____ C:\Windows\WindowsUpdate.log
2013-08-01 21:41 - 2013-03-20 21:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-08-01 21:40 - 2013-08-01 21:40 - 00000022 _____ C:\Windows\S.dirmngr
2013-08-01 21:40 - 2013-03-20 22:01 - 00000000 ___RD C:\Users\***\Dropbox
2013-08-01 21:39 - 2011-10-22 21:42 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-01 21:39 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 21:39 - 2006-11-02 14:47 - 00003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 21:39 - 2006-11-02 14:47 - 00003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 21:38 - 2012-02-24 12:14 - 00002422 _____ C:\lxcf.log
2013-08-01 21:38 - 2006-11-02 15:01 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-01 21:34 - 2011-10-22 21:42 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-01 21:19 - 2013-08-01 21:18 - 00000000 ____D C:\Users\***\Desktop\josis mp3 31.7.13
2013-08-01 20:07 - 2012-09-25 23:28 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-01 19:50 - 2013-08-01 19:50 - 00000000 ____D C:\Windows\ERUNT
2013-08-01 19:43 - 2013-08-01 19:43 - 00006296 _____ C:\AdwCleaner[S1].txt
2013-07-31 20:34 - 2013-07-31 20:34 - 00013276 _____ C:\ComboFix.txt
2013-07-31 20:34 - 2013-07-31 20:24 - 00000000 ____D C:\ComboFix
2013-07-31 20:34 - 2013-07-31 19:57 - 00000000 ____D C:\Qoobox
2013-07-31 20:34 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-07-31 20:32 - 2013-07-31 19:56 - 00000000 ____D C:\Windows\erdnt
2013-07-31 20:32 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-07-30 21:32 - 2013-01-24 14:01 - 00000000 ____D C:\Users\***\AppData\Roaming\gnupg
2013-07-30 21:26 - 2012-04-27 18:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-30 21:26 - 2011-10-10 21:38 - 00000000 ____D C:\Users\***\AppData\Roaming\Winamp
2013-07-30 17:58 - 2013-07-30 17:58 - 00000000 ____D C:\FRST
2013-07-30 17:57 - 2013-07-30 17:57 - 01222114 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-26 16:25 - 2013-07-26 16:25 - 00000000 ____D C:\Users\***\Desktop\sampler
2013-07-24 18:13 - 2011-10-11 13:36 - 00000000 ___RD C:\Users\***\Desktop\#1
2013-07-24 18:02 - 2013-01-24 16:14 - 00000000 ____D C:\Users\***\Desktop\gesammelt
2013-07-23 20:55 - 2013-07-17 13:36 - 00000000 ____D C:\Users\***\AppData\Roaming\MyPhoneExplorer
2013-07-19 12:24 - 2013-07-19 12:24 - 00000075 _____ C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-17 17:25 - 2013-07-17 17:24 - 00637534 _____ C:\Users\***\Documents\SMS Konversationen.html
2013-07-17 13:45 - 2013-07-17 13:45 - 00480657 _____ C:\Users\***\Documents\Backup ***phone 2013-07-17.mpb
2013-07-17 13:38 - 2013-07-17 13:38 - 00000000 ____D C:\Users\***\.android
2013-07-17 13:38 - 2011-10-10 21:11 - 00000000 ____D C:\Users\***
2013-07-17 13:36 - 2013-07-17 13:36 - 00001854 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-17 13:36 - 2013-07-17 13:35 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-07-17 13:31 - 2013-07-17 13:31 - 07134488 _____ C:\Users\***\Downloads\MyPhoneExplorer_Setup_1.8.4.exe
2013-07-13 21:48 - 2013-07-01 21:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-07-05 12:34 - 2012-07-29 15:06 - 00000000 ____D C:\Users\***\Desktop\haus4_WiLMa
2013-07-04 20:13 - 2013-05-26 16:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2006-11-02 10:47] - [2006-11-02 11:45] - 2923520 ____A (Microsoft Corporation) FD8C53FB002217F6F888BCF6F5D7084D
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 10:38] - [2006-11-02 11:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 10:52] - [2006-11-02 11:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6
LastRegBack: 2013-08-01 21:46
==================== End Of Log ============================
|
|
08.08.2013, 06:40
| #12 |
| | TubeSaver1.125 wie gehts weiter? |
|
08.08.2013, 12:44
| #13 |
| /// Malware-holic | TubeSaver1.125 Hiermit: Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Instaliere solange Updates, bis das Vista Servicepack 2 (SP2) instaliert ist, prüfe dies, unter rechtsklick, Computer, Eigenschaften.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.08.2013, 09:30
| #14 |
| | TubeSaver1.125 komme leider nur bis servicepack 1 - und das wrd mir immer wieder als neues wichtiges update angezeigt, obwohl lt. update verlauf schon mehrfach installiert. nanu?! |
|
12.08.2013, 16:00
| #15 |
| /// Malware-holic | TubeSaver1.125 Hi gibts fehlermeldung 1. Systemupdate-Vorbereitungstool für Windows Vista (KB947821) [Mai 2013] aus dem Microsoft Download Center herunterladen. Vorbereitungstool laufen lassen. 2. Treiber für mainboard, netzwerk, Grafikkarte aktualisieren, dann sollte das mit dem Update klappen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu TubeSaver1.125 |
| grün unterstrichen, nicht installiert, tubesaver, unterstrichen |
WARNUNG an die MITLESER: 
