|
Plagegeister aller Art und deren Bekämpfung: Gleich zwei Trojaner auf einmal?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.02.2012, 14:41 | #1 |
| Gleich zwei Trojaner auf einmal? Hallo, bin neu hier und bisher nie mit Trojanern konfrontiert worden und hoffe, die Regeln befolgt zu haben. Zum Problem: Habe mit Avira Antivir das System gecheckt und die Meldung bekommen, dass ein Trojanisches Pferd namens TR/spy.559819 gefunden wurde. Hier der Bericht: Beginne mit der Suche in 'C:\' <Packard Bell> C:\Users\....\AppData\Local\Temp\8883055.Uninstall\Uninstall.exe [FUND] Ist das Trojanische Pferd TR/Spy.559819 Beginne mit der Desinfektion: C:\Users\....\AppData\Local\Temp\8883055.Uninstall\Uninstall.exe [FUND] Ist das Trojanische Pferd TR/Spy.559819 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49e8f93a.qua' verschoben! Habe danach zur Sicherheit Malwarebyte-Komplettscan gemacht, der findet nix. Droht dennoch Gefahr? Was macht dieser Trojaner? Habe dann in Netz gelesen, dass Avira auch Fehlalarme meldet und es besser ist, mit anderer Software zu scannen. Ein Komplettscan mit Malwarebytes hat NICHTS ergeben. Da ich misstrauisch bin, hab ich noch einen Komplettscan mit Emsisoft Antimalware gemacht. Hier hat er zwar nicht den TR/spy.559819 gefunden, dafür aber: Trojan.Win32.Tool.IPScan.A!E1 als hochrisikobehafteten Schädling aufgespürt. Habe nun versucht alles nach den Regeln hier zu machen und poste die DDS-. und Attach-Datei: DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Hilde at 14:18:13 on 2012-02-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2611 [GMT 1:00] . AV: Emsisoft Anti-Malware *Enabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A} AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Emsisoft Anti-Malware *Enabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Users\Hilde\Desktop\aklogNT\aklogNT+.exe C:\Windows\System32\alg.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2guard.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360510q015l0374z185f4812t469 mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360510q015l0374z185f4812t469 mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360510q015l0374z185f4812t469 mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll uRun: [Global Registration] "C:\Program Files (x86)\Packard Bell\Registration\GREG.exe" BOOT uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60 mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{53EE9F0E-DC76-4C0D-A8FB-271F8A83D394} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{E2A2E0D6-B1A6-4666-B2C6-E810FCAB7F5D} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{E2A2E0D6-B1A6-4666-B2C6-E810FCAB7F5D}\D41363 : DhcpNameServer = 10.0.1.1 {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {53707962-6F74-2D53-2644-206D7942484F} mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Hilde\AppData\Roaming\Mozilla\Firefox\Profiles\6311p2bd.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=6ce452740000000000000026c616fac4&q= FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.id - 6ce452740000000000000026c616fac4 FF - user.js: extensions.BabylonToolbar_i.hardId - 6ce452740000000000000026c616fac4 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15319 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:23:42 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-2-7 23208] R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-2-7 41728] R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2012-2-7 14720] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/10/27 10:41:40];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-7-7 146928] R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-2-7 3025112] R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-5-15 136360] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-5-15 269480] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-8-28 844320] R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-2-7 63880] R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176] S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-5 1153368] S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] . =============== Created Last 30 ================ . 2012-02-07 11:55:57 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware 2012-02-07 11:30:23 388096 ----a-r- C:\Users\Hilde\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-07 11:30:23 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-02-07 11:09:37 -------- d-----w- C:\Program Files\CCleaner 2012-02-07 11:08:31 -------- d-----w- C:\Users\Hilde\AppData\Local\Google 2012-02-07 08:42:25 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB76C6EA-564B-49C9-A288-B05115987A42}\mpengine.dll 2012-02-05 18:33:15 -------- d-----w- C:\Users\Hilde\AppData\Roaming\Malwarebytes 2012-02-05 18:33:12 -------- d-----w- C:\ProgramData\Malwarebytes 2012-02-05 17:16:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-02-05 17:16:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy . ==================== Find3M ==================== . 2012-02-05 16:51:58 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-26 23:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 14:19:19,37 =============== Attach: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 15.05.2010 21:44:35 System Uptime: 07.02.2012 12:01:43 (2 hours ago) . Motherboard: Packard Bell | | EasyNote LJ65 Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | uPGA-478 | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 244,078 GiB free. D: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP188: 05.11.2011 12:31:29 - Phase 5 HTML-Editor wird installiert RP189: 05.11.2011 12:38:20 - Windows Update RP190: 19.11.2011 11:32:18 - Windows Update RP192: 20.11.2011 14:52:31 - Windows Modules Installer RP193: 20.11.2011 14:53:21 - Windows Modules Installer RP194: 03.12.2011 18:36:58 - Windows Update RP195: 09.12.2011 18:32:41 - Installiert D-Link AirPlus G+ Wireless LAN Adapter RP196: 10.12.2011 12:15:07 - Windows Update RP197: 10.12.2011 14:33:31 - Windows Update RP198: 11.12.2011 21:00:42 - Removed Vegas Pro 10.0 RP199: 15.12.2011 11:16:55 - Windows Update RP200: 15.12.2011 16:00:41 - Windows Update RP201: 20.12.2011 20:30:47 - Windows Update RP202: 27.12.2011 11:31:15 - Windows Update RP203: 31.12.2011 10:32:43 - Windows Update RP204: 04.01.2012 20:41:35 - Windows Update RP205: 31.01.2012 18:07:30 - Windows Update RP206: 31.01.2012 19:31:58 - Windows Update RP207: 04.02.2012 15:31:46 - Windows Update RP208: 07.02.2012 12:30:11 - Installed HiJackThis . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office Suite Service Pack 2 (SP2) Acrobat.com Adobe AIR Adobe Flash Player 10 Plugin Adobe Reader 9.1 MUI Advanced IP Scanner v1.5 Advertising Center ANNO 1503 ANNO 1602 Königs-Edition Avira AntiVir Personal - Free Antivirus Compatibility Pack für 2007 Office System CyberLink PowerDVD 8 D-Link AirPlus G+ Wireless LAN Adapter Emsisoft Anti-Malware FileZilla Client 3.5.2 Google Chrome Google Update Helper HiJackThis Identity Card ImagXpress Launch Manager Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (German) 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (German) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Office O MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) Microsoft Office SharePoint Designer MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Office X MUI (German) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 7.0.1 (x86 de) Mozilla Thunderbird (3.0.9) MSVCRT Redists MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml Packard Bell Power Management Packard Bell Recovery Management Phase 5 HTML-Editor Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Spybot - Search & Destroy Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office OneNote 2007 (KB980729) Video Web Camera . ==== End Of File =========================== Ich hoffe, Ihr könnte mir sagen, ob und was ich machen muss. Vielen Dank schon mal dafür |
08.02.2012, 14:11 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gleich zwei Trojaner auf einmal? Bitte trotzdem alle Logs von Malwarebytes posten
__________________Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
09.02.2012, 18:33 | #3 |
| Gleich zwei Trojaner auf einmal?Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.09.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 XXXX:: XXX-PC [Administrator] 09.02.2012 17:34:53 mbam-log-2012-02-09 (17-34-53).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 292844 Laufzeit: 49 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
09.02.2012, 21:21 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gleich zwei Trojaner auf einmal?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2012, 11:51 | #5 |
| Gleich zwei Trojaner auf einmal? Nein, den Bericht hab ich leider nicht mehr, da falsche Taste gedrückt aus Versehen. Aber laut Hilfe kann man im Menü Quarantäne angeblich den Pfad vom Ursprung her ansehen - wenn ich das hier richtig seh, dann dürfte es der sein: C:\Program Files (X86)\Advanced IP Scanner\Advanced IP in Quarantäne gestellt Ich weiss zwar nicht, ob das weiterhilft und auch nicht, wenn man das Virus wieder aus der Q rausnehmen würde, dann nochmal einen Totalscan durchführt und dann das Logfile postet? |
12.02.2012, 13:31 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gleich zwei Trojaner auf einmal? Das ist ein Fehlalarm. Virenscanner bemängeln solche Tools um IP-Adressebereich zu scannen gerne mal als "Hackingtool"
__________________ --> Gleich zwei Trojaner auf einmal? |
12.02.2012, 19:56 | #7 |
| Gleich zwei Trojaner auf einmal? ah okay, danke!...klingt einleuchtend...und was ist mit diesem TR/spy.559819? Ist das auch ein Fehlalarm? Das wurde ja von Avira gefunden und von den anderen nicht. |
13.02.2012, 09:15 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gleich zwei Trojaner auf einmal? Kann ich noch nicht einstufen so genau, wird ja angeblich in einer uninstall.exe in tmp gefunden Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
14.02.2012, 11:15 | #9 |
| Gleich zwei Trojaner auf einmal? Hallo Cosinus, hier kommt gleich die log-datei Geändert von photonic (14.02.2012 um 11:24 Uhr) |
14.02.2012, 11:36 | #10 |
| Gleich zwei Trojaner auf einmal? OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.02.2012 11:26:07 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hilde\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 68,84% Memory free 7,99 Gb Paging File | 6,68 Gb Available in Paging File | 83,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 244,55 Gb Free Space | 85,51% Space Free | Partition Type: NTFS Drive F: | 1,92 Gb Total Space | 1,85 Gb Free Space | 96,51% Space Free | Partition Type: FAT Computer Name: HILDE-PC | User Name: Hilde | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.14 10:52:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hilde\Desktop\OTL.exe PRC - [2011.07.24 17:58:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.01 10:19:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 09:42:26 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.08.18 10:42:34 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.07.28 13:29:40 | 001,507,448 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe PRC - [2009.07.07 06:47:54 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2009.04.15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2006.03.25 09:17:32 | 000,024,064 | ---- | M] () -- C:\Users\Hilde\Desktop\aklogNT\aklogNT+.exe ========== Modules (No Company Name) ========== MOD - [2009.07.08 13:46:08 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Utility.dll MOD - [2009.07.06 14:44:34 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll MOD - [2006.03.25 09:17:32 | 000,024,064 | ---- | M] () -- C:\Users\Hilde\Desktop\aklogNT\aklogNT+.exe MOD - [2006.03.25 09:17:32 | 000,016,384 | ---- | M] () -- C:\Users\Hilde\Desktop\aklogNT\aklog.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.24 17:58:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.01 10:19:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.06 05:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.07.28 20:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.29 04:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.07.24 17:59:00 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.24 17:59:00 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.08.10 04:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.24 11:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.06.18 13:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.06 17:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.05.14 01:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel(R) DRV:64bit: - [2009.04.30 14:43:34 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.04.29 04:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2006.06.17 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.07 13:47:48 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/10/27 10:41:40] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2009.03.26 04:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3936037995-2034884825-2607243628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKU\S-1-5-21-3936037995-2034884825-2607243628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3936037995-2034884825-2607243628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=6ce452740000000000000026c616fac4&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.24 17:02:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.05 12:10:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.05.15 15:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilde\AppData\Roaming\mozilla\Extensions [2010.05.15 15:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilde\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.02.05 21:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilde\AppData\Roaming\mozilla\Firefox\Profiles\6311p2bd.default\extensions [2011.08.11 17:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.24 17:02:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.24 17:02:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.11 21:23:38 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.12.24 17:02:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.24 17:02:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.24 17:02:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.24 17:02:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.24 17:02:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Hilde\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Hilde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google-Suche = C:\Users\Hilde\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Google Mail = C:\Users\Hilde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3936037995-2034884825-2607243628-1000..\Run: [Global Registration] "C:\Program Files (x86)\Packard Bell\Registration\GREG.exe" BOOT File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3936037995-2034884825-2607243628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53EE9F0E-DC76-4C0D-A8FB-271F8A83D394}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2A2E0D6-B1A6-4666-B2C6-E810FCAB7F5D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f17e9ca9-77a5-11df-abeb-002622751fb4}\Shell - "" = AutoRun O33 - MountPoints2\{f17e9ca9-77a5-11df-abeb-002622751fb4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {35627EB1-500C-4B11-729D-9721100F6812} - Microsoft Windows Media Player 12.0 ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.14 10:52:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Hilde\Desktop\OTL.exe [2012.02.14 10:26:48 | 000,000,000 | R--D | C] -- C:\Users\Hilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.02.07 15:26:09 | 000,000,000 | ---D | C] -- C:\Users\Hilde\AppData\Local\Solid State Networks [2012.02.07 12:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.02.07 12:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012.02.07 12:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.02.07 12:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.02.07 12:08:31 | 000,000,000 | ---D | C] -- C:\Users\Hilde\AppData\Local\Google [2012.02.07 12:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.02.05 19:33:15 | 000,000,000 | ---D | C] -- C:\Users\Hilde\AppData\Roaming\Malwarebytes [2012.02.05 19:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.05 18:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.02.05 18:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.02.05 17:46:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2009.08.28 05:36:17 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012.02.14 11:18:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.14 10:52:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hilde\Desktop\OTL.exe [2012.02.14 10:40:58 | 000,095,512 | ---- | M] () -- C:\Users\Hilde\Desktop\Textor-Goethe.pdf [2012.02.14 10:33:53 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.14 10:33:53 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.14 10:31:15 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.14 10:31:15 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.14 10:31:15 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.14 10:31:15 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.14 10:31:15 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.14 10:26:11 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.14 10:25:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.14 10:25:51 | 3219,636,224 | -HS- | M] () -- C:\hiberfil.sys [2012.02.09 16:19:12 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.02.07 14:14:38 | 000,000,000 | ---- | M] () -- C:\Users\Hilde\defogger_reenable [2012.02.07 12:09:40 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2012.02.14 10:40:57 | 000,095,512 | ---- | C] () -- C:\Users\Hilde\Desktop\Textor-Goethe.pdf [2012.02.07 14:14:38 | 000,000,000 | ---- | C] () -- C:\Users\Hilde\defogger_reenable [2012.02.07 12:09:40 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.07 12:09:36 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.02.07 12:08:37 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.07 12:08:36 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.15 14:22:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.08.28 05:26:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.12.11 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Babylon [2012.02.07 12:13:47 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\FileZilla [2011.04.01 11:45:39 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\PreSonus [2011.12.11 20:58:55 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Sony [2010.05.15 15:08:39 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\TeamViewer [2010.05.15 15:44:52 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Thunderbird [2011.12.11 21:18:14 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Video DVD Maker FREE [2011.08.24 10:38:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.02.08 21:21:50 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Adobe [2010.06.13 10:10:45 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Avira [2011.12.11 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Babylon [2011.06.13 10:55:47 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\CyberLink [2011.12.11 21:36:33 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\dvdcss [2012.02.07 12:13:47 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\FileZilla [2010.05.15 13:53:59 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Google [2010.05.15 20:46:43 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Identities [2010.05.15 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Macromedia [2012.02.05 19:33:15 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Media Center Programs [2011.11.05 12:31:44 | 000,000,000 | --SD | M] -- C:\Users\Hilde\AppData\Roaming\Microsoft [2010.05.15 14:23:13 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Mozilla [2010.05.15 14:09:12 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Nero [2011.04.01 11:45:39 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\PreSonus [2011.12.11 20:58:55 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Sony [2010.05.15 15:08:39 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\TeamViewer [2010.05.15 15:44:52 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Thunderbird [2011.12.11 21:18:14 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Video DVD Maker FREE [2011.12.11 21:36:26 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2011.08.06 16:42:52 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Hilde\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2011.11.05 12:31:44 | 000,010,134 | R--- | M] () -- C:\Users\Hilde\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe [2011.11.05 12:31:44 | 000,000,766 | R--- | M] () -- C:\Users\Hilde\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
14.02.2012, 11:55 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gleich zwei Trojaner auf einmal? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKU\S-1-5-21-3936037995-2034884825-2607243628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKU\S-1-5-21-3936037995-2034884825-2607243628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=6ce452740000000000000026c616fac4&q=" [2011.12.11 21:23:38 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.12.24 17:02:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKU\S-1-5-21-3936037995-2034884825-2607243628-1000..\Run: [Global Registration] "C:\Program Files (x86)\Packard Bell\Registration\GREG.exe" BOOT File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3936037995-2034884825-2607243628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f17e9ca9-77a5-11df-abeb-002622751fb4}\Shell - "" = AutoRun O33 - MountPoints2\{f17e9ca9-77a5-11df-abeb-002622751fb4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a [2009.08.28 05:36:17 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
15.02.2012, 17:36 | #12 |
| Gleich zwei Trojaner auf einmal? Hallo Arne, alles so gemacht wie du empfohlen hast (was bewirkt denn das?). Nachdem ich auf Fix geklickt hatte, lief irgendein Prozess ab (grüne Balken zeigten den Fortschritt an), an dessen Ende es hiess: Um alle Dateien endgültig zu löschen, klicken sie OK, ev. startet das System neu. Hab es so gemacht, nach dem Neustart hat er gefragt: möchten sie der Software OTL.exe vertrauen, ich hab auf Ja geklickt und dann kam folgendes Logfile, das ich gespeichert hab und jetzt hier mal poste: All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-3936037995-2034884825-2607243628-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\S-1-5-21-3936037995-2034884825-2607243628-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine Prefs.js: "about:home" removed from browser.startup.homepage Prefs.js: "hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=6ce452740000000000000026c616fac4&q=" removed from keyword.URL C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-3936037995-2034884825-2607243628-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Global Registration deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_USERS\S-1-5-21-3936037995-2034884825-2607243628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f17e9ca9-77a5-11df-abeb-002622751fb4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f17e9ca9-77a5-11df-abeb-002622751fb4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f17e9ca9-77a5-11df-abeb-002622751fb4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f17e9ca9-77a5-11df-abeb-002622751fb4}\ not found. File E:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File E:\LaunchU3.exe -a not found. C:\ProgramData\FullRemove.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Hilde ->Temp folder emptied: 10516152 bytes ->Temporary Internet Files folder emptied: 9580863 bytes ->FireFox cache emptied: 45280449 bytes ->Google Chrome cache emptied: 25501017 bytes ->Flash cache emptied: 3089137 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 653464 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 90,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 02152012_172647 Files\Folders moved on Reboot... C:\Users\Hilde\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... --------------------- |
15.02.2012, 17:48 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gleich zwei Trojaner auf einmal? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
15.02.2012, 19:05 | #14 |
| Gleich zwei Trojaner auf einmal? okay, hier ist das log: 19:01:53.0572 2348 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52 19:01:53.0681 2348 ============================================================ 19:01:53.0681 2348 Current date / time: 2012/02/15 19:01:53.0681 19:01:53.0681 2348 SystemInfo: 19:01:53.0681 2348 19:01:53.0681 2348 OS Version: 6.1.7601 ServicePack: 1.0 19:01:53.0681 2348 Product type: Workstation 19:01:53.0681 2348 ComputerName: HILDE-PC 19:01:53.0681 2348 UserName: Hilde 19:01:53.0681 2348 Windows directory: C:\Windows 19:01:53.0681 2348 System windows directory: C:\Windows 19:01:53.0681 2348 Running under WOW64 19:01:53.0681 2348 Processor architecture: Intel x64 19:01:53.0681 2348 Number of processors: 2 19:01:53.0681 2348 Page size: 0x1000 19:01:53.0681 2348 Boot type: Normal boot 19:01:53.0681 2348 ============================================================ 19:01:54.0820 2348 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:01:54.0820 2348 Drive \Device\Harddisk1\DR1 - Size: 0x7AFFFE00 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:01:54.0820 2348 \Device\Harddisk0\DR0: 19:01:54.0820 2348 MBR used 19:01:54.0820 2348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD 19:01:54.0820 2348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x23BF9384 19:01:54.0820 2348 \Device\Harddisk1\DR1: 19:01:54.0820 2348 MBR used 19:01:54.0820 2348 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3D7FC0 19:01:54.0851 2348 Initialize success 19:01:54.0851 2348 ============================================================ 19:02:08.0875 3308 ============================================================ 19:02:08.0875 3308 Scan started 19:02:08.0875 3308 Mode: Manual; SigCheck; TDLFS; 19:02:08.0875 3308 ============================================================ 19:02:10.0638 3308 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 19:02:10.0747 3308 1394ohci - ok 19:02:10.0778 3308 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 19:02:10.0794 3308 ACPI - ok 19:02:10.0841 3308 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 19:02:10.0919 3308 AcpiPmi - ok 19:02:10.0997 3308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:02:11.0044 3308 adp94xx - ok 19:02:11.0090 3308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:02:11.0137 3308 adpahci - ok 19:02:11.0153 3308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:02:11.0168 3308 adpu320 - ok 19:02:11.0246 3308 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 19:02:11.0324 3308 AFD - ok 19:02:11.0387 3308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 19:02:11.0402 3308 agp440 - ok 19:02:11.0434 3308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 19:02:11.0449 3308 aliide - ok 19:02:11.0465 3308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 19:02:11.0480 3308 amdide - ok 19:02:11.0527 3308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:02:11.0590 3308 AmdK8 - ok 19:02:11.0590 3308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 19:02:11.0621 3308 AmdPPM - ok 19:02:11.0668 3308 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 19:02:11.0699 3308 amdsata - ok 19:02:11.0730 3308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:02:11.0746 3308 amdsbs - ok 19:02:11.0761 3308 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 19:02:11.0777 3308 amdxata - ok 19:02:11.0855 3308 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 19:02:11.0933 3308 AppID - ok 19:02:11.0964 3308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:02:11.0980 3308 arc - ok 19:02:11.0995 3308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:02:12.0011 3308 arcsas - ok 19:02:12.0042 3308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:02:12.0073 3308 AsyncMac - ok 19:02:12.0120 3308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 19:02:12.0120 3308 atapi - ok 19:02:12.0292 3308 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys 19:02:12.0572 3308 atikmdag - ok 19:02:12.0682 3308 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 19:02:12.0728 3308 avgntflt - ok 19:02:12.0791 3308 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 19:02:12.0822 3308 avipbb - ok 19:02:12.0884 3308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:02:12.0947 3308 b06bdrv - ok 19:02:12.0978 3308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:02:13.0056 3308 b57nd60a - ok 19:02:13.0134 3308 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 19:02:13.0243 3308 BCM43XX - ok 19:02:13.0337 3308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:02:13.0415 3308 Beep - ok 19:02:13.0477 3308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:02:13.0493 3308 blbdrive - ok 19:02:13.0540 3308 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 19:02:13.0586 3308 bowser - ok 19:02:13.0618 3308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:02:13.0680 3308 BrFiltLo - ok 19:02:13.0680 3308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:02:13.0696 3308 BrFiltUp - ok 19:02:13.0742 3308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:02:13.0805 3308 Brserid - ok 19:02:13.0805 3308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:02:13.0852 3308 BrSerWdm - ok 19:02:13.0883 3308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:02:13.0898 3308 BrUsbMdm - ok 19:02:13.0914 3308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:02:13.0945 3308 BrUsbSer - ok 19:02:13.0961 3308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:02:13.0992 3308 BTHMODEM - ok 19:02:14.0054 3308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:02:14.0101 3308 cdfs - ok 19:02:14.0164 3308 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 19:02:14.0195 3308 cdrom - ok 19:02:14.0226 3308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:02:14.0273 3308 circlass - ok 19:02:14.0304 3308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:02:14.0320 3308 CLFS - ok 19:02:14.0382 3308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:02:14.0413 3308 CmBatt - ok 19:02:14.0444 3308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 19:02:14.0460 3308 cmdide - ok 19:02:14.0507 3308 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 19:02:14.0538 3308 CNG - ok 19:02:14.0569 3308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:02:14.0585 3308 Compbatt - ok 19:02:14.0632 3308 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 19:02:14.0678 3308 CompositeBus - ok 19:02:14.0725 3308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:02:14.0741 3308 crcdisk - ok 19:02:14.0819 3308 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 19:02:14.0897 3308 DfsC - ok 19:02:14.0912 3308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:02:14.0959 3308 discache - ok 19:02:14.0990 3308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:02:15.0022 3308 Disk - ok 19:02:15.0084 3308 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys 19:02:15.0100 3308 DKbFltr - ok 19:02:15.0209 3308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:02:15.0240 3308 drmkaud - ok 19:02:15.0334 3308 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 19:02:15.0380 3308 DXGKrnl - ok 19:02:15.0490 3308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:02:15.0661 3308 ebdrv - ok 19:02:15.0770 3308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:02:15.0833 3308 elxstor - ok 19:02:15.0911 3308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 19:02:15.0942 3308 ErrDev - ok 19:02:16.0020 3308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:02:16.0098 3308 exfat - ok 19:02:16.0129 3308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:02:16.0192 3308 fastfat - ok 19:02:16.0207 3308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:02:16.0223 3308 fdc - ok 19:02:16.0254 3308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:02:16.0270 3308 FileInfo - ok 19:02:16.0301 3308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:02:16.0348 3308 Filetrace - ok 19:02:16.0363 3308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:02:16.0379 3308 flpydisk - ok 19:02:16.0426 3308 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 19:02:16.0472 3308 FltMgr - ok 19:02:16.0519 3308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:02:16.0535 3308 FsDepends - ok 19:02:16.0550 3308 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 19:02:16.0566 3308 Fs_Rec - ok 19:02:16.0613 3308 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:02:16.0628 3308 fvevol - ok 19:02:16.0675 3308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:02:16.0691 3308 gagp30kx - ok 19:02:16.0784 3308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:02:16.0831 3308 hcw85cir - ok 19:02:16.0894 3308 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 19:02:16.0956 3308 HdAudAddService - ok 19:02:17.0003 3308 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 19:02:17.0050 3308 HDAudBus - ok 19:02:17.0081 3308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:02:17.0128 3308 HidBatt - ok 19:02:17.0143 3308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:02:17.0159 3308 HidBth - ok 19:02:17.0190 3308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:02:17.0221 3308 HidIr - ok 19:02:17.0284 3308 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 19:02:17.0315 3308 HidUsb - ok 19:02:17.0377 3308 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 19:02:17.0408 3308 HpSAMD - ok 19:02:17.0486 3308 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 19:02:17.0596 3308 HTTP - ok 19:02:17.0642 3308 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 19:02:17.0658 3308 hwpolicy - ok 19:02:17.0705 3308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 19:02:17.0720 3308 i8042prt - ok 19:02:17.0783 3308 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 19:02:17.0830 3308 iaStorV - ok 19:02:17.0861 3308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:02:17.0876 3308 iirsp - ok 19:02:17.0970 3308 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys 19:02:18.0032 3308 IntcAzAudAddService - ok 19:02:18.0064 3308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 19:02:18.0079 3308 intelide - ok 19:02:18.0126 3308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:02:18.0142 3308 intelppm - ok 19:02:18.0204 3308 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:02:18.0266 3308 IpFilterDriver - ok 19:02:18.0298 3308 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 19:02:18.0329 3308 IPMIDRV - ok 19:02:18.0376 3308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:02:18.0438 3308 IPNAT - ok 19:02:18.0485 3308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:02:18.0500 3308 IRENUM - ok 19:02:18.0547 3308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 19:02:18.0547 3308 isapnp - ok 19:02:18.0594 3308 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 19:02:18.0625 3308 iScsiPrt - ok 19:02:18.0672 3308 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys 19:02:18.0703 3308 k57nd60a - ok 19:02:18.0734 3308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 19:02:18.0750 3308 kbdclass - ok 19:02:18.0797 3308 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 19:02:18.0844 3308 kbdhid - ok 19:02:18.0906 3308 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 19:02:18.0937 3308 KSecDD - ok 19:02:18.0968 3308 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 19:02:18.0984 3308 KSecPkg - ok 19:02:19.0031 3308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:02:19.0093 3308 ksthunk - ok 19:02:19.0202 3308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:02:19.0280 3308 lltdio - ok 19:02:19.0327 3308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:02:19.0358 3308 LSI_FC - ok 19:02:19.0358 3308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:02:19.0390 3308 LSI_SAS - ok 19:02:19.0390 3308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:02:19.0405 3308 LSI_SAS2 - ok 19:02:19.0436 3308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:02:19.0452 3308 LSI_SCSI - ok 19:02:19.0468 3308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:02:19.0577 3308 luafv - ok 19:02:19.0624 3308 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys 19:02:19.0670 3308 mdmxsdk - ok 19:02:19.0702 3308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:02:19.0717 3308 megasas - ok 19:02:19.0733 3308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:02:19.0764 3308 MegaSR - ok 19:02:19.0780 3308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:02:19.0826 3308 Modem - ok 19:02:19.0858 3308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:02:19.0889 3308 monitor - ok 19:02:19.0936 3308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 19:02:19.0967 3308 mouclass - ok 19:02:19.0998 3308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:02:20.0029 3308 mouhid - ok 19:02:20.0076 3308 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 19:02:20.0092 3308 mountmgr - ok 19:02:20.0138 3308 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 19:02:20.0170 3308 mpio - ok 19:02:20.0232 3308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:02:20.0326 3308 mpsdrv - ok 19:02:20.0372 3308 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 19:02:20.0466 3308 MRxDAV - ok 19:02:20.0497 3308 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:02:20.0544 3308 mrxsmb - ok 19:02:20.0606 3308 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:02:20.0669 3308 mrxsmb10 - ok 19:02:20.0684 3308 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:02:20.0716 3308 mrxsmb20 - ok 19:02:20.0731 3308 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 19:02:20.0747 3308 msahci - ok 19:02:20.0794 3308 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 19:02:20.0809 3308 msdsm - ok 19:02:20.0872 3308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:02:20.0903 3308 Msfs - ok 19:02:20.0934 3308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:02:20.0981 3308 mshidkmdf - ok 19:02:21.0012 3308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 19:02:21.0028 3308 msisadrv - ok 19:02:21.0043 3308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:02:21.0106 3308 MSKSSRV - ok 19:02:21.0121 3308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:02:21.0184 3308 MSPCLOCK - ok 19:02:21.0199 3308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:02:21.0246 3308 MSPQM - ok 19:02:21.0293 3308 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 19:02:21.0324 3308 MsRPC - ok 19:02:21.0371 3308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 19:02:21.0386 3308 mssmbios - ok 19:02:21.0402 3308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:02:21.0464 3308 MSTEE - ok 19:02:21.0480 3308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:02:21.0511 3308 MTConfig - ok 19:02:21.0542 3308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:02:21.0558 3308 Mup - ok 19:02:21.0605 3308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:02:21.0652 3308 NativeWifiP - ok 19:02:21.0745 3308 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 19:02:21.0792 3308 NDIS - ok 19:02:21.0839 3308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:02:21.0886 3308 NdisCap - ok 19:02:21.0932 3308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:02:21.0964 3308 NdisTapi - ok 19:02:22.0026 3308 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 19:02:22.0073 3308 Ndisuio - ok 19:02:22.0104 3308 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 19:02:22.0166 3308 NdisWan - ok 19:02:22.0198 3308 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 19:02:22.0260 3308 NDProxy - ok 19:02:22.0307 3308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:02:22.0369 3308 NetBIOS - ok 19:02:22.0432 3308 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 19:02:22.0494 3308 NetBT - ok 19:02:22.0681 3308 NETw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys 19:02:22.0931 3308 NETw5v64 - ok 19:02:23.0040 3308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:02:23.0056 3308 nfrd960 - ok 19:02:23.0118 3308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:02:23.0180 3308 Npfs - ok 19:02:23.0243 3308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:02:23.0321 3308 nsiproxy - ok 19:02:23.0383 3308 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 19:02:23.0492 3308 Ntfs - ok 19:02:23.0524 3308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:02:23.0555 3308 Null - ok 19:02:23.0617 3308 NVHDA (6e41a4df26340a07a489b721f9721ec1) C:\Windows\system32\drivers\nvhda64v.sys 19:02:23.0633 3308 NVHDA - ok 19:02:23.0960 3308 nvlddmkm (24f526274353ff7bb93d99d238e582da) C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:02:24.0179 3308 nvlddmkm - ok 19:02:24.0272 3308 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 19:02:24.0304 3308 nvraid - ok 19:02:24.0335 3308 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 19:02:24.0366 3308 nvstor - ok 19:02:24.0413 3308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 19:02:24.0428 3308 nv_agp - ok 19:02:24.0475 3308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 19:02:24.0491 3308 ohci1394 - ok 19:02:24.0553 3308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:02:24.0584 3308 Parport - ok 19:02:24.0616 3308 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 19:02:24.0631 3308 partmgr - ok 19:02:24.0678 3308 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 19:02:24.0709 3308 pci - ok 19:02:24.0725 3308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 19:02:24.0740 3308 pciide - ok 19:02:24.0772 3308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:02:24.0787 3308 pcmcia - ok 19:02:24.0803 3308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:02:24.0818 3308 pcw - ok 19:02:24.0850 3308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:02:24.0928 3308 PEAUTH - ok 19:02:25.0021 3308 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 19:02:25.0084 3308 PptpMiniport - ok 19:02:25.0099 3308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:02:25.0146 3308 Processor - ok 19:02:25.0208 3308 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 19:02:25.0255 3308 Psched - ok 19:02:25.0318 3308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:02:25.0427 3308 ql2300 - ok 19:02:25.0442 3308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:02:25.0458 3308 ql40xx - ok 19:02:25.0489 3308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:02:25.0505 3308 QWAVEdrv - ok 19:02:25.0520 3308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:02:25.0567 3308 RasAcd - ok 19:02:25.0614 3308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:02:25.0676 3308 RasAgileVpn - ok 19:02:25.0723 3308 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:02:25.0801 3308 Rasl2tp - ok 19:02:25.0864 3308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:02:25.0910 3308 RasPppoe - ok 19:02:25.0942 3308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:02:26.0004 3308 RasSstp - ok 19:02:26.0051 3308 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 19:02:26.0144 3308 rdbss - ok 19:02:26.0160 3308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:02:26.0207 3308 rdpbus - ok 19:02:26.0238 3308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:02:26.0285 3308 RDPCDD - ok 19:02:26.0316 3308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:02:26.0347 3308 RDPENCDD - ok 19:02:26.0378 3308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:02:26.0425 3308 RDPREFMP - ok 19:02:26.0472 3308 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 19:02:26.0519 3308 RDPWD - ok 19:02:26.0550 3308 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 19:02:26.0581 3308 rdyboost - ok 19:02:26.0644 3308 Rerltacm - ok 19:02:26.0675 3308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:02:26.0737 3308 rspndr - ok 19:02:26.0784 3308 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\System32\Drivers\RtsUStor.sys 19:02:26.0846 3308 RSUSBSTOR - ok 19:02:26.0893 3308 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys 19:02:26.0924 3308 RTHDMIAzAudService - ok 19:02:26.0956 3308 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 19:02:26.0987 3308 sbp2port - ok 19:02:27.0034 3308 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 19:02:27.0112 3308 scfilter - ok 19:02:27.0174 3308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:02:27.0236 3308 secdrv - ok 19:02:27.0268 3308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:02:27.0283 3308 Serenum - ok 19:02:27.0314 3308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:02:27.0346 3308 Serial - ok 19:02:27.0377 3308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:02:27.0424 3308 sermouse - ok 19:02:27.0470 3308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 19:02:27.0502 3308 sffdisk - ok 19:02:27.0517 3308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 19:02:27.0548 3308 sffp_mmc - ok 19:02:27.0580 3308 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 19:02:27.0595 3308 sffp_sd - ok 19:02:27.0626 3308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:02:27.0658 3308 sfloppy - ok 19:02:27.0689 3308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:02:27.0704 3308 SiSRaid2 - ok 19:02:27.0720 3308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:02:27.0736 3308 SiSRaid4 - ok 19:02:27.0767 3308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:02:27.0829 3308 Smb - ok 19:02:27.0892 3308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:02:27.0892 3308 spldr - ok 19:02:27.0954 3308 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 19:02:28.0032 3308 srv - ok 19:02:28.0063 3308 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 19:02:28.0126 3308 srv2 - ok 19:02:28.0172 3308 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 19:02:28.0219 3308 SrvHsfHDA - ok 19:02:28.0266 3308 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 19:02:28.0344 3308 SrvHsfV92 - ok 19:02:28.0391 3308 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 19:02:28.0422 3308 SrvHsfWinac - ok 19:02:28.0469 3308 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 19:02:28.0516 3308 srvnet - ok 19:02:28.0547 3308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:02:28.0562 3308 stexstor - ok 19:02:28.0609 3308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 19:02:28.0625 3308 swenum - ok 19:02:28.0687 3308 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys 19:02:28.0718 3308 SynTP - ok 19:02:28.0812 3308 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 19:02:28.0937 3308 Tcpip - ok 19:02:29.0030 3308 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 19:02:29.0077 3308 TCPIP6 - ok 19:02:29.0108 3308 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 19:02:29.0202 3308 tcpipreg - ok 19:02:29.0249 3308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:02:29.0280 3308 TDPIPE - ok 19:02:29.0296 3308 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 19:02:29.0342 3308 TDTCP - ok 19:02:29.0389 3308 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 19:02:29.0452 3308 tdx - ok 19:02:29.0498 3308 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 19:02:29.0514 3308 TermDD - ok 19:02:29.0576 3308 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:02:29.0623 3308 tssecsrv - ok 19:02:29.0701 3308 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 19:02:29.0748 3308 TsUsbFlt - ok 19:02:29.0810 3308 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 19:02:29.0857 3308 tunnel - ok 19:02:29.0904 3308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:02:29.0920 3308 uagp35 - ok 19:02:29.0966 3308 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 19:02:30.0044 3308 udfs - ok 19:02:30.0107 3308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 19:02:30.0122 3308 uliagpkx - ok 19:02:30.0154 3308 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 19:02:30.0185 3308 umbus - ok 19:02:30.0232 3308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:02:30.0278 3308 UmPass - ok 19:02:30.0310 3308 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 19:02:30.0341 3308 usbccgp - ok 19:02:30.0388 3308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 19:02:30.0419 3308 usbcir - ok 19:02:30.0434 3308 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 19:02:30.0481 3308 usbehci - ok 19:02:30.0528 3308 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 19:02:30.0559 3308 usbhub - ok 19:02:30.0590 3308 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 19:02:30.0637 3308 usbohci - ok 19:02:30.0684 3308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:02:30.0731 3308 usbprint - ok 19:02:30.0762 3308 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 19:02:30.0824 3308 USBSTOR - ok 19:02:30.0856 3308 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 19:02:30.0887 3308 usbuhci - ok 19:02:30.0949 3308 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 19:02:31.0012 3308 usbvideo - ok 19:02:31.0043 3308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 19:02:31.0058 3308 vdrvroot - ok 19:02:31.0105 3308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:02:31.0136 3308 vga - ok 19:02:31.0168 3308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:02:31.0230 3308 VgaSave - ok 19:02:31.0261 3308 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 19:02:31.0292 3308 vhdmp - ok 19:02:31.0324 3308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 19:02:31.0339 3308 viaide - ok 19:02:31.0370 3308 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 19:02:31.0386 3308 volmgr - ok 19:02:31.0433 3308 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 19:02:31.0464 3308 volmgrx - ok 19:02:31.0511 3308 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 19:02:31.0542 3308 volsnap - ok 19:02:31.0573 3308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:02:31.0589 3308 vsmraid - ok 19:02:31.0620 3308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 19:02:31.0636 3308 vwifibus - ok 19:02:31.0651 3308 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 19:02:31.0698 3308 vwififlt - ok 19:02:31.0714 3308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:02:31.0729 3308 WacomPen - ok 19:02:31.0776 3308 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:02:31.0838 3308 WANARP - ok 19:02:31.0838 3308 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:02:31.0885 3308 Wanarpv6 - ok 19:02:31.0979 3308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:02:31.0994 3308 Wd - ok 19:02:32.0041 3308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:02:32.0088 3308 Wdf01000 - ok 19:02:32.0135 3308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:02:32.0166 3308 WfpLwf - ok 19:02:32.0197 3308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:02:32.0213 3308 WIMMount - ok 19:02:32.0291 3308 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 19:02:32.0322 3308 WinUsb - ok 19:02:32.0338 3308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 19:02:32.0369 3308 WmiAcpi - ok 19:02:32.0416 3308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:02:32.0462 3308 ws2ifsl - ok 19:02:32.0525 3308 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys 19:02:32.0572 3308 WSDPrintDevice - ok 19:02:32.0634 3308 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 19:02:32.0665 3308 WudfPf - ok 19:02:32.0712 3308 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:02:32.0759 3308 WUDFRd - ok 19:02:32.0806 3308 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys 19:02:32.0837 3308 XAudio - ok 19:02:32.0915 3308 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl 19:02:32.0946 3308 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok 19:02:32.0946 3308 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 19:02:33.0133 3308 \Device\Harddisk0\DR0 - ok 19:02:33.0133 3308 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1 19:02:40.0294 3308 \Device\Harddisk1\DR1 - ok 19:02:40.0294 3308 Boot (0x1200) (6c8b2b9136c5b352e0c9a9315b43b891) \Device\Harddisk0\DR0\Partition0 19:02:40.0294 3308 \Device\Harddisk0\DR0\Partition0 - ok 19:02:40.0340 3308 Boot (0x1200) (73b59560631ce0a6bfc9b5ca9b8004ff) \Device\Harddisk0\DR0\Partition1 19:02:40.0340 3308 \Device\Harddisk0\DR0\Partition1 - ok 19:02:40.0356 3308 Boot (0x1200) (8356c8cd5635e661928d535a2155bcf6) \Device\Harddisk1\DR1\Partition0 19:02:40.0356 3308 \Device\Harddisk1\DR1\Partition0 - ok 19:02:40.0356 3308 ============================================================ 19:02:40.0356 3308 Scan finished 19:02:40.0356 3308 ============================================================ 19:02:40.0372 3192 Detected object count: 0 19:02:40.0372 3192 Actual detected object count: 0 |
15.02.2012, 19:15 | #15 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gleich zwei Trojaner auf einmal? Poste die Logs bitte in CODE-Tags Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Gleich zwei Trojaner auf einmal? |
antivir, antivir guard, avira, babylon, cpu, desktop, emsisoft, emsisoft anti-malware, firefox, flash player, google, hijack, home, mozilla, office 2007, packard bell, problem, realtek, scan, schädling, search the web, security, sicherheit, software, svchost.exe, system, tr/spy., trojaner, trojanisches pferd, updates, usb 2.0, vista, windows, windows 7 home, windows 7 home premium |