| |
| |||||||
Log-Analyse und Auswertung: Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
13.08.2013, 15:34
| #1 |
| |  Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? Hallo zusammen, bin über google auf euch gestossen und hoffe, dass ihr mir weiterhelfen könnt. Habe mir schon einige Threads zu diesem Virus angeschaut und wie es scheint, seid ihr sehr kompetent  ein grosses Lob schon mal im Vorraus!Habe mir leider den oben genannten Virus eingefangen. Ich habe diesen schon letztes Jahr mal auf einem anderen PC beheben können mithilfe von Kaspersky...das hat dieses mal aber leider nicht geklappt. Ich habe Windows 7 (ah ja und der abgesicherte Modus wird auch verhindert durch den Virus) Ich hoffe ihr könnt mir helfen! Besten Dank im Voraus Joel |
|
13.08.2013, 15:37
| #2 |
| /// Malware-holic   | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? Hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
|
14.08.2013, 10:17
| #3 |
| | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01
Ran by SYSTEM on 13-08-2013 23:35:38
Running from L:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [202256 2010-05-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162336 2009-07-21] ()
HKU\Joël\...\Run: [Spotify Web Helper] - C:\Users\Joël\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [932528 2012-05-14] ()
HKU\Joël\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\JOL~1\AppData\Local\Temp\qwckjjlokdcqmsshh.exe [66560 2013-08-11] (Valve) <===== ATTENTION
HKU\Joël\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Joël\...\Command Processor: "C:\Users\JOL~1\AppData\Local\Temp\qwckjjlokdcqmsshh.exe" <===== ATTENTION!
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162336 2009-07-21] ()
==================== Services (Whitelisted) =================
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-05-29] ()
S2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
S2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-21] (Symantec Corporation)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-05-29] ()
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
==================== Drivers (Whitelisted) ====================
S1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2009-08-21] (Symantec Corporation)
S1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2011-10-11] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-01-24] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-01-24] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-01-24] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\ENG64.SYS [116272 2010-02-04] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\ENG64.SYS [116272 2010-02-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\EX64.SYS [1742896 2010-02-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\EX64.SYS [1742896 2010-02-04] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-08-21] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-08-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-08-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2010-01-10] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-08-21] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-11 13:08 - 2013-08-11 13:08 - 00104573 _____ C:\Users\Joël\AppData\Roaming\2433f433
2013-08-11 13:08 - 2013-08-11 13:08 - 00104573 _____ C:\Users\Joël\AppData\Local\2433f433
2013-08-11 13:08 - 2013-08-11 13:08 - 00104546 _____ C:\ProgramData\2433f433
2013-08-05 20:53 - 2013-08-05 20:53 - 00000000 ____D C:\Windows\System32\MRT
2013-07-29 12:44 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-29 12:44 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-29 12:44 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-29 12:44 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-29 12:44 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-29 12:44 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-29 12:44 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-29 12:44 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-29 12:44 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-29 12:44 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-29 12:44 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-29 12:44 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-29 12:44 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-29 12:44 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-29 12:44 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-29 12:44 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-29 12:44 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-29 12:44 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-29 12:44 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-29 12:44 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-29 12:44 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-29 12:44 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-29 12:44 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-29 12:44 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-29 12:44 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-29 12:44 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-29 12:44 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-29 12:44 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-29 12:44 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-29 12:44 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-29 12:44 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-29 12:31 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-29 12:31 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-29 12:30 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-29 12:30 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-29 12:29 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-29 12:26 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-29 12:26 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
==================== One Month Modified Files and Folders =======
2013-08-12 22:29 - 2009-10-16 22:10 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-12 22:29 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-12 22:29 - 2009-07-13 20:51 - 00115975 _____ C:\Windows\setupact.log
2013-08-12 13:58 - 2009-10-16 22:01 - 01229701 _____ C:\Windows\WindowsUpdate.log
2013-08-12 13:58 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 13:58 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-11 13:23 - 2009-07-13 21:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-11 13:08 - 2013-08-11 13:08 - 00104573 _____ C:\Users\Joël\AppData\Roaming\2433f433
2013-08-11 13:08 - 2013-08-11 13:08 - 00104573 _____ C:\Users\Joël\AppData\Local\2433f433
2013-08-11 13:08 - 2013-08-11 13:08 - 00104546 _____ C:\ProgramData\2433f433
2013-08-08 12:33 - 2012-04-22 11:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 20:54 - 2013-08-05 20:53 - 00000000 ____D C:\Windows\System32\MRT
2013-08-04 14:01 - 2012-10-15 10:03 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-04 11:26 - 2009-07-13 20:45 - 00351168 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-04 11:25 - 2013-03-17 15:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-04 11:25 - 2013-03-17 15:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-04 11:25 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-04 11:25 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-04 11:25 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-29 12:44 - 2009-08-14 16:33 - 00000000 ____D C:\ProgramData\Microsoft Help
Files to move or delete:
====================
C:\Users\JOL~1\AppData\Local\Temp\qwckjjlokdcqmsshh.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-28 16:41:28
Restore point made on: 2013-06-03 11:02:11
Restore point made on: 2013-06-03 13:40:33
Restore point made on: 2013-06-03 13:42:13
Restore point made on: 2013-06-08 14:18:04
Restore point made on: 2013-06-12 11:26:09
Restore point made on: 2013-06-12 13:30:29
Restore point made on: 2013-06-16 13:31:34
Restore point made on: 2013-06-16 14:41:42
Restore point made on: 2013-07-02 11:22:44
Restore point made on: 2013-07-05 12:03:09
Restore point made on: 2013-07-29 12:25:27
Restore point made on: 2013-07-29 12:42:02
Restore point made on: 2013-08-04 11:34:49
Restore point made on: 2013-08-05 20:52:49
Restore point made on: 2013-08-11 12:51:39
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 4095.24 MB
Available physical RAM: 3437.69 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3436.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:457.95 GB) (Free:388.15 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:458.46 GB) (Free:458.16 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:15 GB) (Free:5.85 GB) NTFS (Disk=0 Partition=1)
Drive g: (KRD10) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
Drive l: () (Removable) (Total:0.98 GB) (Free:0.91 GB) FAT (Disk=5 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CF41A627)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=458 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 1000 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=1000 MB) - (Type=06)
LastRegBack: 2013-06-03 11:18
==================== End Of Log ============================
--- --- --- |
|
15.08.2013, 13:18
| #4 |
| /// Malware-holic | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? HI, es sind 3 Logs zu erstellen, möglichst gleichzeitig posten. 1. Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Joël\...\Command Processor: "C:\Users\JOL~1\AppData\Local\Temp\qwckjjlokdcqmsshh.exe" <===== ATTENTION!
C:\Users\JOL~1\AppData\Local\Temp\qwckjjlokdcqmsshh.exe
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Wenn der Start in den normalen Modus klappt: 2. Scan mit Combofix
3. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.08.2013, 20:43
| #5 |
| | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? Hallo marcus, ich kann den pc leider noch nicht im normalen modus starten, es erscheint immer cmd.exe. auch mit befehl exit bleibt der bildschirm schwarz. hoffe das ist kein böses omen, hab mich genau an deine anleitung gehalten. Was kann ich jetzt tun? gruss joel |
|
21.08.2013, 13:24
| #6 |
| /// Malware-holic | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? Hi, sorry war kurzfristig nicht zuhause. kannst du mal strg+alt+entf aufrufen, auf prozesse, neuer Task. schreibe: explorer.exe enter desktop müsste zu sehen sein. Dann: Es sind 2 Logs zu posten, möglichst gleichzeitig: 1. Scan mit Combofix
2.
__________________ --> Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? |
|
21.08.2013, 19:52
| #7 |
| | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? hi, kein Problem hier noch die 3 log Dateien Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013 01
Ran by SYSTEM at 2013-08-16 12:33:30 Run:2
Running from L:\
Boot Mode: Recovery
==============================================
HKU\Joël\Software\Microsoft\Command Processor\\AutoRun => Value not found.
"C:\Users\JOL~1\AppData\Local\Temp\qwckjjlokdcqmsshh.exe" => File/Directory not found.
==== End of Fixlog ====
Code:
ATTFilter ComboFix 13-08-21.01 - Joël 21.08.2013 11:26:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.41.1031.18.4095.2660 [GMT -7:00]
ausgeführt von:: c:\users\Joël\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\programdata\2433f433
c:\windows\IsUn0407.exe
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-21 bis 2013-08-21 ))))))))))))))))))))))))))))))
.
.
2013-08-21 18:32 . 2013-08-21 18:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-21 18:32 . 2013-08-21 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-17 21:44 . 2013-07-26 05:13 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-08-17 21:44 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll
2013-08-17 21:44 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll
2013-08-15 19:14 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 19:14 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-15 19:14 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 19:14 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 19:14 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 19:14 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-15 19:14 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-15 19:14 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-15 19:14 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 19:14 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-15 19:13 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 19:13 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-15 19:13 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 19:13 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-14 07:35 . 2013-08-14 07:35 -------- d-----w- C:\FRST
2013-08-11 20:52 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{951C58E9-032A-4F1D-B679-B3C330CAC491}\mpengine.dll
2013-08-06 04:53 . 2013-08-17 21:43 -------- d-----w- c:\windows\system32\MRT
2013-07-29 20:31 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-29 20:31 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-29 20:31 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-29 20:31 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-29 20:31 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-29 20:31 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-29 20:31 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-29 20:31 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-29 20:31 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-29 20:29 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-29 20:29 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-29 20:29 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-29 20:29 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-29 20:29 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-29 20:29 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-29 20:26 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-29 20:26 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-17 21:42 . 2010-01-27 05:48 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-15 19:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-12 19:28 . 2012-04-22 19:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 19:28 . 2012-04-22 19:09 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-03 18:57 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\tbsoft.dll" [2010-11-14 3913000]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Joël\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-11-29 617048]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2012-11-29 12:52 617048 ----a-w- c:\users\Joël\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-14 05:58 3913000 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-11-14 05:58 3913000 ----a-w- c:\program files (x86)\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 00:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\tbsoft.dll" [2010-11-14 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-14 3913000]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Joël\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-11-29 617048]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Joël\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-14 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-05-17 202256]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvia64.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [x]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 19:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=IESB17
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Joël\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-21 11:38:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-21 18:38
.
Vor Suchlauf: 8 Verzeichnis(se), 416'106'332'160 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 422'361'710'592 Bytes frei
.
- - End Of File - - 43D3A0C77489A4A0D48279055EA17394
A36C5E4F47E84449FF07ED3517B43A31
Code:
ATTFilter 11:48:11.0029 4396 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:48:11.0363 4396 ============================================================
11:48:11.0364 4396 Current date / time: 2013/08/21 11:48:11.0363
11:48:11.0364 4396 SystemInfo:
11:48:11.0364 4396
11:48:11.0364 4396 OS Version: 6.1.7601 ServicePack: 1.0
11:48:11.0364 4396 Product type: Workstation
11:48:11.0364 4396 ComputerName: J87
11:48:11.0364 4396 UserName: Joël
11:48:11.0364 4396 Windows directory: C:\Windows
11:48:11.0364 4396 System windows directory: C:\Windows
11:48:11.0364 4396 Running under WOW64
11:48:11.0364 4396 Processor architecture: Intel x64
11:48:11.0364 4396 Number of processors: 4
11:48:11.0364 4396 Page size: 0x1000
11:48:11.0364 4396 Boot type: Normal boot
11:48:11.0364 4396 ============================================================
11:48:12.0403 4396 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:48:12.0419 4396 ============================================================
11:48:12.0419 4396 \Device\Harddisk0\DR0:
11:48:12.0419 4396 MBR partitions:
11:48:12.0419 4396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
11:48:12.0419 4396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x393E7000
11:48:12.0419 4396 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B219800, BlocksNum 0x394EC800
11:48:12.0419 4396 ============================================================
11:48:12.0501 4396 C: <-> \Device\Harddisk0\DR0\Partition2
11:48:12.0595 4396 D: <-> \Device\Harddisk0\DR0\Partition3
11:48:12.0595 4396 ============================================================
11:48:12.0595 4396 Initialize success
11:48:12.0595 4396 ============================================================
11:48:34.0212 5956 ============================================================
11:48:34.0212 5956 Scan started
11:48:34.0212 5956 Mode: Manual; SigCheck; TDLFS;
11:48:34.0212 5956 ============================================================
11:48:34.0994 5956 ================ Scan system memory ========================
11:48:34.0994 5956 System memory - ok
11:48:34.0995 5956 ================ Scan services =============================
11:48:35.0124 5956 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:48:35.0202 5956 1394ohci - ok
11:48:35.0237 5956 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:48:35.0257 5956 ACPI - ok
11:48:35.0280 5956 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:48:35.0338 5956 AcpiPmi - ok
11:48:35.0388 5956 [ 6D9FC1E7EA3C548F4D3455F0C3FEEF8C ] AdobeActiveFileMonitor7.0 c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
11:48:35.0402 5956 AdobeActiveFileMonitor7.0 - ok
11:48:35.0503 5956 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:48:35.0520 5956 AdobeFlashPlayerUpdateSvc - ok
11:48:35.0553 5956 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:48:35.0576 5956 adp94xx - ok
11:48:35.0595 5956 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:48:35.0612 5956 adpahci - ok
11:48:35.0633 5956 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:48:35.0647 5956 adpu320 - ok
11:48:35.0669 5956 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:48:35.0782 5956 AeLookupSvc - ok
11:48:35.0828 5956 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:48:35.0869 5956 AFD - ok
11:48:35.0901 5956 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:48:35.0914 5956 agp440 - ok
11:48:35.0932 5956 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:48:35.0984 5956 ALG - ok
11:48:36.0012 5956 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:48:36.0024 5956 aliide - ok
11:48:36.0045 5956 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:48:36.0057 5956 amdide - ok
11:48:36.0080 5956 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:48:36.0117 5956 AmdK8 - ok
11:48:36.0132 5956 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:48:36.0168 5956 AmdPPM - ok
11:48:36.0198 5956 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:48:36.0214 5956 amdsata - ok
11:48:36.0234 5956 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:48:36.0251 5956 amdsbs - ok
11:48:36.0262 5956 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:48:36.0274 5956 amdxata - ok
11:48:36.0295 5956 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:48:36.0415 5956 AppID - ok
11:48:36.0459 5956 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:48:36.0506 5956 AppIDSvc - ok
11:48:36.0531 5956 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
11:48:36.0581 5956 Appinfo - ok
11:48:36.0660 5956 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:48:36.0672 5956 Apple Mobile Device - ok
11:48:36.0721 5956 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:48:36.0735 5956 arc - ok
11:48:36.0742 5956 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:48:36.0755 5956 arcsas - ok
11:48:36.0779 5956 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:48:36.0825 5956 AsyncMac - ok
11:48:36.0854 5956 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:48:36.0866 5956 atapi - ok
11:48:36.0903 5956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:48:36.0968 5956 AudioEndpointBuilder - ok
11:48:36.0980 5956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:48:37.0019 5956 AudioSrv - ok
11:48:37.0038 5956 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:48:37.0100 5956 AxInstSV - ok
11:48:37.0132 5956 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:48:37.0163 5956 b06bdrv - ok
11:48:37.0188 5956 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:48:37.0207 5956 b57nd60a - ok
11:48:37.0243 5956 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:48:37.0296 5956 BDESVC - ok
11:48:37.0335 5956 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:48:37.0387 5956 Beep - ok
11:48:37.0439 5956 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:48:37.0491 5956 BFE - ok
11:48:37.0574 5956 [ 4D7F8401EAE7EAA4EF702FA6F4153269 ] BHDrvx64 C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
11:48:37.0594 5956 BHDrvx64 - ok
11:48:37.0626 5956 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:48:37.0692 5956 BITS - ok
11:48:37.0717 5956 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:48:37.0744 5956 blbdrive - ok
11:48:37.0761 5956 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:48:37.0789 5956 bowser - ok
11:48:37.0801 5956 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:48:37.0849 5956 BrFiltLo - ok
11:48:37.0868 5956 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:48:37.0896 5956 BrFiltUp - ok
11:48:37.0930 5956 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:48:37.0978 5956 BridgeMP - ok
11:48:38.0003 5956 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:48:38.0024 5956 Browser - ok
11:48:38.0044 5956 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:48:38.0092 5956 Brserid - ok
11:48:38.0105 5956 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:48:38.0133 5956 BrSerWdm - ok
11:48:38.0150 5956 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:48:38.0182 5956 BrUsbMdm - ok
11:48:38.0202 5956 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:48:38.0216 5956 BrUsbSer - ok
11:48:38.0233 5956 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:48:38.0256 5956 BTHMODEM - ok
11:48:38.0293 5956 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:48:38.0338 5956 bthserv - ok
11:48:38.0398 5956 catchme - ok
11:48:38.0435 5956 [ A2E6AB452B9393CA8D11D28827E0E1A1 ] ccHP C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
11:48:38.0451 5956 ccHP - ok
11:48:38.0481 5956 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:48:38.0515 5956 cdfs - ok
11:48:38.0552 5956 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:48:38.0580 5956 cdrom - ok
11:48:38.0617 5956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:48:38.0668 5956 CertPropSvc - ok
11:48:38.0686 5956 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:48:38.0709 5956 circlass - ok
11:48:38.0734 5956 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:48:38.0752 5956 CLFS - ok
11:48:38.0819 5956 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:48:38.0833 5956 clr_optimization_v2.0.50727_32 - ok
11:48:38.0861 5956 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:48:38.0873 5956 clr_optimization_v2.0.50727_64 - ok
11:48:38.0954 5956 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:48:38.0967 5956 clr_optimization_v4.0.30319_32 - ok
11:48:38.0988 5956 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:48:38.0999 5956 clr_optimization_v4.0.30319_64 - ok
11:48:39.0016 5956 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:48:39.0042 5956 CmBatt - ok
11:48:39.0057 5956 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:48:39.0069 5956 cmdide - ok
11:48:39.0103 5956 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:48:39.0127 5956 CNG - ok
11:48:39.0170 5956 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:48:39.0181 5956 Compbatt - ok
11:48:39.0203 5956 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:48:39.0237 5956 CompositeBus - ok
11:48:39.0251 5956 COMSysApp - ok
11:48:39.0266 5956 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:48:39.0278 5956 crcdisk - ok
11:48:39.0328 5956 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:48:39.0366 5956 CryptSvc - ok
11:48:39.0464 5956 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:48:39.0494 5956 cvhsvc - ok
11:48:39.0529 5956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:48:39.0588 5956 DcomLaunch - ok
11:48:39.0617 5956 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:48:39.0661 5956 defragsvc - ok
11:48:39.0687 5956 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:48:39.0732 5956 DfsC - ok
11:48:39.0767 5956 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:48:39.0816 5956 Dhcp - ok
11:48:39.0825 5956 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:48:39.0859 5956 discache - ok
11:48:39.0885 5956 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:48:39.0897 5956 Disk - ok
11:48:39.0916 5956 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:48:39.0936 5956 Dnscache - ok
11:48:39.0956 5956 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:48:40.0002 5956 dot3svc - ok
11:48:40.0030 5956 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:48:40.0079 5956 DPS - ok
11:48:40.0113 5956 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:48:40.0141 5956 drmkaud - ok
11:48:40.0178 5956 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:48:40.0202 5956 DXGKrnl - ok
11:48:40.0230 5956 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:48:40.0266 5956 EapHost - ok
11:48:40.0333 5956 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:48:40.0439 5956 ebdrv - ok
11:48:40.0498 5956 [ 8ECB5D35F400706016931BD25AE1B554 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:48:40.0515 5956 eeCtrl - ok
11:48:40.0542 5956 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:48:40.0585 5956 EFS - ok
11:48:40.0648 5956 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:48:40.0699 5956 ehRecvr - ok
11:48:40.0725 5956 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:48:40.0761 5956 ehSched - ok
11:48:40.0793 5956 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:48:40.0814 5956 elxstor - ok
11:48:40.0836 5956 [ 8ADB1FAB20D285088CEB1215F5D22080 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:48:40.0846 5956 EraserUtilRebootDrv - ok
11:48:40.0883 5956 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:48:40.0906 5956 ErrDev - ok
11:48:40.0948 5956 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:48:40.0995 5956 EventSystem - ok
11:48:41.0012 5956 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:48:41.0048 5956 exfat - ok
11:48:41.0059 5956 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:48:41.0094 5956 fastfat - ok
11:48:41.0121 5956 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:48:41.0168 5956 Fax - ok
11:48:41.0179 5956 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:48:41.0202 5956 fdc - ok
11:48:41.0219 5956 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:48:41.0269 5956 fdPHost - ok
11:48:41.0280 5956 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:48:41.0319 5956 FDResPub - ok
11:48:41.0336 5956 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:48:41.0348 5956 FileInfo - ok
11:48:41.0357 5956 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:48:41.0390 5956 Filetrace - ok
11:48:41.0436 5956 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:48:41.0474 5956 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:48:41.0474 5956 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:48:41.0492 5956 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:48:41.0522 5956 flpydisk - ok
11:48:41.0539 5956 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:48:41.0555 5956 FltMgr - ok
11:48:41.0602 5956 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
11:48:41.0668 5956 FontCache - ok
11:48:41.0719 5956 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:48:41.0731 5956 FontCache3.0.0.0 - ok
11:48:41.0795 5956 [ 7B27D2055419181BD52CDA483DFA3168 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
11:48:41.0819 5956 ForceWare Intelligent Application Manager (IAM) - ok
11:48:41.0829 5956 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:48:41.0843 5956 FsDepends - ok
11:48:41.0875 5956 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:48:41.0887 5956 Fs_Rec - ok
11:48:41.0918 5956 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:48:41.0936 5956 fvevol - ok
11:48:41.0957 5956 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:48:41.0970 5956 gagp30kx - ok
11:48:42.0005 5956 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:48:42.0013 5956 GEARAspiWDM - ok
11:48:42.0054 5956 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:48:42.0116 5956 gpsvc - ok
11:48:42.0181 5956 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
11:48:42.0210 5956 Greg_Service - ok
11:48:42.0226 5956 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:48:42.0316 5956 hcw85cir - ok
11:48:42.0458 5956 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:48:42.0489 5956 HdAudAddService - ok
11:48:42.0520 5956 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:48:42.0545 5956 HDAudBus - ok
11:48:42.0558 5956 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:48:42.0585 5956 HidBatt - ok
11:48:42.0603 5956 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:48:42.0625 5956 HidBth - ok
11:48:42.0631 5956 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:48:42.0662 5956 HidIr - ok
11:48:42.0688 5956 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:48:42.0723 5956 hidserv - ok
11:48:42.0753 5956 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
11:48:42.0766 5956 HidUsb - ok
11:48:42.0786 5956 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:48:42.0820 5956 hkmsvc - ok
11:48:42.0849 5956 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:48:42.0878 5956 HomeGroupListener - ok
11:48:42.0898 5956 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:48:42.0928 5956 HomeGroupProvider - ok
11:48:42.0964 5956 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:48:42.0978 5956 HpSAMD - ok
11:48:43.0002 5956 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:48:43.0076 5956 HTTP - ok
11:48:43.0118 5956 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:48:43.0129 5956 hwpolicy - ok
11:48:43.0178 5956 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:48:43.0194 5956 i8042prt - ok
11:48:43.0220 5956 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:48:43.0238 5956 iaStorV - ok
11:48:43.0285 5956 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:48:43.0313 5956 idsvc - ok
11:48:43.0418 5956 [ 9A793A1451B5E2CF54B4A33342CB58CF ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvia64.sys
11:48:43.0435 5956 IDSVia64 - ok
11:48:43.0449 5956 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:48:43.0462 5956 iirsp - ok
11:48:43.0485 5956 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:48:43.0535 5956 IKEEXT - ok
11:48:43.0613 5956 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:48:43.0647 5956 IntcAzAudAddService - ok
11:48:43.0683 5956 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:48:43.0695 5956 intelide - ok
11:48:43.0721 5956 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:48:43.0745 5956 intelppm - ok
11:48:43.0776 5956 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:48:43.0811 5956 IPBusEnum - ok
11:48:43.0846 5956 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:48:43.0889 5956 IpFilterDriver - ok
11:48:43.0930 5956 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:48:43.0956 5956 iphlpsvc - ok
11:48:43.0982 5956 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:48:43.0996 5956 IPMIDRV - ok
11:48:44.0008 5956 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:48:44.0048 5956 IPNAT - ok
11:48:44.0086 5956 [ 3151D878BB16307EF2CF4CDA2463D15E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:48:44.0110 5956 iPod Service - ok
11:48:44.0128 5956 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:48:44.0173 5956 IRENUM - ok
11:48:44.0186 5956 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:48:44.0197 5956 isapnp - ok
11:48:44.0238 5956 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:48:44.0254 5956 iScsiPrt - ok
11:48:44.0272 5956 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:48:44.0284 5956 kbdclass - ok
11:48:44.0300 5956 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:48:44.0323 5956 kbdhid - ok
11:48:44.0343 5956 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:48:44.0355 5956 KeyIso - ok
11:48:44.0384 5956 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:48:44.0397 5956 KSecDD - ok
11:48:44.0425 5956 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:48:44.0439 5956 KSecPkg - ok
11:48:44.0453 5956 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:48:44.0498 5956 ksthunk - ok
11:48:44.0532 5956 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:48:44.0571 5956 KtmRm - ok
11:48:44.0606 5956 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:48:44.0651 5956 LanmanServer - ok
11:48:44.0684 5956 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:48:44.0730 5956 LanmanWorkstation - ok
11:48:44.0759 5956 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:48:44.0800 5956 lltdio - ok
11:48:44.0824 5956 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:48:44.0862 5956 lltdsvc - ok
11:48:44.0878 5956 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:48:44.0918 5956 lmhosts - ok
11:48:44.0944 5956 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:48:44.0957 5956 LSI_FC - ok
11:48:44.0964 5956 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:48:44.0980 5956 LSI_SAS - ok
11:48:45.0001 5956 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:48:45.0014 5956 LSI_SAS2 - ok
11:48:45.0031 5956 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:48:45.0045 5956 LSI_SCSI - ok
11:48:45.0068 5956 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:48:45.0115 5956 luafv - ok
11:48:45.0143 5956 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:48:45.0158 5956 Mcx2Svc - ok
11:48:45.0164 5956 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:48:45.0178 5956 megasas - ok
11:48:45.0200 5956 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:48:45.0217 5956 MegaSR - ok
11:48:45.0259 5956 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:48:45.0302 5956 MMCSS - ok
11:48:45.0319 5956 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:48:45.0353 5956 Modem - ok
11:48:45.0377 5956 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:48:45.0402 5956 monitor - ok
11:48:45.0432 5956 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
11:48:45.0444 5956 mouclass - ok
11:48:45.0450 5956 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:48:45.0476 5956 mouhid - ok
11:48:45.0511 5956 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:48:45.0524 5956 mountmgr - ok
11:48:45.0544 5956 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:48:45.0558 5956 mpio - ok
11:48:45.0580 5956 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:48:45.0629 5956 mpsdrv - ok
11:48:45.0670 5956 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:48:45.0715 5956 MpsSvc - ok
11:48:45.0780 5956 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:48:45.0813 5956 MRxDAV - ok
11:48:45.0876 5956 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:48:45.0918 5956 mrxsmb - ok
11:48:45.0960 5956 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:48:45.0992 5956 mrxsmb10 - ok
11:48:46.0030 5956 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:48:46.0054 5956 mrxsmb20 - ok
11:48:46.0092 5956 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:48:46.0104 5956 msahci - ok
11:48:46.0158 5956 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:48:46.0175 5956 msdsm - ok
11:48:46.0205 5956 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:48:46.0230 5956 MSDTC - ok
11:48:46.0271 5956 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:48:46.0319 5956 Msfs - ok
11:48:46.0336 5956 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:48:46.0379 5956 mshidkmdf - ok
11:48:46.0413 5956 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:48:46.0425 5956 msisadrv - ok
11:48:46.0457 5956 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:48:46.0506 5956 MSiSCSI - ok
11:48:46.0511 5956 msiserver - ok
11:48:46.0528 5956 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:48:46.0576 5956 MSKSSRV - ok
11:48:46.0595 5956 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:48:46.0636 5956 MSPCLOCK - ok
11:48:46.0642 5956 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:48:46.0681 5956 MSPQM - ok
11:48:46.0714 5956 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:48:46.0732 5956 MsRPC - ok
11:48:46.0753 5956 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:48:46.0764 5956 mssmbios - ok
11:48:46.0778 5956 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:48:46.0820 5956 MSTEE - ok
11:48:46.0831 5956 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:48:46.0845 5956 MTConfig - ok
11:48:46.0861 5956 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:48:46.0873 5956 Mup - ok
11:48:46.0906 5956 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:48:46.0950 5956 napagent - ok
11:48:46.0978 5956 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:48:47.0009 5956 NativeWifiP - ok
11:48:47.0119 5956 [ DEB92E93A522F85C71BC647DDEE8A81D ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\ENG64.SYS
11:48:47.0132 5956 NAVENG - ok
11:48:47.0172 5956 [ B6BEF62E7C7CC46C5FF3BB4FB31ED156 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\EX64.SYS
11:48:47.0243 5956 NAVEX15 - ok
11:48:47.0280 5956 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:48:47.0308 5956 NDIS - ok
11:48:47.0325 5956 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:48:47.0367 5956 NdisCap - ok
11:48:47.0389 5956 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:48:47.0429 5956 NdisTapi - ok
11:48:47.0464 5956 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:48:47.0515 5956 Ndisuio - ok
11:48:47.0549 5956 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:48:47.0589 5956 NdisWan - ok
11:48:47.0610 5956 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:48:47.0653 5956 NDProxy - ok
11:48:47.0726 5956 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
11:48:47.0756 5956 Nero BackItUp Scheduler 4.0 - ok
11:48:47.0776 5956 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:48:47.0810 5956 NetBIOS - ok
11:48:47.0829 5956 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:48:47.0864 5956 NetBT - ok
11:48:47.0876 5956 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:48:47.0889 5956 Netlogon - ok
11:48:47.0928 5956 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:48:47.0977 5956 Netman - ok
11:48:48.0025 5956 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:48:48.0069 5956 netprofm - ok
11:48:48.0100 5956 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:48:48.0111 5956 NetTcpPortSharing - ok
11:48:48.0139 5956 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:48:48.0151 5956 nfrd960 - ok
11:48:48.0179 5956 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:48:48.0206 5956 NlaSvc - ok
11:48:48.0251 5956 [ 64C89DB40949FD0E7C8FF303676A91F1 ] Norton Internet Security C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
11:48:48.0262 5956 Norton Internet Security - ok
11:48:48.0278 5956 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:48:48.0326 5956 Npfs - ok
11:48:48.0345 5956 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:48:48.0393 5956 nsi - ok
11:48:48.0408 5956 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:48:48.0455 5956 nsiproxy - ok
11:48:48.0482 5956 [ 0609071DE3945076D0973C4F8BBFE37A ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
11:48:48.0496 5956 nSvcIp - ok
11:48:48.0552 5956 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:48:48.0597 5956 Ntfs - ok
11:48:48.0607 5956 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:48:48.0655 5956 Null - ok
11:48:48.0696 5956 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
11:48:48.0726 5956 NVENETFD - ok
11:48:48.0758 5956 [ CB599955CE2CE9694721562F9481CD84 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
11:48:48.0768 5956 NVHDA - ok
11:48:48.0967 5956 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:48:49.0128 5956 nvlddmkm - ok
11:48:49.0167 5956 [ 9C3024E48DB4C98E50AF7D8B72D0EF89 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
11:48:49.0181 5956 NVNET - ok
11:48:49.0212 5956 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:48:49.0226 5956 nvraid - ok
11:48:49.0257 5956 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:48:49.0271 5956 nvstor - ok
11:48:49.0287 5956 [ EBFE363AAB0D6E4086ADBF04C41EBDF8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
11:48:49.0300 5956 nvstor64 - ok
11:48:49.0329 5956 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
11:48:49.0356 5956 nvsvc - ok
11:48:49.0424 5956 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:48:49.0457 5956 nvUpdatusService - ok
11:48:49.0486 5956 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:48:49.0499 5956 nv_agp - ok
11:48:49.0571 5956 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:48:49.0591 5956 odserv - ok
11:48:49.0623 5956 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:48:49.0640 5956 ohci1394 - ok
11:48:49.0668 5956 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:48:49.0682 5956 ose - ok
11:48:49.0829 5956 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:48:49.0961 5956 osppsvc - ok
11:48:49.0997 5956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:48:50.0028 5956 p2pimsvc - ok
11:48:50.0060 5956 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:48:50.0090 5956 p2psvc - ok
11:48:50.0107 5956 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:48:50.0122 5956 Parport - ok
11:48:50.0141 5956 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:48:50.0153 5956 partmgr - ok
11:48:50.0166 5956 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:48:50.0196 5956 PcaSvc - ok
11:48:50.0211 5956 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:48:50.0226 5956 pci - ok
11:48:50.0255 5956 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:48:50.0266 5956 pciide - ok
11:48:50.0282 5956 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:48:50.0297 5956 pcmcia - ok
11:48:50.0312 5956 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:48:50.0324 5956 pcw - ok
11:48:50.0344 5956 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:48:50.0393 5956 PEAUTH - ok
11:48:50.0461 5956 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:48:50.0483 5956 PerfHost - ok
11:48:50.0537 5956 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:48:50.0594 5956 pla - ok
11:48:50.0643 5956 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:48:50.0686 5956 PlugPlay - ok
11:48:50.0700 5956 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:48:50.0725 5956 PNRPAutoReg - ok
11:48:50.0741 5956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:48:50.0757 5956 PNRPsvc - ok
11:48:50.0795 5956 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:48:50.0834 5956 PolicyAgent - ok
11:48:50.0857 5956 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:48:50.0894 5956 Power - ok
11:48:50.0928 5956 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:48:50.0966 5956 PptpMiniport - ok
11:48:51.0006 5956 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:48:51.0035 5956 Processor - ok
11:48:51.0064 5956 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:48:51.0098 5956 ProfSvc - ok
11:48:51.0110 5956 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:48:51.0123 5956 ProtectedStorage - ok
11:48:51.0165 5956 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:48:51.0204 5956 Psched - ok
11:48:51.0246 5956 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:48:51.0257 5956 PxHlpa64 - ok
11:48:51.0290 5956 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:48:51.0337 5956 ql2300 - ok
11:48:51.0352 5956 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:48:51.0366 5956 ql40xx - ok
11:48:51.0390 5956 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:48:51.0411 5956 QWAVE - ok
11:48:51.0424 5956 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:48:51.0446 5956 QWAVEdrv - ok
11:48:51.0465 5956 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:48:51.0504 5956 RasAcd - ok
11:48:51.0532 5956 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:48:51.0571 5956 RasAgileVpn - ok
11:48:51.0590 5956 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:48:51.0638 5956 RasAuto - ok
11:48:51.0658 5956 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:48:51.0706 5956 Rasl2tp - ok
11:48:51.0743 5956 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:48:51.0792 5956 RasMan - ok
11:48:51.0811 5956 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:48:51.0845 5956 RasPppoe - ok
11:48:51.0868 5956 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:48:51.0902 5956 RasSstp - ok
11:48:51.0921 5956 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:48:51.0957 5956 rdbss - ok
11:48:51.0969 5956 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:48:51.0987 5956 rdpbus - ok
11:48:52.0003 5956 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:48:52.0047 5956 RDPCDD - ok
11:48:52.0072 5956 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:48:52.0116 5956 RDPENCDD - ok
11:48:52.0130 5956 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:48:52.0169 5956 RDPREFMP - ok
11:48:52.0197 5956 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:48:52.0220 5956 RDPWD - ok
11:48:52.0242 5956 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:48:52.0256 5956 rdyboost - ok
11:48:52.0284 5956 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:48:52.0325 5956 RemoteAccess - ok
11:48:52.0358 5956 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:48:52.0439 5956 RemoteRegistry - ok
11:48:52.0498 5956 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:48:52.0539 5956 RpcEptMapper - ok
11:48:52.0567 5956 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:48:52.0581 5956 RpcLocator - ok
11:48:52.0619 5956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:48:52.0657 5956 RpcSs - ok
11:48:52.0676 5956 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:48:52.0710 5956 rspndr - ok
11:48:52.0854 5956 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:48:52.0869 5956 SamSs - ok
11:48:52.0894 5956 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:48:52.0907 5956 sbp2port - ok
11:48:52.0928 5956 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:48:52.0965 5956 SCardSvr - ok
11:48:52.0984 5956 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:48:53.0037 5956 scfilter - ok
11:48:53.0095 5956 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:48:53.0179 5956 Schedule - ok
11:48:53.0196 5956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:48:53.0227 5956 SCPolicySvc - ok
11:48:53.0255 5956 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:48:53.0288 5956 SDRSVC - ok
11:48:53.0354 5956 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:48:53.0369 5956 SeaPort - ok
11:48:53.0399 5956 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:48:53.0441 5956 secdrv - ok
11:48:53.0447 5956 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:48:53.0493 5956 seclogon - ok
11:48:53.0509 5956 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:48:53.0552 5956 SENS - ok
11:48:53.0576 5956 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:48:53.0602 5956 SensrSvc - ok
11:48:53.0632 5956 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:48:53.0644 5956 Serenum - ok
11:48:53.0664 5956 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:48:53.0677 5956 Serial - ok
11:48:53.0689 5956 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:48:53.0703 5956 sermouse - ok
11:48:53.0742 5956 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:48:53.0777 5956 SessionEnv - ok
11:48:53.0811 5956 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:48:53.0843 5956 sffdisk - ok
11:48:53.0855 5956 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:48:53.0881 5956 sffp_mmc - ok
11:48:53.0898 5956 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:48:53.0928 5956 sffp_sd - ok
11:48:53.0942 5956 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:48:53.0962 5956 sfloppy - ok
11:48:54.0004 5956 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
11:48:54.0024 5956 Sftfs - ok
11:48:54.0091 5956 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:48:54.0112 5956 sftlist - ok
11:48:54.0147 5956 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:48:54.0159 5956 Sftplay - ok
11:48:54.0185 5956 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:48:54.0194 5956 Sftredir - ok
11:48:54.0208 5956 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
11:48:54.0217 5956 Sftvol - ok
11:48:54.0258 5956 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:48:54.0273 5956 sftvsa - ok
11:48:54.0303 5956 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:48:54.0341 5956 SharedAccess - ok
11:48:54.0368 5956 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:48:54.0419 5956 ShellHWDetection - ok
11:48:54.0445 5956 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:48:54.0457 5956 SiSRaid2 - ok
11:48:54.0467 5956 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:48:54.0480 5956 SiSRaid4 - ok
11:48:54.0497 5956 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:48:54.0538 5956 Smb - ok
11:48:54.0574 5956 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:48:54.0590 5956 SNMPTRAP - ok
11:48:54.0595 5956 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:48:54.0608 5956 spldr - ok
11:48:54.0646 5956 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:48:54.0675 5956 Spooler - ok
11:48:54.0767 5956 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:48:54.0887 5956 sppsvc - ok
11:48:54.0905 5956 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:48:54.0948 5956 sppuinotify - ok
11:48:55.0024 5956 [ 9E399476E5D5E0D3C8822C857A7E9A9A ] SRTSP C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS
11:48:55.0044 5956 SRTSP - ok
11:48:55.0063 5956 [ 3D7717B582F0365E75071556936E5A6B ] SRTSPX C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
11:48:55.0072 5956 SRTSPX - ok
11:48:55.0106 5956 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:48:55.0149 5956 srv - ok
11:48:55.0171 5956 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:48:55.0189 5956 srv2 - ok
11:48:55.0207 5956 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:48:55.0222 5956 srvnet - ok
11:48:55.0252 5956 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:48:55.0294 5956 SSDPSRV - ok
11:48:55.0306 5956 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:48:55.0342 5956 SstpSvc - ok
11:48:55.0396 5956 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:48:55.0413 5956 Stereo Service - ok
11:48:55.0430 5956 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:48:55.0442 5956 stexstor - ok
11:48:55.0477 5956 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:48:55.0514 5956 stisvc - ok
11:48:55.0540 5956 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:48:55.0552 5956 swenum - ok
11:48:55.0569 5956 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:48:55.0623 5956 swprv - ok
11:48:55.0654 5956 [ 4F87BB5389A93778EBC363B28271A65B ] SymEFA C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS
11:48:55.0670 5956 SymEFA - ok
11:48:55.0695 5956 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:48:55.0706 5956 SymEvent - ok
11:48:55.0727 5956 SYMFW - ok
11:48:55.0744 5956 [ 212BBF5A964513980D5DE9397381534F ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
11:48:55.0754 5956 SymIM - ok
11:48:55.0759 5956 SYMNDISV - ok
11:48:55.0782 5956 [ 33B37CB0A74F1F4B78A665ECE9184095 ] SYMTDI C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
11:48:55.0795 5956 SYMTDI - ok
11:48:55.0850 5956 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:48:55.0905 5956 SysMain - ok
11:48:55.0943 5956 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:48:55.0974 5956 TabletInputService - ok
11:48:56.0015 5956 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:48:56.0078 5956 TapiSrv - ok
11:48:56.0100 5956 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:48:56.0147 5956 TBS - ok
11:48:56.0227 5956 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:48:56.0296 5956 Tcpip - ok
11:48:56.0353 5956 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:48:56.0392 5956 TCPIP6 - ok
11:48:56.0419 5956 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:48:56.0433 5956 tcpipreg - ok
11:48:56.0455 5956 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:48:56.0493 5956 TDPIPE - ok
11:48:56.0503 5956 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:48:56.0517 5956 TDTCP - ok
11:48:56.0534 5956 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:48:56.0577 5956 tdx - ok
11:48:56.0602 5956 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:48:56.0614 5956 TermDD - ok
11:48:56.0666 5956 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:48:56.0711 5956 TermService - ok
11:48:56.0748 5956 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:48:56.0779 5956 Themes - ok
11:48:56.0815 5956 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:48:56.0854 5956 THREADORDER - ok
11:48:56.0865 5956 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:48:56.0901 5956 TrkWks - ok
11:48:56.0942 5956 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:48:56.0985 5956 TrustedInstaller - ok
11:48:57.0023 5956 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:48:57.0051 5956 tssecsrv - ok
11:48:57.0084 5956 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:48:57.0125 5956 TsUsbFlt - ok
11:48:57.0153 5956 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:48:57.0193 5956 tunnel - ok
11:48:57.0208 5956 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:48:57.0221 5956 uagp35 - ok
11:48:57.0258 5956 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:48:57.0304 5956 udfs - ok
11:48:57.0325 5956 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:48:57.0354 5956 UI0Detect - ok
11:48:57.0365 5956 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:48:57.0378 5956 uliagpkx - ok
11:48:57.0412 5956 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:48:57.0426 5956 umbus - ok
11:48:57.0444 5956 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:48:57.0457 5956 UmPass - ok
11:48:57.0532 5956 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
11:48:57.0546 5956 Updater Service - ok
11:48:57.0565 5956 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:48:57.0613 5956 upnphost - ok
11:48:57.0633 5956 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:48:57.0661 5956 usbccgp - ok
11:48:57.0701 5956 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:48:57.0726 5956 usbcir - ok
11:48:57.0732 5956 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:48:57.0752 5956 usbehci - ok
11:48:57.0769 5956 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:48:57.0796 5956 usbhub - ok
11:48:57.0814 5956 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:48:57.0831 5956 usbohci - ok
11:48:57.0852 5956 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:48:57.0883 5956 usbprint - ok
11:48:57.0911 5956 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:48:57.0937 5956 usbscan - ok
11:48:57.0959 5956 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
11:48:57.0983 5956 USBSTOR - ok
11:48:58.0000 5956 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:48:58.0018 5956 usbuhci - ok
11:48:58.0060 5956 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:48:58.0108 5956 UxSms - ok
11:48:58.0121 5956 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:48:58.0134 5956 VaultSvc - ok
11:48:58.0161 5956 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:48:58.0173 5956 vdrvroot - ok
11:48:58.0215 5956 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:48:58.0256 5956 vds - ok
11:48:58.0292 5956 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:48:58.0308 5956 vga - ok
11:48:58.0324 5956 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:48:58.0373 5956 VgaSave - ok
11:48:58.0399 5956 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:48:58.0416 5956 vhdmp - ok
11:48:58.0445 5956 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:48:58.0457 5956 viaide - ok
11:48:58.0476 5956 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:48:58.0489 5956 volmgr - ok
11:48:58.0516 5956 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:48:58.0533 5956 volmgrx - ok
11:48:58.0549 5956 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:48:58.0565 5956 volsnap - ok
11:48:58.0597 5956 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:48:58.0614 5956 vsmraid - ok
11:48:58.0657 5956 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:48:58.0729 5956 VSS - ok
11:48:58.0742 5956 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:48:58.0773 5956 vwifibus - ok
11:48:58.0802 5956 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:48:58.0856 5956 W32Time - ok
11:48:58.0876 5956 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:48:58.0902 5956 WacomPen - ok
11:48:58.0947 5956 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:48:58.0988 5956 WANARP - ok
11:48:59.0001 5956 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:48:59.0034 5956 Wanarpv6 - ok
11:48:59.0085 5956 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:48:59.0119 5956 WatAdminSvc - ok
11:48:59.0168 5956 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:48:59.0231 5956 wbengine - ok
11:48:59.0249 5956 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:48:59.0277 5956 WbioSrvc - ok
11:48:59.0314 5956 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:48:59.0349 5956 wcncsvc - ok
11:48:59.0364 5956 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:48:59.0384 5956 WcsPlugInService - ok
11:48:59.0396 5956 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:48:59.0408 5956 Wd - ok
11:48:59.0442 5956 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:48:59.0468 5956 Wdf01000 - ok
11:48:59.0483 5956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:48:59.0546 5956 WdiServiceHost - ok
11:48:59.0550 5956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:48:59.0569 5956 WdiSystemHost - ok
11:48:59.0585 5956 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:48:59.0616 5956 WebClient - ok
11:48:59.0637 5956 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:48:59.0681 5956 Wecsvc - ok
11:48:59.0692 5956 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:48:59.0757 5956 wercplsupport - ok
11:48:59.0787 5956 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:48:59.0834 5956 WerSvc - ok
11:48:59.0870 5956 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:48:59.0904 5956 WfpLwf - ok
11:48:59.0909 5956 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:48:59.0921 5956 WIMMount - ok
11:48:59.0982 5956 WinDefend - ok
11:49:00.0002 5956 WinHttpAutoProxySvc - ok
11:49:00.0049 5956 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:49:00.0107 5956 Winmgmt - ok
11:49:00.0191 5956 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:49:00.0283 5956 WinRM - ok
11:49:00.0340 5956 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:49:00.0356 5956 WinUsb - ok
11:49:00.0388 5956 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:49:00.0433 5956 Wlansvc - ok
11:49:00.0549 5956 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:49:00.0633 5956 wlidsvc - ok
11:49:00.0663 5956 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:49:00.0677 5956 WmiAcpi - ok
11:49:00.0710 5956 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:49:00.0727 5956 wmiApSrv - ok
11:49:00.0772 5956 WMPNetworkSvc - ok
11:49:00.0789 5956 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:49:00.0816 5956 WPCSvc - ok
11:49:00.0848 5956 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:49:00.0868 5956 WPDBusEnum - ok
11:49:00.0894 5956 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:49:00.0943 5956 ws2ifsl - ok
11:49:01.0017 5956 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:49:01.0045 5956 wscsvc - ok
11:49:01.0050 5956 WSearch - ok
11:49:01.0122 5956 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:49:01.0210 5956 wuauserv - ok
11:49:01.0235 5956 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:49:01.0258 5956 WudfPf - ok
11:49:01.0289 5956 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:49:01.0321 5956 WUDFRd - ok
11:49:01.0353 5956 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:49:01.0375 5956 wudfsvc - ok
11:49:01.0411 5956 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
11:49:01.0433 5956 WwanSvc - ok
11:49:01.0439 5956 ================ Scan global ===============================
11:49:01.0479 5956 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:49:01.0499 5956 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:49:01.0508 5956 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:49:01.0534 5956 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:49:01.0553 5956 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:49:01.0557 5956 [Global] - ok
11:49:01.0558 5956 ================ Scan MBR ==================================
11:49:01.0573 5956 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:49:01.0854 5956 \Device\Harddisk0\DR0 - ok
11:49:01.0854 5956 ================ Scan VBR ==================================
11:49:01.0857 5956 [ 2868610D790EF13669EFEA6E5FE8ABF8 ] \Device\Harddisk0\DR0\Partition1
11:49:01.0859 5956 \Device\Harddisk0\DR0\Partition1 - ok
11:49:01.0889 5956 [ CC0714004695CF65BB835BF6F5626953 ] \Device\Harddisk0\DR0\Partition2
11:49:01.0890 5956 \Device\Harddisk0\DR0\Partition2 - ok
11:49:01.0906 5956 [ 2F93B76BCC761CABB488E60FCD8410F4 ] \Device\Harddisk0\DR0\Partition3
11:49:01.0907 5956 \Device\Harddisk0\DR0\Partition3 - ok
11:49:01.0908 5956 ============================================================
11:49:01.0908 5956 Scan finished
11:49:01.0908 5956 ============================================================
11:49:01.0919 2164 Detected object count: 1
11:49:01.0919 2164 Actual detected object count: 1
11:49:19.0946 2164 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:19.0946 2164 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:31.0292 3428 Deinitialize success
|
|
26.08.2013, 08:11
| #8 |
| /// the machine /// TB-Ausbilder  | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? Hi, sorry für die Verspätung, ich übernehme ab hier: Poste bitte ein frisches FRST log und teile mir mit, welche Probleme noch bestehen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.08.2013, 21:53
| #9 |
| | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? hallo schrauber, Der PC läuft jetzt wieder einwandfrei, habe nur gedacht, es sei noch nicht ganz fertig, weil ich keine Rückmeldung mehr bekam, nachdem ich die 3 letzten logs gepostet habe (und ich habe beim letzten Programm nur auf "skip" geklickt und nicht auf "cure"...bin ich wirklich schon fertig? also ich soll nochmal mit farbars scannen? FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01 (ATTENTION: ====> FRST version is 16 days old and could be outdated)
Ran by Joël (administrator) on 29-08-2013 13:47:24
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Users\Joël\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Conduit Ltd.) C:\Users\Joël\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\BackStage.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Joël\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [932528 2012-05-14] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [202256 2010-05-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162336 2009-07-21] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162336 2009-07-21] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=IESB17
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: (No Name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No File
URLSearchHook: (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16050&src=kw&q={searchTerms}&locale=de_EU&apn_ptnrs=OF&apn_dtid=VIN007YYCH&apn_uid=17723E26-CB6A-4D27-8C20-C83F10E8BE5F&apn_sauid=D567C5F8-9965-460F-B964-DA5BC3C3127C
SearchScopes: HKCU - {B26807E9-D81A-4651-B71B-EAC937348331} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&CUI=UN31697728546838113&SSPV=IESB17
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Joël\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
BHO-x32: Snapform Viewer PlugIn for IE - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Program Files (x86)\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
BHO-x32: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Joël\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (YouTube) - C:\Users\JOL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\JOL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\JOL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\JOL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0
CHR Extension: (Gmail) - C:\Users\JOL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
==================== Services (Whitelisted) =================
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-05-29] ()
R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-21] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-05-29] ()
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2009-08-22] (Symantec Corporation)
R1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2011-10-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-01-24] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-01-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-01-24] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\ENG64.SYS [116272 2010-02-04] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\ENG64.SYS [116272 2010-02-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\EX64.SYS [1742896 2010-02-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\EX64.SYS [1742896 2010-02-04] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-08-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-08-22] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-08-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2010-01-10] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-08-22] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-21 11:46 - 2013-08-21 11:46 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Joël\Desktop\tdsskiller.exe
2013-08-21 11:38 - 2013-08-21 11:38 - 00020622 _____ C:\ComboFix.txt
2013-08-21 11:21 - 2013-08-21 11:38 - 00000000 ____D C:\Qoobox
2013-08-21 11:21 - 2013-08-21 11:37 - 00000000 ____D C:\Windows\erdnt
2013-08-21 11:21 - 2013-08-21 11:21 - 05109506 ____R (Swearware) C:\Users\Joël\Desktop\ComboFix.exe
2013-08-21 11:21 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-21 11:21 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-21 11:21 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-21 11:21 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-21 11:21 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-21 11:21 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-21 11:21 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-21 11:21 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-17 14:45 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-17 14:45 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-17 14:45 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-17 14:45 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-17 14:45 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-17 14:45 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-17 14:45 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-17 14:45 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-17 14:45 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-17 14:45 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-17 14:45 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-17 14:45 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-17 14:45 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-17 14:45 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-17 14:45 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-17 14:45 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-17 14:45 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-17 14:45 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-17 14:45 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-17 14:45 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-17 14:45 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-17 14:45 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-17 14:45 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-17 14:45 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-17 14:45 - 2013-07-25 19:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-17 14:45 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-17 14:44 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-17 14:44 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-17 14:44 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-17 14:44 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-17 14:44 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 12:14 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 12:14 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 12:14 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 12:14 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 12:14 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 12:14 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 12:14 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 12:14 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 12:14 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 12:14 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 12:13 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 12:13 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 12:13 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 12:13 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 12:09 - 2013-07-08 23:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 12:09 - 2013-07-08 22:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 12:09 - 2013-07-08 22:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 12:09 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 12:09 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 12:09 - 2013-07-08 21:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 12:09 - 2013-07-08 21:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 12:09 - 2013-07-08 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 12:09 - 2013-07-08 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 12:09 - 2013-07-08 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 12:09 - 2013-07-08 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 12:09 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 12:09 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 00:35 - 2013-08-14 00:35 - 00000000 ____D C:\FRST
2013-08-11 14:08 - 2013-08-11 14:08 - 00104573 _____ C:\Users\JOL~1\AppData\Local\2433f433
2013-08-11 14:08 - 2013-08-11 14:08 - 00104573 _____ C:\Users\Joël\AppData\Roaming\2433f433
2013-08-05 21:53 - 2013-08-17 14:43 - 00000000 ____D C:\Windows\system32\MRT
==================== One Month Modified Files and Folders =======
2013-08-29 13:46 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 13:46 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 13:38 - 2009-10-16 23:10 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-29 13:38 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 13:38 - 2009-07-13 21:51 - 00116983 _____ C:\Windows\setupact.log
2013-08-28 15:10 - 2009-10-16 23:01 - 01766195 _____ C:\Windows\WindowsUpdate.log
2013-08-28 14:28 - 2012-04-22 12:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-21 16:28 - 2012-04-22 12:09 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 16:28 - 2012-04-22 12:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 16:28 - 2012-04-22 12:09 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 11:46 - 2013-08-21 11:46 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Joël\Desktop\tdsskiller.exe
2013-08-21 11:38 - 2013-08-21 11:38 - 00020622 _____ C:\ComboFix.txt
2013-08-21 11:38 - 2013-08-21 11:21 - 00000000 ____D C:\Qoobox
2013-08-21 11:37 - 2013-08-21 11:21 - 00000000 ____D C:\Windows\erdnt
2013-08-21 11:34 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2013-08-21 11:33 - 2009-08-14 17:18 - 00055282 _____ C:\Windows\PFRO.log
2013-08-21 11:21 - 2013-08-21 11:21 - 05109506 ____R (Swearware) C:\Users\Joël\Desktop\ComboFix.exe
2013-08-17 14:44 - 2009-08-14 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-17 14:43 - 2013-08-05 21:53 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 14:42 - 2010-01-26 22:48 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 12:11 - 2009-10-13 18:21 - 00648910 _____ C:\Windows\system32\perfh007.dat
2013-08-15 12:11 - 2009-10-13 18:21 - 00128910 _____ C:\Windows\system32\perfc007.dat
2013-08-15 12:11 - 2009-07-13 22:13 - 01487596 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 00:35 - 2013-08-14 00:35 - 00000000 ____D C:\FRST
2013-08-11 14:23 - 2009-07-13 22:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-11 14:08 - 2013-08-11 14:08 - 00104573 _____ C:\Users\JOL~1\AppData\Local\2433f433
2013-08-11 14:08 - 2013-08-11 14:08 - 00104573 _____ C:\Users\Joël\AppData\Roaming\2433f433
2013-08-07 04:22 - 2010-03-12 22:44 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-04 15:01 - 2012-10-15 11:03 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-04 12:26 - 2009-07-13 21:45 - 00351168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-04 12:25 - 2013-03-17 16:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-04 12:25 - 2013-03-17 16:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-04 12:25 - 2009-07-14 00:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-04 12:25 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-04 12:25 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-03 12:18
==================== End Of Log ============================
gruss Joel |
|
30.08.2013, 13:44
| #10 |
| /// the machine /// TB-Ausbilder | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? Nee da ist noch bissl Arbeit. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.09.2013, 21:44
| #11 |
| | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? hallo schrauber, Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.01.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Joël :: J87 [Administrator] Schutz: Aktiviert 01.09.2013 12:21:33 mbam-log-2013-09-01 (12-21-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244693 Laufzeit: 3 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bösartig: (hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=IESB17) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 2 C:\Users\Joël\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Joël\AppData\Roaming\OpenCandy\9CA2F5F819A54E7497FF2223CC7640E0 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 5 C:\Users\Joël\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.7.windows.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Joël\Desktop\Everest_Poker.exe (PUP.EverestPoker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Joël\AppData\Roaming\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Joël\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Joël\AppData\Roaming\OpenCandy\9CA2F5F819A54E7497FF2223CC7640E0\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.002 - Bericht erstellt am 01/09/2013 um 13:22:05
# Updated 01/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Joël - J87
# Gestartet von : C:\Users\Joël\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\softonic-de3
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Joël\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Joël\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\JOL~1\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Joël\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Joël\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Joël\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Joël\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Joël\AppData\LocalLow\softonic-de3
Ordner Gelöscht : C:\Users\Joël\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_frostwire_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_frostwire_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32B9ECE9-A9B1-4EA3-948C-BFA8C0C364C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63BEF061-5EFC-4753-9806-ED0573BC7C4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E44BB13-2523-468B-BF51-58D5F52A84F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78DFE1C4-B339-420B-8539-389E46B16A64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1356837-81F8-4BE1-A04C-ADBC39A79C6E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\softonic-de3
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\softonic-de3
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Google Chrome v
[ Datei : C:\Users\Joël\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [18047 octets] - [01/09/2013 12:49:17]
AdwCleaner[R1].txt - [18108 octets] - [01/09/2013 12:52:15]
AdwCleaner[S0].txt - [12195 octets] - [01/09/2013 13:22:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12256 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jo‰l on 01.09.2013 at 13:28:16.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0194828E-DBE8-4ED4-9136-6F4F503B267A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{01A15CA7-631D-42A1-A0EC-5DF917585DAB}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{02ACF262-91B8-492C-8D77-972B35C47C28}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{02B7B21E-8129-4DAA-95F5-3191E4151AD0}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{034DA1DF-8E1E-4A6C-AD79-F531EA9717D0}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{04C1517F-A9AA-4919-9592-CE88C9ABE91D}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{04F4F5D2-CF59-40E9-AD00-AD2441AF248E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{05B39DF8-CC32-4EFB-9092-662B924E7CC7}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0865B622-B4EF-4738-9B12-9DB824C9B2C1}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{08F4C40B-1550-4891-9F09-51D6CBB460E5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0A518F1F-2659-4E3F-9AF7-A5B4A180857C}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0AD791EF-99B8-43C6-8BA4-F8BC994A0B5D}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0B0BDB7F-F1D4-45FB-B14A-255C40C23B35}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0B255582-6773-45D9-A8B9-C35AB9FA7FCF}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0C619EF0-3EC9-45A4-97E2-05891BA13507}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0D15C50E-ED56-4B60-B23B-6879343C6DE4}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0DB27962-7490-400A-BDC6-084E3CD8B744}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0DC4910D-7948-478C-86B8-C94D1DBC9F5A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0DDD2AC4-B7E3-4ADA-A66F-751904FC9C8E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{0EF6DA1A-7327-453A-83BC-1D552D032189}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{10164610-7E35-4632-973D-F9A5093234BE}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{10BF3BDF-ECE5-4A4C-9945-9E57FC5727CD}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{12B41EA7-7ED0-41B8-93EA-F45710DF5EDE}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{14217A56-09D6-4D76-90DB-D8D24C8CBDA5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{15BCD5B3-F5B1-44D7-9581-0DCA183BB799}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{15CE24E9-C255-4B76-B812-F964D6937531}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{1849401C-7979-4F5C-BF1B-DF482941664B}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{18D9809E-36CE-4294-B90D-DEA2A6A033D3}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{1931922E-4A39-43D6-B548-2782BC6CC883}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{1B12D672-C51F-4F9B-A495-6261A6229CC3}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{1B7069C7-C6D7-4E11-AE69-13044B75C1D5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{1C1D6D47-5D45-4AB4-AB6B-2A8BFA883126}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{1CFEE48C-5838-42CB-9AE8-DE97E0879917}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{1E4DA6F7-76BB-4EDD-BFBD-6A9A64547988}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{1E888FED-17CC-47B5-A73A-4204BC88878E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{1E9F467D-36A4-497E-B1D2-75836968B184}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{1EDA8185-6CAA-4F37-B6E1-190FD7084B6A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{206CE5A0-F0D1-4999-9944-D36D7BD763E3}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{214237C1-B413-459A-9F6F-4F72C3789A7C}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{2142863E-9EEA-4FC7-A595-F6CF92C08E57}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{23A89E9C-BA15-4000-A5D8-DBEA0FC171E6}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{23F0E170-1644-4CF5-9579-FFD2219D8556}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{24FC7069-CAD6-46E6-B61D-9BEC2910F37B}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{25DF3D95-26BC-44CE-B7DB-2A02CA2DB3BA}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{263795AB-679D-4052-9F75-BDCDF9B73AF3}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{27122132-7A95-409E-8DFC-CB0FF334A6C6}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{276014BE-36EB-400E-8E71-872AC6F21315}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{2825BD0A-87BD-456E-BC7E-7DE933F694CE}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{28A7F719-A164-44A9-95CA-8ED0BAAA01F4}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{29D76923-CBB2-4B1D-857A-CC0C34111E67}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{29FBFAEF-098C-4680-8EE2-7E22A55EED6A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{2B72356A-73AE-4A39-A2B2-F8E571FB060A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{2BCE0ED8-5D31-4024-A94C-8214EF0286C5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{2D4B2F4F-8DA0-4179-8467-73E2DD74F79C}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{30851E09-AEF0-40C4-9B41-F0184C21BD3E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{308E9BB6-CD2C-4598-A6E8-529192CB33EF}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{30933534-9FB3-4BBA-85B3-11149390FED3}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{3270E90E-A6DF-4FD7-9B4A-88D7756BF280}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{34878A9B-5AC3-4DB7-9BF3-8BDE12550EAC}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{34B596E9-DEE4-4D24-A1BC-E469F1C0B2C5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{35A59AB1-B314-4E31-8E59-EA203E40CD0D}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{371FEE0A-03A9-48AD-B698-4B8042A14C54}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{37EC5ADB-BA3D-4EF9-A7D7-F9626BAB6DD5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{3ADC7172-BB0C-4D20-A275-9C614E913B7E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{3E3B005C-8188-4141-B989-4E2741CEF8CE}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{3E8D3854-8D19-45DC-A8C0-99A8C7EBC578}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{3EE85EC9-C2E9-48D1-BFEC-029FCDA3853A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{40D8AB19-F00D-4366-A4D4-A50B4D93EDF3}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{42FCF81A-9440-4CE8-8199-8DF12AB53917}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{43C9A322-9D3D-4DB3-A3E2-B061FA67C43C}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{447071F7-8C25-4EFD-8A66-6DAE4B61D745}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4506E36E-510B-4319-97B2-4C3B665B5752}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4511203F-E583-4A82-91D0-C68355976638}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{47F24838-ED42-45C3-A689-C7CDEEA8EBD3}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4821B1A9-F385-4677-A8CF-0A056F851F6C}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{489E7F91-4B1E-4320-A97D-724C4B3C73EE}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{49228AAB-3EE2-4173-8C6F-1A07CFAFEB9D}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{493F00A7-1512-4B6F-8C37-99BF65943B04}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{49D243BA-1CF8-4394-8FE1-095D7C8B4B4C}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4A37427F-73ED-4414-82B4-016364E38A29}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4A99749B-7492-428A-8A41-9029C124AB64}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4AB10A23-6D55-4B36-B89C-0D3C4DAA339E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4B2417C9-C9EA-41FC-B233-781838BEFAA3}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4B831619-94D3-47FF-A539-C21991535C13}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4D711BDA-7D10-4C05-9C6F-F3899C5AF5BF}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4DF4C9A5-FF31-4BCC-8114-96F2A1BB4627}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4EEA4125-0951-4D3D-AF97-12BF42B6BD42}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{4F946E8E-E1A7-4693-9EFB-9B5A549906E0}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{5212A288-1DB5-416C-9F71-EC1DC458C548}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{52975027-8A91-4240-B655-5607DA21CF68}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{534A03CE-9E87-4E5F-BCAE-C6C9393CEDC4}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{5367B35B-6E15-41EC-90CE-B94FFC468BE7}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{5387BC4B-14DE-43E1-AB4C-B8F64BE5AA59}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{54718E77-9EDF-46A0-9DBE-95235DD1060D}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{557DC17C-BABF-48A6-83D3-388319F3A9A4}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{56040885-0447-4921-A46B-0BA1D0CC030D}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{577FD359-104F-46A1-90ED-E1A3E53D5136}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{57ADAD78-78AE-4409-9FD9-D057C245D0C1}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{581167EB-E39D-48BA-B673-2246814D79E7}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{588659E9-9FD3-4FA3-AA2B-92C2F86FD2E0}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{598C2FCB-C4DE-4482-9995-F702E7F17821}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{5D7A3347-4242-4545-A923-B09BB124508E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{5D8F6C08-C77C-4FE7-97F4-D01A6BC867F9}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{5E679D4D-FBAE-4839-A2AA-5CE31F886A85}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{5EC38427-7827-4BF2-83C1-AFA7504DBF63}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{6026279F-3055-4D44-8ADC-990CCCD0BF4A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{61A1ED99-BB2A-44D2-A538-DFA410DB4981}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{636EFAE8-DC32-4A56-84B2-A0C69A7C0623}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{660E2FBD-EC8D-4296-918F-416CF1817021}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{66BB1846-20DA-4A08-B75D-9183B82A22E4}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{66EA7C73-1639-4023-9298-78596BA51878}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{6729F761-E2D9-45A5-8897-B0C6230EBB59}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{68ED5BCC-39CE-430B-970F-AB7669C1E0DB}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{696CDEFB-4045-4697-B6FC-894AB606EDE7}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{6AD12AE2-C8EC-479F-B717-726C259A0556}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{6BF6239C-3DFF-4A5C-94E0-F1B07DDE1639}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{6CD233F2-0182-4EA1-8711-6626CD0D4AC7}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{6D16B278-56E8-4598-8841-F1A27B349107}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{6D37FB48-DE99-4390-AF0C-011B27844611}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{6DAE9926-416F-4F10-A002-A2EB32D3F424}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{6ECD8378-D2F4-4D62-B3F0-B913F1A84009}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{6F32AC03-B93F-44EA-8311-FC3E0DA678A9}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{6FE7AC7C-2800-49A6-AB7F-F53CFCA27E2B}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{70223B6B-42E6-41BE-A765-C80BA0D46004}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{70B9446C-000F-42C2-B75F-7551E509E4D4}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{70F7AA1B-5618-4F4C-AC41-323A218CCC84}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{71844B35-867D-4053-BABD-63EB97D6C4FA}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{74A7CA58-30E7-4932-9095-8D30FCFA57D3}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{74F73D81-2AF7-41D6-8BD0-00C98BE1DD4F}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{766DAFFE-4244-4BFD-849B-905512A91119}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{79490E59-4157-4D4F-B49E-5D558C250763}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{7988FDAD-9740-4A9F-9A48-881D717F2E2A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{7B84CE85-D109-4799-A12D-485AD4666F0F}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{7B94D539-BC9C-4C1A-83AB-BD04228B93A2}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{7CFCE13B-93E8-497A-BC53-65A3CD77A503}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{7D3B3FDD-D72B-41FF-B008-B8F45C6B8D2B}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{7D979791-1235-42E3-A51C-161C11838050}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{7DA87D9D-F7B0-4874-9042-7BEDD812E627}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{7F5595EC-E354-419D-9FB4-E287E8B6A016}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{7F5C1E8D-62E9-45F5-85C4-B6C073ABBAEF}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{7FA2BB4D-A8BE-4721-8303-0F6165A63BC8}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{8057C7A7-E494-4283-93C4-E1AC0C17DCB4}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{806D5DBD-BC1D-47FF-B32C-57B62E70A0BD}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{8359B789-89AE-4C89-974B-B3E5E8405676}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{83D1CEF1-8248-4A46-8D0E-9EBA2B5F1F9C}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{85DDCFEE-54B3-423C-ADE0-79E6AF968EAF}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{85E96105-3C53-468F-9E4D-9B324A7B23E9}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{8624A60C-F92A-43D2-A4BB-07BB7B2CC1E6}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{869D52F2-D135-4B6F-B692-DC2161CF52C9}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{882DABE1-1258-4C06-84E0-F94B6B99E351}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{8879778F-FE89-4741-A669-46D04BAC31F5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{8CE292D6-A50B-430C-B7AF-C365118D1526}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{8CECF325-4AED-4199-B58C-025C264EDAE0}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{8CF59259-472C-4307-AE4E-9726948B1703}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{8DE7F8CB-7A2C-4376-81C1-3060FA3A8B4F}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{8F67D89F-C1F9-46CB-88DB-2D1D0DECD7E6}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{8FEAE69A-C62D-4629-88AC-8ED4A16B96D8}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{90A0DC13-BCA4-409B-BC3A-5CA25C1B8BF1}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{926C7F42-529C-4A57-9834-C73D8274CB98}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{93180EFF-2DA7-4C94-BACE-395C07015A67}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{93AD7552-12F8-474B-9304-7BA18B1AF5AE}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{94EED605-92FF-4C02-BBD0-C51EA79165D5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{96F9972A-74D1-4154-85F4-CD9E7C5BBB9D}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{97A6B4BC-79B3-418E-BED2-65DB30FD3F62}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{97B9354E-9030-4A90-A2F3-02F4417DB5B4}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{97EF46F4-4EB0-4F3B-9A64-8A3DFEEF5BB7}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{980D2FEA-ADF7-41EE-BC9D-DD10AB6EAEC1}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{98FC9341-E572-40F2-A45E-20733AE60E1D}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{9955C184-9B31-4CF4-A46A-B5A376ACCA54}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{99D0F148-7DDF-4E13-B727-DCCF3494B32E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{99EA53A1-AD7D-42FE-888D-E3EA6FFB8EA9}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{9AB0ABB9-80A9-4130-B1F6-6F5D9E24AF44}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{9B6C11C5-32AC-47A5-8C77-91CFD37E88A0}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{9B8410DB-CBD3-4CDB-878C-7AC673BC4A69}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{9E8C0FA4-667F-4455-AD49-AC14748A94D4}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{9EF1A273-6D64-4682-AF0D-945C6147895F}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{9F923B93-9CAD-43E0-B7DA-9FA574766638}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{9FDC556A-5479-4787-AE9E-93FF7483B0D0}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{9FFE9F45-0DCC-4810-90F3-74B015EBC79E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A136C259-241A-4ABD-BF64-52CF21634568}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A206DB10-DF3D-4C61-8C28-F0FD7D3B0F9E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A2D65DAD-F698-4A52-8EEA-404A8B7411A7}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A432928E-67AD-4DEE-8C24-BC162DD79691}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A49876DF-98D8-42AC-BD5D-D5BF7562BF88}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A4DD130B-BBD6-4E3E-9E7C-34CE2F0C6B0D}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A5F59BAF-FDED-4E1E-B60B-4B30D11FE1DF}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A67297CD-8901-482F-BAAA-EB27FB5329BA}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A6B4A838-34CB-4C2F-8DF3-2A8894569667}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A6D05432-0189-4201-B711-C77ED33FCFC6}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A88C3C8D-3850-4DE9-B008-02888CA1A43B}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A899B9F9-35CD-4F71-A33B-EB85684C2038}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{A9CDB279-FC03-49B6-B203-1D7C782CC300}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{AA498C8E-BDBA-446A-81FD-BC37C71DCF1D}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{AAEEC0C6-9968-4C7C-A620-A307E997BE74}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{AB1EA49C-D284-466B-82ED-22B2E521B3B5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{AB88192C-7CC4-4366-A9DB-BBCBBB954316}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{ACC188EB-E096-4191-98D0-652D85056993}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{AD22F300-8749-4EB1-8FD4-CBA9AACB3548}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{AD45F249-1311-476F-BFDE-354955F2B7E5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{AEDFBDAF-1A12-475B-98CF-9ADEC6AE4A08}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{AF32400C-B52F-449F-916A-825231FC4BA0}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{AF604D69-9D06-4F36-BD9E-6B693477CA4F}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{B01F6552-92DA-411A-B89D-67673A3681EF}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{B240CE3E-DAB5-4C66-98E9-C3997F5CAD2B}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{B2494B97-E63F-4B03-8F0F-B78DB4798AD1}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{B2991EF7-47B3-40C6-86F7-DDADD7C0FD10}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{B2A72B31-0EF2-4494-B0D7-026F20C5E4ED}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{B50F5B05-527B-4B1E-8111-9452F7F4A1C1}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{B53893FE-43BD-4193-9E66-630ECA85FCC2}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{B554D7B3-4CDD-4A11-9A3F-51F9DDB64848}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{B7D62EA3-DD59-463F-8E16-E5489871C7DE}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{B9249D17-1454-424C-98E3-54D6AA4FC062}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{BA43741A-0DFE-45A5-B1CA-9C33BDB37D26}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{BBAA98F8-0B38-451D-AA5A-2577AB06F5C8}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{BC7A02C7-D2CD-461F-B5C3-32630E75D040}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{BD454A3B-4E45-41D8-8DA1-6D92F5560020}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{BFBA2633-DFEE-4D5B-905F-AA0662D76732}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{C0D9CAC8-6F58-4EE2-A595-C78BB03516DE}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{C18118D4-49F2-4B62-879B-9DDD78227ADE}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{C1B914DD-73A7-48AC-A041-42F5A0E0173E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{C3DF8388-F5D3-4FC7-96F0-0518E5B09506}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{C4DBB096-441C-47EB-81AD-C27B961EA6EC}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{C502C873-AB65-4D67-A763-DE1BCAEEACF1}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{C56FFD0C-88EE-4501-AD2A-4D23FA2EC76A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{C7755352-3150-4378-BF74-0D6E613EB0A8}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{C7DBCA45-E074-4ABE-A21D-6DB1570A9936}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{C989AE5F-D1BE-49A4-95F7-253CECD8DFED}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{CA3A6517-ED5D-4417-8DB2-34A05763F081}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{CC0AFC1C-7071-498D-ABB8-96884F62DCA6}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{CC7876EA-3B5D-4327-8ACA-AC403E88A5EB}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{CCF7271E-43B1-4E28-8ACC-9307C999DC89}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{CFE45A46-E217-436D-A20C-4ADAB9D93E21}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D05ECA66-BC4F-4945-93B7-B47E1CA23183}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D1684DC9-9AF4-48B3-BC2F-BEE4394111F0}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D185C126-3BA2-41D8-8E16-D49E57904ACE}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D1F1F1FD-C7CF-41C9-AF2A-9E0718DB6A2D}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D22DE3A4-A219-44AB-A38F-72968ACCE1E7}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D315EC29-BAED-4CD1-A2B0-22A5D9729CF0}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D38680A5-3C92-4BCE-B15F-35828701D003}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D39D1404-1288-4398-8D69-DC251AC20B75}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D3E6B934-182A-43D0-94A8-335290CA07BF}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D3EC1DF1-82CF-4F9B-8360-49115E52CB53}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D480538A-8035-4FF3-8309-8BDD2EA4DDF3}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D49ED834-E7CB-4DB1-8553-3556233D13B5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D6C72A61-54F2-4C15-A38D-4F4EABFC4AB6}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D710A75C-5B49-4467-915B-EA89DF515CD9}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D7194A17-39C7-4BFF-8241-082C414FA0B4}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D72D4248-5BC4-4141-9EE4-4D6AF0244695}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D7FE8BC5-A51B-4028-8904-B497A9A697D6}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{D9C45F10-B849-4BAA-B41C-D8266F468B4B}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{DA232929-0AE3-44B6-BB08-ED9DAC1E1894}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{DA3372E3-6972-4CEE-901B-1610423D799B}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{DA3918D2-FE8F-4B72-BC09-35F85B0D0CA5}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{DB669EAB-4DEF-4CC2-93D1-FF692CE44EB4}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{DB7BEDFA-A020-4BF2-BEFD-893DBA2820A8}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{DC7C9564-38DD-4ECF-BAFB-5AA4F0A91A9B}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{DD452597-63FD-4F8D-9930-1483D1B1EC29}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{DD5F6C58-F68B-4560-9FAA-BFB4FFDF60EC}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{DE359E02-604D-4DB0-8069-8556088D710B}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{DF278A7D-8238-4CAB-90DC-AE0C2C8283B1}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{DF61157A-D725-4980-B502-9A6654D59F18}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{E0BC00B6-4528-4454-9AD0-75E2DC43D766}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{E24BC46C-3A2C-4141-BD74-9CA66795A054}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{E26ECBF5-12D3-44CB-834E-2D70E551F5B2}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{E5680E0A-3582-4D85-B6AB-E7427767DE44}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{E7D10FD9-5E0C-47F1-8CA1-FD3104066B8A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{E870103D-1EC6-4A11-AEE2-28F979834D96}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{E95B3935-7837-4238-9EB5-4B448509E04A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{EA0E4523-2BBC-45E3-816E-C937547E41FF}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{EA673FED-E7EE-439B-9D74-E4D8F462C35E}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{EA6E1F01-E697-4829-BE33-C3FE6377DC17}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{EB6F7752-95CD-4877-9EA3-80358DC2491A}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{EE8DE312-2D1E-4129-894C-FF4DD7862EEB}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{EFE4897B-FFDC-4CE2-BF00-472480DAE7D2}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{F29C67CA-3F09-47E8-8D42-61412460E254}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{F3E0F087-8E0E-4686-A648-2887E0B01574}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{F704F2C9-7A4B-48F5-9C9E-C2EC1A2A9DDF}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{F8C31EF5-AE6D-4BD1-A3C3-B51D6AF8E502}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{FA1B9004-D21E-4ED7-B5FB-D6B43C160433}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{FBEE7055-1A11-4A6D-A20A-1A57744514A8}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{FC936790-2181-40A1-B613-56E3854B4D5C}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{FD3DB9B4-56D1-434D-9E8C-927A6DC167B2}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{FD98AEA7-0C76-486A-BDB5-A0B0FC69B2CE}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{FE1BF5FC-1645-4A57-A484-91B646D0BD08}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{FE7D4BBD-736F-4877-841E-612864ABA33B}
Successfully deleted: [Empty Folder] C:\Users\Jo‰l\appdata\local\{FFE13BB0-8984-4560-82DC-73DFA8C4A1D7}
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.09.2013 at 13:36:04.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
02.09.2013, 08:13
| #12 |
| /// the machine /// TB-Ausbilder | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.10.2013, 11:58
| #13 |
| | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? hallo, sorry ich war in den ferien. ich habe jetzt noch die 2 schritte gemacht, hier die log files Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c8cd992576407345959119a7a0b261a2
# engine=15323
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-03 01:33:22
# local_time=2013-10-03 06:33:22 (-0800, Pacific Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3588 16777213 100 91 62361645 128959688 0 0
# compatibility_mode=5893 16776573 100 94 67896 132350652 0 0
# scanned=178401
# found=3
# cleaned=0
# scan_time=67833
sh=E1EF5FAB2F1D05C6A89C6728A5A39942A8017C58 ft=1 fh=38ce351fd2352a18 vn="Win32/Moure.A trojan" ac=I fn="C:\FRST\Quarantine\qwckjjlokdcqmsshh.exe"
sh=452A468E9CC30E717803E70B987CF305D3745F9C ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Joël\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X4YO5GXY\banners[1].htm"
sh=12A0EDEE240F1644C58D3876DA3D71B5F996B344 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Joël\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\8fc41b3-48fbb9df"
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 18 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01 (ATTENTION: ====> FRST version is 52 days old and could be outdated)
Ran by Joël (administrator) on 04-10-2013 03:56:06
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Users\Joël\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Joël\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [932528 2012-05-14] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [202256 2010-05-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162336 2009-07-21] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162336 2009-07-21] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Joël\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (YouTube) - C:\Users\JOL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\JOL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\JOL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\JOL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0
CHR Extension: (Gmail) - C:\Users\JOL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
==================== Services (Whitelisted) =================
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-05-29] ()
R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-21] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-05-29] ()
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2009-08-22] (Symantec Corporation)
R1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2011-10-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-01-24] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-01-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-01-24] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvia64.sys [466992 2009-10-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\ENG64.SYS [116272 2010-02-04] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\ENG64.SYS [116272 2010-02-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\EX64.SYS [1742896 2010-02-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.003\EX64.SYS [1742896 2010-02-04] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-08-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-08-22] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-08-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2010-01-10] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-08-22] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-01 11:42 - 2013-10-01 11:42 - 02347384 _____ (ESET) C:\Users\Joël\Desktop\esetsmartinstaller_enu.exe
2013-09-30 12:02 - 2013-09-30 12:02 - 02347384 _____ (ESET) C:\Users\Joël\Downloads\esetsmartinstaller_enu.exe
2013-09-17 22:11 - 2013-08-09 22:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-17 22:11 - 2013-08-09 22:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-17 22:11 - 2013-08-09 22:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-17 22:11 - 2013-08-09 22:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-17 22:11 - 2013-08-09 22:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-17 22:11 - 2013-08-09 22:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-17 22:11 - 2013-08-09 20:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-17 22:11 - 2013-08-09 20:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-17 22:11 - 2013-08-09 20:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-17 22:11 - 2013-08-09 20:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-17 22:11 - 2013-08-09 20:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-17 22:11 - 2013-08-09 20:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-17 22:11 - 2013-08-09 20:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-17 22:11 - 2013-08-09 19:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-17 22:11 - 2013-08-09 19:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-17 22:10 - 2013-08-09 22:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-17 22:10 - 2013-08-09 22:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-17 22:10 - 2013-08-09 22:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-17 22:10 - 2013-08-09 22:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-17 22:10 - 2013-08-09 22:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-17 22:10 - 2013-08-09 22:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-17 22:10 - 2013-08-09 22:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-17 22:10 - 2013-08-09 22:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-17 22:10 - 2013-08-09 20:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-17 22:10 - 2013-08-09 20:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-17 22:10 - 2013-08-09 20:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-17 22:10 - 2013-08-09 20:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-17 22:10 - 2013-08-09 20:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-17 22:10 - 2013-08-09 20:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-17 22:10 - 2013-08-09 20:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-17 22:10 - 2013-08-09 20:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-17 10:13 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-17 10:13 - 2013-08-01 19:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-17 10:13 - 2013-08-01 19:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-17 10:13 - 2013-08-01 19:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-17 10:13 - 2013-08-01 19:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-17 10:13 - 2013-08-01 19:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-17 10:13 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-17 10:13 - 2013-08-01 19:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-17 10:13 - 2013-08-01 19:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-17 10:13 - 2013-08-01 19:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-17 10:13 - 2013-08-01 18:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-17 10:13 - 2013-08-01 18:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-17 10:13 - 2013-08-01 18:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-17 10:13 - 2013-08-01 18:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-17 10:13 - 2013-08-01 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-17 10:13 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-17 10:13 - 2013-08-01 17:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-17 10:13 - 2013-08-01 17:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-17 10:13 - 2013-08-01 17:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-17 10:13 - 2013-08-01 17:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-17 10:13 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-17 10:13 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-17 10:12 - 2013-08-07 18:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-17 10:12 - 2013-07-25 19:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-17 10:12 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-17 10:12 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-17 10:12 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
==================== One Month Modified Files and Folders =======
2013-10-04 03:53 - 2013-10-04 03:53 - 00891144 _____ C:\Users\Joël\Desktop\SecurityCheck.exe
2013-10-04 03:51 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 03:51 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 03:49 - 2009-10-16 23:01 - 01415987 _____ C:\Windows\WindowsUpdate.log
2013-10-04 03:43 - 2009-10-16 23:10 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-04 03:43 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 03:43 - 2009-07-13 21:51 - 00117655 _____ C:\Windows\setupact.log
2013-10-03 06:36 - 2012-10-15 11:03 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-10-03 06:28 - 2012-04-22 12:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-01 11:42 - 2013-10-01 11:42 - 02347384 _____ (ESET) C:\Users\Joël\Desktop\esetsmartinstaller_enu.exe
2013-09-30 14:18 - 2012-04-22 12:09 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-30 14:17 - 2012-04-22 12:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-30 14:17 - 2012-04-22 12:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-30 12:02 - 2013-09-30 12:02 - 02347384 _____ (ESET) C:\Users\Joël\Downloads\esetsmartinstaller_enu.exe
2013-09-23 10:14 - 2010-01-10 22:31 - 00000000 ___RD C:\Users\Joël\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-23 10:14 - 2010-01-10 22:31 - 00000000 ___RD C:\Users\Joël\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-23 10:13 - 2009-07-13 21:45 - 00351168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-17 22:10 - 2011-06-20 12:45 - 01513638 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-17 22:10 - 2011-06-20 12:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-17 22:10 - 2009-10-13 18:21 - 00648910 _____ C:\Windows\system32\perfh007.dat
2013-09-17 22:10 - 2009-10-13 18:21 - 00128910 _____ C:\Windows\system32\perfc007.dat
2013-09-17 22:09 - 2013-08-05 21:53 - 00000000 ____D C:\Windows\system32\MRT
2013-09-17 22:09 - 2010-01-26 22:48 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-17 22:09 - 2009-08-14 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-03 12:18
==================== End Of Log ============================
das erste Programm hat noch 3 threats gefunden. der pc läuft wieder einwandfrei! wenn alles i.o. ist, bedanke ich mich recht herzlich für eure hilfe, finde das top, was ihr macht! Respekt!! lieber gruss joel |
|
04.10.2013, 22:33
| #14 |
| /// the machine /// TB-Ausbilder | Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? Java, Adobe und Flash updaten. Funde sind nur in den Temps, löschen wir jetzt. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte? |
| abgesicherte, andere, anderen, beheben, crime, cyber, cyber crime, google, grosses, hallo zusammen, hilfe, hoffe, investigation, kompetent, modus, schei, schweiz, threads, verhindert, virus, weiterhelfen, windows, windows 7, zusammen |
WARNUNG an die MITLESER: 
Linear-Darstellung
