|
Log-Analyse und Auswertung: Trojaner Win32/ransom.ejWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.02.2012, 18:04 | #1 |
| Trojaner Win32/ransom.ej Ich habe mir gestern abend den Trojan:Win32/Ransom.ej eingefangen. Wenn ich Windows hochfahre kommt gleich ein Fenster wo ich was bezahlen soll mit paysafecard.Ich bekomme mein Laptop nur im abgesicherten Modus gestartet bzw. so das ich arbeiten kann. Ich habe ein Virenscan mit dem Programm Microsoft Security Essentials gemacht dort hängt nun der Virus Trojan:Win32/Ransom.EJ mit der Warnstufe schwerwiegend. Ich habe keine Ahnung wie ich den jetzt wieder entfernen kann. Im Anhang habe ich wie bei der Checklist drauf stand die drei Lofiles im Anhang mit raufgebracht. Vielen Dank schon mal im voraus für eure Hilfe. |
08.02.2012, 15:00 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Win32/ransom.ej Funktioniert noch der abgesicherte Modus mit Netzwerktreibern?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
08.02.2012, 17:11 | #3 |
| Trojaner Win32/ransom.ej Ja genauso fahre ich mein PC momentan hoch also das funktioniert:-)
__________________Gruß Katja |
09.02.2012, 11:18 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Win32/ransom.ej na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können: Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
09.02.2012, 18:58 | #5 |
| Trojaner Win32/ransom.ej ich weiß zwar nicht 100% wie das mit dem Code gehen aber ich versuch es mal:-) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.09.05 Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7600.16385 Katja :: KATJA204 [Administrator] 09.02.2012 17:26:26 mbam-log-2012-02-09 (18-18-32).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 415454 Laufzeit: 46 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firefox helper (Trojan.Ransom) -> Daten: C:\Users\Katja\AppData\Local\Mozilla\Firefox\firefox.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Katja\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Local\Temp\ms0cfg32.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\Users\Katja\Documents\SoftonicDownloader_fuer_ac3filter.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt. C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Keine Aktion durchgeführt. (Ende) Liebe Grüße Katja |
09.02.2012, 21:23 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Win32/ransom.ejZitat:
Prüfe danach ob der normale Modus wieder geht.
__________________ --> Trojaner Win32/ransom.ej |
11.02.2012, 09:35 | #7 |
| Trojaner Win32/ransom.ej Funde habe ich entfernt und nun kann ich mein PC wieder normal starten Muss ich jetzt noch was machen oder reicht das? Liebe Grüße Katja |
12.02.2012, 13:16 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Win32/ransom.ej ESET musst du noch machen
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2012, 17:57 | #9 |
| Trojaner Win32/ransom.ej ESET hat nun geklappt:-) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8a47eb7f6782a745b599203df5f5982f # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-10 07:25:11 # local_time=2012-02-10 08:25:11 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5893 16776574 66 85 57772235 80531593 0 0 # compatibility_mode=8192 67108863 100 0 96973 96973 0 0 # scanned=204 # found=0 # cleaned=0 # scan_time=167 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8a47eb7f6782a745b599203df5f5982f # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-12 03:52:05 # local_time=2012-02-12 04:52:05 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5893 16776574 66 85 57919840 80679198 0 0 # compatibility_mode=8192 67108863 100 0 244578 244578 0 0 # scanned=244242 # found=12 # cleaned=0 # scan_time=12577 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\Katja\AppData\Local\Babylon\Setup\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I E:\KATJA204\Backup Set 2011-09-04 190002\Backup Files 2011-09-04 190002\Backup files 6.zip a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I E:\KATJA204\Backup Set 2011-10-02 092345\Backup Files 2011-10-02 092345\Backup files 6.zip a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I E:\KATJA204\Backup Set 2011-10-02 092345\Backup Files 2011-12-11 190003\Backup files 1.zip Win32/SoftonicDownloader application (unable to clean) 00000000000000000000000000000000 I E:\KATJA204\Backup Set 2011-12-26 161054\Backup Files 2011-12-26 161054\Backup files 1.zip Win32/SoftonicDownloader application (unable to clean) 00000000000000000000000000000000 I E:\KATJA204\Backup Set 2011-12-26 161054\Backup Files 2011-12-26 161054\Backup files 7.zip a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I ${Memory} Win32/Toolbar.Babylon application 00000000000000000000000000000000 I |
12.02.2012, 18:43 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Win32/ransom.ej Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2012, 19:48 | #11 |
| Trojaner Win32/ransom.ej Hallo Arne, hier das Ergebnis. Code:
ATTFilter OTL logfile created on: 12.02.2012 19:21:50 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = E:\ 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 46,93% Memory free 7,73 Gb Paging File | 5,89 Gb Available in Paging File | 76,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 304,32 Gb Total Space | 216,20 Gb Free Space | 71,04% Space Free | Partition Type: NTFS Drive E: | 280,03 Gb Total Space | 52,86 Gb Free Space | 18,88% Space Free | Partition Type: NTFS Computer Name: KATJA204 | User Name: Katja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.12 19:08:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2011.12.20 10:06:34 | 001,370,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe PRC - [2011.09.11 15:21:38 | 000,837,656 | ---- | M] (hxxp://izloader.com/) -- C:\Program Files (x86)\Easy Downloads\easydownloads.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.07.29 08:47:08 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2010.02.24 00:28:24 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2009.12.24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2008.12.08 14:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2011.12.20 18:54:20 | 001,960,560 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wfvie12.dll MOD - [2011.12.20 17:44:09 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsdcom47.dll MOD - [2011.12.20 10:07:25 | 007,616,624 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wgui12.dll MOD - [2011.12.20 10:07:07 | 002,961,008 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wcore12.dll MOD - [2011.12.20 10:07:05 | 001,612,912 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wreli12.dll MOD - [2011.12.20 10:07:00 | 001,533,552 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wsteu12.dll MOD - [2011.12.20 10:06:58 | 000,318,064 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsguiwinapi47.dll MOD - [2011.12.20 10:06:55 | 000,261,232 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rscorewinapi47.dll MOD - [2011.12.20 10:06:34 | 001,370,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe MOD - [2011.12.20 10:06:21 | 000,135,792 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsodbc47.dll MOD - [2011.12.20 10:06:20 | 004,323,440 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wauff12.dll MOD - [2011.11.04 13:47:20 | 000,865,280 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtcluceners47.dll MOD - [2011.11.04 13:47:18 | 000,271,872 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\phononrs47.dll MOD - [2011.11.04 13:47:16 | 011,163,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtwebkitrs47.dll MOD - [2011.11.04 13:47:14 | 000,108,544 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qttestrs47.dll MOD - [2011.11.04 13:47:12 | 001,340,416 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtscriptrs47.dll MOD - [2011.11.04 13:47:12 | 000,704,000 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtsqlrs47.dll MOD - [2011.11.04 13:47:12 | 000,281,088 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtsvgrs47.dll MOD - [2011.11.04 13:47:10 | 008,934,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtguirs47.dll MOD - [2011.11.04 13:47:10 | 002,395,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qt3supportrs47.dll MOD - [2011.11.04 13:47:10 | 000,990,208 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtnetworkrs47.dll MOD - [2011.11.04 13:47:10 | 000,358,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtxmlrs47.dll MOD - [2011.11.04 13:47:08 | 002,356,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtcorers47.dll MOD - [2011.10.14 02:32:18 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.08.26 13:40:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.01.22 18:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.11.02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 02:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip) SRV - [2011.03.21 12:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.10.15 16:00:02 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.08.26 13:45:00 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.08.26 13:40:24 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010.04.12 19:02:18 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.24 00:28:24 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.02.05 19:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.12.24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.21 20:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2008.12.08 14:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011.04.24 14:42:31 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.02 14:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2010.12.02 14:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.12.02 14:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2010.12.02 14:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.07.15 07:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2010.07.15 07:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.05.12 11:14:54 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010.05.12 11:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV:64bit: - [2010.05.12 11:14:52 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2010.05.12 11:14:52 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.05.12 11:14:52 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.04.27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.04.27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.04.27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.01.22 18:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.01.22 17:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.01.05 17:55:04 | 001,580,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.12.02 03:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.11.02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.10.26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.16 12:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.09.30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010.07.15 07:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2010.07.15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010.02.24 13:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460 IE - HKLM\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460 IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101430&mntrId=80e8051800000000000076f1a11368f1 IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=80e8051800000000000076f1a11368f1&tlver=1.4.35.10&affID=101430&babsrc=SP_FFUP" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.01 10:15:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.06.22 16:05:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.08 19:16:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 17:51:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.06.22 16:05:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.01 10:15:59 | 000,000,000 | ---D | M] [2011.05.15 15:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Extensions [2012.02.02 18:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions [2012.01.08 16:03:13 | 000,000,000 | ---D | M] (IsoBuster DE Community Toolbar) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5} [2011.08.13 13:15:39 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3 [2011.07.12 15:41:14 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft [2011.09.11 15:22:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com [2011.12.27 14:45:12 | 000,000,933 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\11-suche.xml [2012.01.27 20:03:51 | 000,002,401 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\askcom.xml [2011.12.27 14:45:12 | 000,002,419 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\englische-ergebnisse.xml [2011.12.27 14:45:12 | 000,010,525 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\gmx-suche.xml [2011.12.27 14:45:12 | 000,002,457 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\lastminute.xml [2011.12.27 14:45:12 | 000,005,508 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\webde-suche.xml [2011.05.15 15:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.12.08 19:16:46 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 () (No name found) -- C:\USERS\KATJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B35ODC10.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\KATJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B35ODC10.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.02.12 17:51:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.27 20:06:11 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.27 20:06:11 | 000,002,112 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.01.27 20:06:11 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.27 20:06:11 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.27 20:06:11 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.24 11:12:09 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.27 20:06:11 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\Toolbar\WebBrowser: (IsoBuster DE Toolbar) - {134B012B-132D-4516-A786-2395828640B5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EasyDownloads] C:\Program Files (x86)\Easy Downloads\easydownloads.exe (hxxp://izloader.com/) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001..\Run: [] File not found O4 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0458700B-063D-4F6D-AC79-84ACDC9412A9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56956A4F-5F02-4A1F-8C09-00CCFE3908F2}: DhcpNameServer = 192.32.20.12 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.03.13 08:03:12 | 000,000,045 | ---- | M] () - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\Shell - "" = AutoRun O33 - MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\Shell - "" = AutoRun O33 - MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk - C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe - () MsConfig:64bit - StartUpReg: Corel Photo Downloader - hkey= - key= - c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig:64bit - StartUpReg: Standby - hkey= - key= - c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.ac3filter - ac3filter64.acm () Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.dvacm - c:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.MPEGacm - c:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.) Drivers32: msacm.ulmp3acm - c:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.09 18:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.02.09 18:25:02 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Katja\Desktop\esetsmartinstaller_enu.exe [2012.02.09 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\Malwarebytes [2012.02.09 17:22:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.02.09 17:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.09 17:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.09 17:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.09 17:19:48 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Katja\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.07 18:02:48 | 000,000,000 | ---D | C] -- C:\Logfiles.zip [2012.02.07 17:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.02.07 17:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.02.07 17:07:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Katja\Desktop\dds.com [2012.01.30 20:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.30 20:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.30 20:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.30 20:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.01.30 20:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.01.30 20:04:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.01.30 19:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.01.30 19:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.01.27 20:06:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2012.01.26 20:01:54 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\ElevatedDiagnostics [2012.01.21 23:09:08 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\Ashampoo Music Studio 3 [2012.01.21 23:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.01.21 23:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2012.01.21 18:01:46 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\{011FA7AF-9AB9-413A-9F74-A959D237B2E0} [2012.01.21 18:01:23 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\{C5AF25A0-F517-4512-A23C-F99B2AE19BD5} [2012.01.14 14:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012 [2012.01.14 13:59:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.12 18:32:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.12 18:32:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.12 16:15:20 | 000,201,020 | ---- | M] () -- C:\Users\Katja\Desktop\discoturm-nautica-magdeburg-2012-02-11-066.jpg [2012.02.12 11:50:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.11 22:19:52 | 001,534,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.11 22:19:52 | 000,666,968 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.11 22:19:52 | 000,627,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.11 22:19:52 | 000,136,004 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.11 22:19:52 | 000,111,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.11 09:37:52 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.11 09:37:52 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.09 18:25:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Katja\Desktop\esetsmartinstaller_enu.exe [2012.02.09 17:22:39 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.09 17:20:08 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Katja\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.07 17:33:46 | 001,110,476 | ---- | M] () -- C:\Users\Katja\Desktop\7z920.exe [2012.02.07 17:07:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Katja\Desktop\dds.com [2012.02.07 17:07:02 | 000,000,168 | ---- | M] () -- C:\Users\Katja\defogger_reenable [2012.02.07 17:05:43 | 000,050,477 | ---- | M] () -- C:\Users\Katja\Desktop\Defogger.exe [2012.01.30 20:06:29 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.30 19:59:46 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.01.29 17:32:53 | 000,000,607 | ---- | M] () -- C:\Windows\wiso.ini [2012.01.26 18:35:25 | 278,015,861 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.22 21:07:22 | 000,350,942 | ---- | M] () -- C:\Users\Katja\Desktop\Personalfachkauffrau Teil 1+ 001.jpg [2012.01.21 23:36:02 | 000,020,992 | ---- | M] () -- C:\Users\Katja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.21 23:07:20 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Music Studio 3.lnk [2012.01.19 13:54:07 | 000,001,203 | ---- | M] () -- C:\Users\Katja\Desktop\HP Officejet 4500 G510n-z - Verknüpfung.lnk [2012.01.18 14:32:50 | 000,031,356 | ---- | M] () -- C:\Users\Katja\Desktop\G1203.pdf [2012.01.18 14:32:12 | 000,445,489 | ---- | M] () -- C:\Users\Katja\Desktop\G1204_1205_1206.pdf [2012.01.17 17:38:31 | 000,981,716 | ---- | M] () -- C:\Users\Katja\Desktop\Ernaehrung.pdf [2012.01.14 14:08:37 | 000,002,101 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012.01.14 14:08:37 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.12 16:14:45 | 000,201,020 | ---- | C] () -- C:\Users\Katja\Desktop\discoturm-nautica-magdeburg-2012-02-11-066.jpg [2012.02.09 17:22:39 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.07 17:33:45 | 001,110,476 | ---- | C] () -- C:\Users\Katja\Desktop\7z920.exe [2012.02.07 17:07:02 | 000,000,168 | ---- | C] () -- C:\Users\Katja\defogger_reenable [2012.02.07 17:05:42 | 000,050,477 | ---- | C] () -- C:\Users\Katja\Desktop\Defogger.exe [2012.01.30 20:06:29 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.30 19:59:46 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.01.22 21:07:38 | 000,350,942 | ---- | C] () -- C:\Users\Katja\Desktop\Personalfachkauffrau Teil 1+ 001.jpg [2012.01.21 23:07:20 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Music Studio 3.lnk [2012.01.19 13:54:07 | 000,001,203 | ---- | C] () -- C:\Users\Katja\Desktop\HP Officejet 4500 G510n-z - Verknüpfung.lnk [2012.01.18 14:32:50 | 000,031,356 | ---- | C] () -- C:\Users\Katja\Desktop\G1203.pdf [2012.01.18 14:32:11 | 000,445,489 | ---- | C] () -- C:\Users\Katja\Desktop\G1204_1205_1206.pdf [2012.01.17 17:38:30 | 000,981,716 | ---- | C] () -- C:\Users\Katja\Desktop\Ernaehrung.pdf [2012.01.14 17:41:38 | 278,015,861 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.01.14 14:08:37 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012.01.14 14:08:37 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk [2011.12.24 11:18:44 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.12.05 12:32:43 | 131,684,208 | ---- | C] () -- C:\Program Files (x86)\Pixelnet_Software_Setup.exe [2011.04.01 10:09:41 | 000,241,431 | ---- | C] () -- C:\Windows\hpwins28.dat [2011.02.12 18:18:02 | 000,000,607 | ---- | C] () -- C:\Windows\wiso.ini [2011.01.23 16:59:09 | 000,020,992 | ---- | C] () -- C:\Users\Katja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.23 16:58:32 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.01.23 16:58:32 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E0AC77F6BD.sys [2011.01.09 21:00:31 | 000,004,990 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2010.12.11 18:29:32 | 000,000,093 | ---- | C] () -- C:\Users\Katja\AppData\Local\fusioncache.dat [2010.12.11 18:28:19 | 001,555,946 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.15 17:01:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.05 16:02:48 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI [2010.09.27 17:40:17 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2010.09.26 14:31:52 | 001,774,720 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2010.09.26 14:31:52 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2010.09.26 14:31:52 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2010.09.26 14:31:52 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2010.09.26 14:31:52 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2010.09.26 08:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.04.13 04:22:39 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.04.13 04:21:45 | 000,001,741 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2010.04.12 19:02:48 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2010.04.12 18:45:04 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.04.12 18:45:04 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini [2010.04.12 18:40:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.02.11 20:20:02 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini [2010.02.11 20:20:02 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini [2010.02.11 20:20:02 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini [2009.08.18 08:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.06.07 12:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll ========== LOP Check ========== [2011.04.17 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Babylon [2011.04.17 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Bioshock [2011.04.10 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Buhl Data Service [2011.09.12 16:00:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Canon [2011.01.09 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Carambis [2011.04.24 15:16:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DAEMON Tools Lite [2011.12.24 11:18:45 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DesktopIconForAmazon [2011.04.29 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\GoPal Assistant [2011.01.20 20:30:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\gtk-2.0 [2011.07.28 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Gutscheinmieze [2011.01.20 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\MAGIX [2011.04.24 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Merscom [2011.08.13 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\NCH Swift Sound [2011.12.24 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\OCS [2011.12.24 11:12:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Opera [2011.06.26 11:35:49 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\PC Suite [2011.08.12 10:18:51 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Samsung [2010.10.15 15:59:52 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\TuneUp Software [2010.12.11 18:31:14 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Turbine [2011.01.23 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Ulead Systems [2010.09.24 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\WildTangentv1002 [2010.10.15 17:44:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Windows SideBar [2011.12.05 09:14:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.29 20:12:15 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Adobe [2011.04.03 16:48:57 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Apple Computer [2010.09.24 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\ATI [2011.04.17 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Babylon [2011.04.17 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Bioshock [2011.04.10 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Buhl Data Service [2011.09.12 16:00:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Canon [2011.01.09 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Carambis [2011.01.23 16:58:33 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Corel [2010.12.16 19:10:38 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\CyberLink [2011.04.24 15:16:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DAEMON Tools Lite [2011.12.24 11:18:45 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DesktopIconForAmazon [2011.11.05 15:04:56 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DivX [2012.01.06 23:26:13 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\dvdcss [2010.09.24 15:20:39 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Google [2011.04.29 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\GoPal Assistant [2011.01.20 20:30:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\gtk-2.0 [2011.07.28 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Gutscheinmieze [2011.04.01 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\HP [2010.09.24 15:12:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Identities [2011.04.17 12:38:49 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\InstallShield [2010.09.24 15:12:50 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Intel Corporation [2010.09.24 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Macromedia [2011.01.20 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\MAGIX [2012.02.09 17:22:41 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Malwarebytes [2010.02.11 20:32:59 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Media Center Programs [2011.04.24 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Merscom [2011.11.10 18:59:57 | 000,000,000 | --SD | M] -- C:\Users\Katja\AppData\Roaming\Microsoft [2011.05.15 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Mozilla [2011.08.13 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\NCH Swift Sound [2011.12.24 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\OCS [2011.12.24 11:12:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Opera [2011.06.26 11:35:49 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\PC Suite [2011.08.12 10:18:51 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Samsung [2011.04.17 12:57:22 | 000,000,000 | RH-D | M] -- C:\Users\Katja\AppData\Roaming\SecuROM [2012.02.12 19:17:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Skype [2010.10.15 15:59:52 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\TuneUp Software [2010.12.11 18:31:14 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Turbine [2011.01.23 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Ulead Systems [2011.10.13 21:42:40 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\vlc [2010.09.24 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\WildTangentv1002 [2010.10.15 17:44:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Windows SideBar [2011.01.07 21:24:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\WinRAR [2011.04.01 10:16:24 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Yahoo! [2011.09.12 16:01:01 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\ZoomBrowser EX < %APPDATA%\*.exe /s > [2011.12.24 11:18:44 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Katja\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2011.04.29 14:40:43 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\23A0B03D-F42B-4A4D-A64C-C4E946585B5E\AutoRunCE.exe [2011.04.29 14:40:44 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\23A0B03D-F42B-4A4D-A64C-C4E946585B5E\1\module.exe [2011.04.29 14:41:23 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\339E641C-73A4-44D0-AD2B-816E368225DF\AutoRunCE.exe [2011.04.29 14:41:23 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\339E641C-73A4-44D0-AD2B-816E368225DF\1\module.exe [2011.04.29 14:41:09 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\3EEA5F55-83AB-4448-98E4-C364B6DFAEF7\AutoRunCE.exe [2011.04.29 14:41:10 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\3EEA5F55-83AB-4448-98E4-C364B6DFAEF7\1\module.exe [2011.04.29 14:41:15 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\4F0ACCE4-F7AE-4923-A9F4-81C028596E55\AutoRunCE.exe [2011.04.29 14:41:15 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\4F0ACCE4-F7AE-4923-A9F4-81C028596E55\1\module.exe [2011.04.29 14:41:29 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\6274F28B-F345-4BA9-B53C-3E2E3D25E442\AutoRunCE.exe [2011.04.29 14:41:29 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\6274F28B-F345-4BA9-B53C-3E2E3D25E442\1\module.exe [2011.04.29 14:40:59 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\7AF495BA-85AD-4187-B21F-E26B6897C748\AutoRunCE.exe [2011.04.29 14:40:59 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\7AF495BA-85AD-4187-B21F-E26B6897C748\1\module.exe [2011.04.29 14:40:48 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\8BBB19C3-9C60-44CB-8A5E-BC8BCB78AC5D\AutoRunCE.exe [2011.04.29 14:40:48 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\8BBB19C3-9C60-44CB-8A5E-BC8BCB78AC5D\1\module.exe [2011.04.29 14:41:05 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\92746DE9-F77D-43A9-BAB3-87E12605CE35\AutoRunCE.exe [2011.04.29 14:41:06 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\92746DE9-F77D-43A9-BAB3-87E12605CE35\1\module.exe [2011.04.29 14:40:53 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\98B5E998-AD01-4E0C-A3D9-CC949E946A49\AutoRunCE.exe [2011.04.29 14:40:54 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\98B5E998-AD01-4E0C-A3D9-CC949E946A49\1\module.exe [2011.04.29 14:41:17 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\9F7A79D6-3A06-4F78-90D0-FA897A4FD783\AutoRunCE.exe [2011.04.29 14:41:18 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\9F7A79D6-3A06-4F78-90D0-FA897A4FD783\1\module.exe [2011.04.29 14:41:25 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A2922E09-96FC-489E-B230-2712FFE6FE11\AutoRunCE.exe [2011.04.29 14:41:26 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A2922E09-96FC-489E-B230-2712FFE6FE11\1\module.exe [2011.04.29 14:40:01 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A7287F0A-05FE-408C-AB9A-5FEF470567C1\AutoRunCE.exe [2011.04.29 14:40:16 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A7287F0A-05FE-408C-AB9A-5FEF470567C1\1\module.exe [2011.04.29 14:40:36 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\AD8325DB-A2BE-4F60-A78D-AB1748B0D4FA\AutoRunCE.exe [2011.04.29 14:40:38 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\AD8325DB-A2BE-4F60-A78D-AB1748B0D4FA\1\module.exe [2011.04.29 14:41:07 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\B77505EF-1AFD-46B9-B08A-036EF94F9AF4\AutoRunCE.exe [2011.04.29 14:41:07 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\B77505EF-1AFD-46B9-B08A-036EF94F9AF4\1\module.exe [2011.04.29 14:40:29 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\C31A8510-F49E-4961-A54B-F33A1BD80AFF\AutoRunCE.exe [2011.04.29 14:40:30 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\C31A8510-F49E-4961-A54B-F33A1BD80AFF\1\module.exe [2011.04.29 14:40:22 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\D14E9445-4543-4301-8AE3-CC56BC8D443D\AutoRunCE.exe [2011.04.29 14:40:24 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\D14E9445-4543-4301-8AE3-CC56BC8D443D\1\module.exe [2011.04.29 14:41:20 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\E57937F2-41B4-4D3C-B65A-D4A66F85A852\AutoRunCE.exe [2011.04.29 14:41:21 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\E57937F2-41B4-4D3C-B65A-D4A66F85A852\1\module.exe [2011.04.29 14:41:03 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\F504E7FB-12D2-4F6E-94B7-01FBA1B1985E\AutoRunCE.exe [2011.04.29 14:41:04 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\F504E7FB-12D2-4F6E-94B7-01FBA1B1985E\1\module.exe [2011.04.29 14:41:12 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\FDDB8B34-B577-41FB-98B9-AAC9D2A5FA75\AutoRunCE.exe [2011.04.29 14:41:13 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\FDDB8B34-B577-41FB-98B9-AAC9D2A5FA75\1\module.exe [2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Katja\AppData\Roaming\Gutscheinmieze\uninstall.exe [2011.12.24 11:12:06 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Katja\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2011.12.24 11:12:06 | 000,040,960 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011.08.12 11:20:13 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Users\Katja\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe < %SYSTEMDRIVE%\*.exe > [2011.12.23 23:12:52 | 003,818,944 | ---- | M] (Smart Projects ) -- C:\isobuster_all_lang.exe < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\drivers\iaStor.sys [2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2010.12.21 06:36:16 | 001,236,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msxml3.dll [2009.07.14 02:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\scrrun.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > < End of report > Katja |
12.02.2012, 20:36 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Win32/ransom.ej Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460 IE - HKLM\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460 IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=101430&mntrId=80e8051800000000000076f1a11368f1 IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.de/" FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=80e8051800000000000076f1a11368f1&tlver=1.4.35.10&affID=101430&babsrc=SP_FFUP" [2012.01.08 16:03:13 | 000,000,000 | ---D | M] (IsoBuster DE Community Toolbar) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5} [2011.08.13 13:15:39 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3 [2011.07.12 15:41:14 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft [2011.09.11 15:22:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com [2011.12.27 14:45:12 | 000,000,933 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\11-suche.xml [2012.01.27 20:03:51 | 000,002,401 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\askcom.xml [2012.01.27 20:06:11 | 000,002,112 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.01.27 20:06:11 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\Toolbar\WebBrowser: (IsoBuster DE Toolbar) - {134B012B-132D-4516-A786-2395828640B5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.) O4 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001..\Run: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.03.13 08:03:12 | 000,000,045 | ---- | M] () - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\Shell - "" = AutoRun O33 - MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\Shell - "" = AutoRun O33 - MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true [2012.01.21 18:01:46 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\{011FA7AF-9AB9-413A-9F74-A959D237B2E0} [2012.01.21 18:01:23 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\{C5AF25A0-F517-4512-A23C-F99B2AE19BD5} [2011.07.28 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Gutscheinmieze :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2012, 20:49 | #13 |
| Trojaner Win32/ransom.ej Das kam nach dem Neustart. Code:
ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{134b012b-132d-4516-a786-2395828640b5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134b012b-132d-4516-a786-2395828640b5}\ deleted successfully. C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll moved successfully. HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully! HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{134b012b-132d-4516-a786-2395828640b5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134b012b-132d-4516-a786-2395828640b5}\ not found. File C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll not found. Registry value HKEY_USERS\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4}\ not found. Registry value HKEY_USERS\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=80e8051800000000000076f1a11368f1&tlver=1.4.35.10&affID=101430&babsrc=SP_FFUP" removed from keyword.URL C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\searchplugin folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\modules folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\META-INF folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\defaults folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\components folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\chrome folder moved successfully. Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5} scheduled to be moved on reboot. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3\chrome\content\skin folder moved successfully. Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3\chrome\content scheduled to be moved on reboot. Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3\chrome scheduled to be moved on reboot. Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3 scheduled to be moved on reboot. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft\content folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft\components folder moved successfully. Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft scheduled to be moved on reboot. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully. Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\defaults scheduled to be moved on reboot. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully. Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content\imgs scheduled to be moved on reboot. Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content scheduled to be moved on reboot. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\components folder moved successfully. Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com scheduled to be moved on reboot. C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\11-suche.xml moved successfully. C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\askcom.xml moved successfully. C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully. C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{134b012b-132d-4516-a786-2395828640b5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134b012b-132d-4516-a786-2395828640b5}\ not found. File C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully. C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{134b012b-132d-4516-a786-2395828640b5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134b012b-132d-4516-a786-2395828640b5}\ not found. File C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{134B012B-132D-4516-A786-2395828640B5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134B012B-132D-4516-A786-2395828640B5}\ not found. File C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll not found. Registry value HKEY_USERS\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autorun.inf moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6123428e-1022-11e0-a278-00262d9e0149}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6123428e-1022-11e0-a278-00262d9e0149}\ not found. File F:\pushinst.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\ not found. File "F:\WD SmartWare.exe" autoplay=true not found. C:\Users\Katja\AppData\Local\{011FA7AF-9AB9-413A-9F74-A959D237B2E0} folder moved successfully. C:\Users\Katja\AppData\Local\{C5AF25A0-F517-4512-A23C-F99B2AE19BD5} folder moved successfully. C:\Users\Katja\AppData\Roaming\Gutscheinmieze folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Katja ->Temp folder emptied: 20707302 bytes ->Temporary Internet Files folder emptied: 127921973 bytes ->Java cache emptied: 30160994 bytes ->FireFox cache emptied: 197957971 bytes ->Flash cache emptied: 1483 bytes User: Public User: V574054 %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5652989 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 365,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 02122012_204147 Files\Folders moved on Reboot... C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5} folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3\chrome\content folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3\chrome folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3 folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content folder moved successfully. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com folder moved successfully. C:\Users\Katja\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot... |
13.02.2012, 09:53 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Win32/ransom.ej Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
24.02.2012, 19:22 | #15 |
| Trojaner Win32/ransom.ej Hallo Arne, hier das Ergebnis. Code:
ATTFilter 19:17:36.0738 4640 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49 19:17:37.0190 4640 ============================================================ 19:17:37.0190 4640 Current date / time: 2012/02/24 19:17:37.0190 19:17:37.0190 4640 SystemInfo: 19:17:37.0190 4640 19:17:37.0190 4640 OS Version: 6.1.7600 ServicePack: 0.0 19:17:37.0190 4640 Product type: Workstation 19:17:37.0190 4640 ComputerName: KATJA204 19:17:37.0190 4640 UserName: Katja 19:17:37.0190 4640 Windows directory: C:\Windows 19:17:37.0190 4640 System windows directory: C:\Windows 19:17:37.0190 4640 Running under WOW64 19:17:37.0190 4640 Processor architecture: Intel x64 19:17:37.0190 4640 Number of processors: 4 19:17:37.0190 4640 Page size: 0x1000 19:17:37.0190 4640 Boot type: Normal boot 19:17:37.0190 4640 ============================================================ 19:17:37.0499 4640 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:17:37.0504 4640 \Device\Harddisk0\DR0: 19:17:37.0505 4640 MBR used 19:17:37.0505 4640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000 19:17:37.0505 4640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x260A3AB0 19:17:37.0526 4640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27847000, BlocksNum 0x23010800 19:17:37.0611 4640 Initialize success 19:17:37.0611 4640 ============================================================ 19:17:58.0246 3124 ============================================================ 19:17:58.0246 3124 Scan started 19:17:58.0246 3124 Mode: Manual; 19:17:58.0246 3124 ============================================================ 19:17:58.0589 3124 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 19:17:58.0589 3124 1394ohci - ok 19:17:58.0604 3124 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 19:17:58.0604 3124 ACPI - ok 19:17:58.0698 3124 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 19:17:58.0698 3124 AcpiPmi - ok 19:17:58.0807 3124 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:17:58.0807 3124 adp94xx - ok 19:17:58.0916 3124 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:17:58.0916 3124 adpahci - ok 19:17:59.0026 3124 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:17:59.0026 3124 adpu320 - ok 19:17:59.0135 3124 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 19:17:59.0135 3124 AFD - ok 19:17:59.0244 3124 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 19:17:59.0244 3124 agp440 - ok 19:17:59.0353 3124 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 19:17:59.0353 3124 aliide - ok 19:17:59.0462 3124 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 19:17:59.0462 3124 amdide - ok 19:17:59.0509 3124 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:17:59.0509 3124 AmdK8 - ok 19:17:59.0743 3124 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys 19:17:59.0774 3124 amdkmdag - ok 19:17:59.0868 3124 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys 19:17:59.0884 3124 amdkmdap - ok 19:17:59.0930 3124 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 19:17:59.0930 3124 AmdPPM - ok 19:18:00.0008 3124 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 19:18:00.0008 3124 amdsata - ok 19:18:00.0071 3124 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:18:00.0071 3124 amdsbs - ok 19:18:00.0118 3124 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 19:18:00.0118 3124 amdxata - ok 19:18:00.0242 3124 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS 19:18:00.0242 3124 AmUStor - ok 19:18:00.0367 3124 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys 19:18:00.0367 3124 androidusb - ok 19:18:00.0476 3124 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 19:18:00.0476 3124 AppID - ok 19:18:00.0586 3124 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:18:00.0586 3124 arc - ok 19:18:00.0632 3124 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:18:00.0632 3124 arcsas - ok 19:18:00.0742 3124 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:18:00.0742 3124 AsyncMac - ok 19:18:00.0804 3124 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 19:18:00.0804 3124 atapi - ok 19:18:00.0944 3124 athr (afd6c8d783e100f7c46277c45175a96f) C:\Windows\system32\DRIVERS\athrx.sys 19:18:00.0960 3124 athr - ok 19:18:01.0085 3124 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys 19:18:01.0085 3124 AtiHdmiService - ok 19:18:01.0194 3124 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:18:01.0194 3124 b06bdrv - ok 19:18:01.0241 3124 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:18:01.0241 3124 b57nd60a - ok 19:18:01.0381 3124 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 19:18:01.0397 3124 BCM43XX - ok 19:18:01.0475 3124 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:18:01.0475 3124 Beep - ok 19:18:01.0553 3124 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:18:01.0568 3124 blbdrive - ok 19:18:01.0662 3124 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 19:18:01.0662 3124 bowser - ok 19:18:01.0740 3124 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:18:01.0740 3124 BrFiltLo - ok 19:18:01.0756 3124 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:18:01.0756 3124 BrFiltUp - ok 19:18:01.0834 3124 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:18:01.0834 3124 Brserid - ok 19:18:01.0849 3124 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:18:01.0849 3124 BrSerWdm - ok 19:18:01.0927 3124 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:18:01.0927 3124 BrUsbMdm - ok 19:18:01.0927 3124 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:18:01.0927 3124 BrUsbSer - ok 19:18:01.0958 3124 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:18:01.0958 3124 BTHMODEM - ok 19:18:02.0052 3124 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:18:02.0052 3124 cdfs - ok 19:18:02.0068 3124 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 19:18:02.0068 3124 cdrom - ok 19:18:02.0161 3124 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:18:02.0161 3124 circlass - ok 19:18:02.0192 3124 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:18:02.0192 3124 CLFS - ok 19:18:02.0302 3124 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:18:02.0302 3124 CmBatt - ok 19:18:02.0333 3124 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 19:18:02.0333 3124 cmdide - ok 19:18:02.0411 3124 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 19:18:02.0411 3124 CNG - ok 19:18:02.0504 3124 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:18:02.0504 3124 Compbatt - ok 19:18:02.0536 3124 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 19:18:02.0536 3124 CompositeBus - ok 19:18:02.0614 3124 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:18:02.0614 3124 crcdisk - ok 19:18:02.0707 3124 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 19:18:02.0707 3124 DfsC - ok 19:18:02.0785 3124 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:18:02.0785 3124 discache - ok 19:18:02.0832 3124 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:18:02.0832 3124 Disk - ok 19:18:02.0972 3124 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 19:18:02.0972 3124 Dot4 - ok 19:18:03.0019 3124 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys 19:18:03.0019 3124 Dot4Print - ok 19:18:03.0050 3124 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 19:18:03.0050 3124 dot4usb - ok 19:18:03.0144 3124 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:18:03.0144 3124 drmkaud - ok 19:18:03.0253 3124 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 19:18:03.0253 3124 dtsoftbus01 - ok 19:18:03.0300 3124 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 19:18:03.0300 3124 DXGKrnl - ok 19:18:03.0425 3124 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:18:03.0456 3124 ebdrv - ok 19:18:03.0550 3124 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:18:03.0550 3124 elxstor - ok 19:18:03.0628 3124 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys 19:18:03.0628 3124 epmntdrv - ok 19:18:03.0674 3124 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 19:18:03.0674 3124 ErrDev - ok 19:18:03.0768 3124 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys 19:18:03.0768 3124 EuGdiDrv - ok 19:18:03.0830 3124 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:18:03.0830 3124 exfat - ok 19:18:03.0893 3124 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:18:03.0893 3124 fastfat - ok 19:18:03.0986 3124 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:18:03.0986 3124 fdc - ok 19:18:04.0018 3124 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:18:04.0018 3124 FileInfo - ok 19:18:04.0080 3124 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:18:04.0080 3124 Filetrace - ok 19:18:04.0174 3124 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:18:04.0174 3124 flpydisk - ok 19:18:04.0189 3124 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 19:18:04.0189 3124 FltMgr - ok 19:18:04.0205 3124 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:18:04.0205 3124 FsDepends - ok 19:18:04.0267 3124 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 19:18:04.0267 3124 Fs_Rec - ok 19:18:04.0314 3124 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:18:04.0330 3124 fvevol - ok 19:18:04.0392 3124 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:18:04.0392 3124 gagp30kx - ok 19:18:04.0423 3124 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:18:04.0423 3124 GEARAspiWDM - ok 19:18:04.0548 3124 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:18:04.0548 3124 hcw85cir - ok 19:18:04.0579 3124 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 19:18:04.0579 3124 HdAudAddService - ok 19:18:04.0673 3124 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:18:04.0673 3124 HDAudBus - ok 19:18:04.0720 3124 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 19:18:04.0720 3124 HECIx64 - ok 19:18:04.0766 3124 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:18:04.0766 3124 HidBatt - ok 19:18:04.0782 3124 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:18:04.0782 3124 HidBth - ok 19:18:04.0860 3124 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:18:04.0860 3124 HidIr - ok 19:18:04.0938 3124 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 19:18:04.0938 3124 HidUsb - ok 19:18:05.0016 3124 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 19:18:05.0016 3124 HpSAMD - ok 19:18:05.0078 3124 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 19:18:05.0078 3124 HTTP - ok 19:18:05.0125 3124 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 19:18:05.0125 3124 hwpolicy - ok 19:18:05.0219 3124 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 19:18:05.0219 3124 i8042prt - ok 19:18:05.0250 3124 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys 19:18:05.0250 3124 iaStor - ok 19:18:05.0359 3124 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 19:18:05.0359 3124 iaStorV - ok 19:18:05.0546 3124 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 19:18:05.0578 3124 igfx - ok 19:18:05.0656 3124 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:18:05.0656 3124 iirsp - ok 19:18:05.0718 3124 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys 19:18:05.0718 3124 Impcd - ok 19:18:05.0843 3124 IntcAzAudAddService (53019327813ff5ab2964b33b2c61307c) C:\Windows\system32\drivers\RTKVHD64.sys 19:18:05.0858 3124 IntcAzAudAddService - ok 19:18:05.0936 3124 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 19:18:05.0936 3124 intelide - ok 19:18:05.0968 3124 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:18:05.0983 3124 intelppm - ok 19:18:06.0061 3124 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:18:06.0061 3124 IpFilterDriver - ok 19:18:06.0092 3124 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 19:18:06.0092 3124 IPMIDRV - ok 19:18:06.0170 3124 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:18:06.0186 3124 IPNAT - ok 19:18:06.0280 3124 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:18:06.0280 3124 IRENUM - ok 19:18:06.0295 3124 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 19:18:06.0295 3124 isapnp - ok 19:18:06.0373 3124 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 19:18:06.0373 3124 iScsiPrt - ok 19:18:06.0404 3124 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys 19:18:06.0404 3124 k57nd60a - ok 19:18:06.0482 3124 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 19:18:06.0482 3124 kbdclass - ok 19:18:06.0514 3124 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 19:18:06.0514 3124 kbdhid - ok 19:18:06.0592 3124 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 19:18:06.0592 3124 KSecDD - ok 19:18:06.0623 3124 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 19:18:06.0623 3124 KSecPkg - ok 19:18:06.0685 3124 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:18:06.0685 3124 ksthunk - ok 19:18:06.0779 3124 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys 19:18:06.0794 3124 L1E - ok 19:18:06.0857 3124 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:18:06.0857 3124 lltdio - ok 19:18:06.0919 3124 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:18:06.0935 3124 LSI_FC - ok 19:18:06.0997 3124 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:18:06.0997 3124 LSI_SAS - ok 19:18:07.0044 3124 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:18:07.0060 3124 LSI_SAS2 - ok 19:18:07.0091 3124 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:18:07.0091 3124 LSI_SCSI - ok 19:18:07.0106 3124 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:18:07.0106 3124 luafv - ok 19:18:07.0153 3124 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:18:07.0169 3124 megasas - ok 19:18:07.0200 3124 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:18:07.0200 3124 MegaSR - ok 19:18:07.0247 3124 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:18:07.0262 3124 Modem - ok 19:18:07.0340 3124 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:18:07.0340 3124 monitor - ok 19:18:07.0418 3124 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:18:07.0418 3124 mouclass - ok 19:18:07.0434 3124 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:18:07.0434 3124 mouhid - ok 19:18:07.0528 3124 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 19:18:07.0528 3124 mountmgr - ok 19:18:07.0621 3124 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys 19:18:07.0621 3124 MpFilter - ok 19:18:07.0637 3124 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 19:18:07.0637 3124 mpio - ok 19:18:07.0730 3124 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys 19:18:07.0730 3124 MpNWMon - ok 19:18:07.0762 3124 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:18:07.0762 3124 mpsdrv - ok 19:18:07.0824 3124 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 19:18:07.0824 3124 MRxDAV - ok 19:18:07.0871 3124 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:18:07.0871 3124 mrxsmb - ok 19:18:07.0949 3124 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:18:07.0964 3124 mrxsmb10 - ok 19:18:07.0996 3124 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:18:07.0996 3124 mrxsmb20 - ok 19:18:08.0058 3124 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 19:18:08.0058 3124 msahci - ok 19:18:08.0074 3124 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 19:18:08.0074 3124 msdsm - ok 19:18:08.0152 3124 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:18:08.0152 3124 Msfs - ok 19:18:08.0167 3124 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:18:08.0167 3124 mshidkmdf - ok 19:18:08.0183 3124 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 19:18:08.0183 3124 msisadrv - ok 19:18:08.0276 3124 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:18:08.0276 3124 MSKSSRV - ok 19:18:08.0370 3124 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:18:08.0370 3124 MSPCLOCK - ok 19:18:08.0448 3124 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:18:08.0448 3124 MSPQM - ok 19:18:08.0464 3124 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 19:18:08.0479 3124 MsRPC - ok 19:18:08.0495 3124 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 19:18:08.0495 3124 mssmbios - ok 19:18:08.0573 3124 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:18:08.0573 3124 MSTEE - ok 19:18:08.0604 3124 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:18:08.0604 3124 MTConfig - ok 19:18:08.0620 3124 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:18:08.0620 3124 Mup - ok 19:18:08.0729 3124 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:18:08.0729 3124 NativeWifiP - ok 19:18:08.0822 3124 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 19:18:08.0822 3124 NDIS - ok 19:18:08.0932 3124 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:18:08.0932 3124 NdisCap - ok 19:18:08.0947 3124 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:18:08.0947 3124 NdisTapi - ok 19:18:09.0025 3124 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 19:18:09.0025 3124 Ndisuio - ok 19:18:09.0056 3124 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 19:18:09.0056 3124 NdisWan - ok 19:18:09.0150 3124 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 19:18:09.0150 3124 NDProxy - ok 19:18:09.0244 3124 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:18:09.0244 3124 NetBIOS - ok 19:18:09.0275 3124 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 19:18:09.0275 3124 NetBT - ok 19:18:09.0368 3124 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:18:09.0368 3124 nfrd960 - ok 19:18:09.0415 3124 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 19:18:09.0415 3124 NisDrv - ok 19:18:09.0509 3124 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys 19:18:09.0509 3124 nmwcd - ok 19:18:09.0540 3124 nmwcdc (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys 19:18:09.0540 3124 nmwcdc - ok 19:18:09.0618 3124 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:18:09.0618 3124 Npfs - ok 19:18:09.0634 3124 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:18:09.0634 3124 nsiproxy - ok 19:18:09.0696 3124 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 19:18:09.0712 3124 Ntfs - ok 19:18:09.0774 3124 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:18:09.0774 3124 Null - ok 19:18:09.0805 3124 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 19:18:09.0805 3124 nvraid - ok 19:18:09.0868 3124 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 19:18:09.0868 3124 nvstor - ok 19:18:09.0914 3124 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 19:18:09.0914 3124 nv_agp - ok 19:18:09.0977 3124 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 19:18:09.0977 3124 ohci1394 - ok 19:18:10.0008 3124 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:18:10.0008 3124 Parport - ok 19:18:10.0070 3124 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 19:18:10.0070 3124 partmgr - ok 19:18:10.0164 3124 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 19:18:10.0164 3124 pccsmcfd - ok 19:18:10.0195 3124 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 19:18:10.0195 3124 pci - ok 19:18:10.0273 3124 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 19:18:10.0273 3124 pciide - ok 19:18:10.0304 3124 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:18:10.0320 3124 pcmcia - ok 19:18:10.0382 3124 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:18:10.0382 3124 pcw - ok 19:18:10.0414 3124 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:18:10.0414 3124 PEAUTH - ok 19:18:10.0538 3124 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 19:18:10.0538 3124 PptpMiniport - ok 19:18:10.0554 3124 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:18:10.0554 3124 Processor - ok 19:18:10.0648 3124 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 19:18:10.0648 3124 Psched - ok 19:18:10.0710 3124 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 19:18:10.0710 3124 PxHlpa64 - ok 19:18:10.0804 3124 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:18:10.0819 3124 ql2300 - ok 19:18:10.0897 3124 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:18:10.0897 3124 ql40xx - ok 19:18:10.0913 3124 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:18:10.0913 3124 QWAVEdrv - ok 19:18:11.0022 3124 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:18:11.0022 3124 RasAcd - ok 19:18:11.0069 3124 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:18:11.0069 3124 RasAgileVpn - ok 19:18:11.0147 3124 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:18:11.0147 3124 Rasl2tp - ok 19:18:11.0209 3124 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:18:11.0209 3124 RasPppoe - ok 19:18:11.0256 3124 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:18:11.0256 3124 RasSstp - ok 19:18:11.0303 3124 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 19:18:11.0303 3124 rdbss - ok 19:18:11.0350 3124 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:18:11.0350 3124 rdpbus - ok 19:18:11.0396 3124 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:18:11.0396 3124 RDPCDD - ok 19:18:11.0459 3124 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:18:11.0459 3124 RDPENCDD - ok 19:18:11.0490 3124 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:18:11.0490 3124 RDPREFMP - ok 19:18:11.0552 3124 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 19:18:11.0552 3124 RDPWD - ok 19:18:11.0599 3124 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 19:18:11.0615 3124 rdyboost - ok 19:18:11.0708 3124 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:18:11.0708 3124 rspndr - ok 19:18:11.0740 3124 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 19:18:11.0740 3124 sbp2port - ok 19:18:11.0818 3124 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 19:18:11.0818 3124 scfilter - ok 19:18:11.0880 3124 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:18:11.0880 3124 secdrv - ok 19:18:11.0927 3124 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:18:11.0927 3124 Serenum - ok 19:18:12.0005 3124 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:18:12.0005 3124 Serial - ok 19:18:12.0052 3124 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:18:12.0052 3124 sermouse - ok 19:18:12.0161 3124 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 19:18:12.0161 3124 sffdisk - ok 19:18:12.0176 3124 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 19:18:12.0192 3124 sffp_mmc - ok 19:18:12.0239 3124 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 19:18:12.0239 3124 sffp_sd - ok 19:18:12.0254 3124 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:18:12.0254 3124 sfloppy - ok 19:18:12.0348 3124 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:18:12.0348 3124 SiSRaid2 - ok 19:18:12.0379 3124 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:18:12.0379 3124 SiSRaid4 - ok 19:18:12.0457 3124 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:18:12.0457 3124 Smb - ok 19:18:12.0535 3124 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:18:12.0535 3124 spldr - ok 19:18:12.0598 3124 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 19:18:12.0598 3124 srv - ok 19:18:12.0660 3124 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 19:18:12.0660 3124 srv2 - ok 19:18:12.0691 3124 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 19:18:12.0691 3124 srvnet - ok 19:18:12.0785 3124 ssadbus (866f8212ef7e75bac8bca03331e30cb4) C:\Windows\system32\DRIVERS\ssadbus.sys 19:18:12.0785 3124 ssadbus - ok 19:18:12.0816 3124 ssadmdfl (73e2ba39e7eb024dc686412e2e924a74) C:\Windows\system32\DRIVERS\ssadmdfl.sys 19:18:12.0816 3124 ssadmdfl - ok 19:18:12.0925 3124 ssadmdm (74b032d6c1e36ae2f790752fde8ce055) C:\Windows\system32\DRIVERS\ssadmdm.sys 19:18:12.0925 3124 ssadmdm - ok 19:18:12.0988 3124 ssadserd (2b44ca7dafa820dc5756006cfccc8d72) C:\Windows\system32\DRIVERS\ssadserd.sys 19:18:12.0988 3124 ssadserd - ok 19:18:13.0034 3124 sscdbus (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys 19:18:13.0034 3124 sscdbus - ok 19:18:13.0128 3124 sscdmdfl (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys 19:18:13.0128 3124 sscdmdfl - ok 19:18:13.0222 3124 sscdmdm (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys 19:18:13.0222 3124 sscdmdm - ok 19:18:13.0315 3124 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:18:13.0315 3124 stexstor - ok 19:18:13.0409 3124 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 19:18:13.0409 3124 StillCam - ok 19:18:13.0502 3124 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 19:18:13.0502 3124 swenum - ok 19:18:13.0596 3124 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys 19:18:13.0596 3124 SynTP - ok 19:18:13.0736 3124 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 19:18:13.0736 3124 Tcpip - ok 19:18:13.0861 3124 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 19:18:13.0877 3124 TCPIP6 - ok 19:18:13.0955 3124 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 19:18:13.0955 3124 tcpipreg - ok 19:18:13.0970 3124 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:18:13.0970 3124 TDPIPE - ok 19:18:13.0986 3124 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 19:18:13.0986 3124 TDTCP - ok 19:18:14.0064 3124 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 19:18:14.0064 3124 tdx - ok 19:18:14.0095 3124 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 19:18:14.0095 3124 TermDD - ok 19:18:14.0220 3124 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys 19:18:14.0220 3124 TFsExDisk - ok 19:18:14.0267 3124 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:18:14.0267 3124 tssecsrv - ok 19:18:14.0360 3124 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys 19:18:14.0360 3124 TuneUpUtilitiesDrv - ok 19:18:14.0423 3124 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 19:18:14.0438 3124 tunnel - ok 19:18:14.0501 3124 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys 19:18:14.0501 3124 TurboB - ok 19:18:14.0548 3124 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:18:14.0563 3124 uagp35 - ok 19:18:14.0610 3124 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 19:18:14.0610 3124 udfs - ok 19:18:14.0688 3124 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 19:18:14.0688 3124 uliagpkx - ok 19:18:14.0719 3124 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 19:18:14.0719 3124 umbus - ok 19:18:14.0766 3124 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:18:14.0766 3124 UmPass - ok 19:18:14.0891 3124 upperdev (7168819f30fe9622284ea19bde7f8ab4) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 19:18:14.0891 3124 upperdev - ok 19:18:14.0984 3124 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys 19:18:14.0984 3124 USBAAPL64 - ok 19:18:15.0078 3124 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 19:18:15.0078 3124 usbccgp - ok 19:18:15.0140 3124 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 19:18:15.0140 3124 usbcir - ok 19:18:15.0234 3124 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys 19:18:15.0250 3124 usbehci - ok 19:18:15.0265 3124 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 19:18:15.0265 3124 usbhub - ok 19:18:15.0343 3124 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys 19:18:15.0343 3124 usbohci - ok 19:18:15.0374 3124 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:18:15.0374 3124 usbprint - ok 19:18:15.0406 3124 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 19:18:15.0406 3124 usbscan - ok 19:18:15.0499 3124 UsbserFilt (66c25cb20b2974e0c0cfdab49fb72a02) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys 19:18:15.0499 3124 UsbserFilt - ok 19:18:15.0515 3124 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:18:15.0530 3124 USBSTOR - ok 19:18:15.0608 3124 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 19:18:15.0608 3124 usbuhci - ok 19:18:15.0655 3124 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 19:18:15.0655 3124 usbvideo - ok 19:18:15.0733 3124 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 19:18:15.0733 3124 vdrvroot - ok 19:18:15.0827 3124 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:18:15.0827 3124 vga - ok 19:18:15.0842 3124 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:18:15.0842 3124 VgaSave - ok 19:18:15.0920 3124 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 19:18:15.0920 3124 vhdmp - ok 19:18:15.0952 3124 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 19:18:15.0952 3124 viaide - ok 19:18:16.0030 3124 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 19:18:16.0030 3124 volmgr - ok 19:18:16.0061 3124 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 19:18:16.0061 3124 volmgrx - ok 19:18:16.0139 3124 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 19:18:16.0139 3124 volsnap - ok 19:18:16.0232 3124 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:18:16.0232 3124 vsmraid - ok 19:18:16.0264 3124 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 19:18:16.0264 3124 vwifibus - ok 19:18:16.0326 3124 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 19:18:16.0326 3124 vwififlt - ok 19:18:16.0373 3124 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 19:18:16.0373 3124 vwifimp - ok 19:18:16.0451 3124 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:18:16.0451 3124 WacomPen - ok 19:18:16.0498 3124 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 19:18:16.0498 3124 WANARP - ok 19:18:16.0498 3124 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 19:18:16.0498 3124 Wanarpv6 - ok 19:18:16.0560 3124 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:18:16.0560 3124 Wd - ok 19:18:16.0622 3124 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:18:16.0622 3124 Wdf01000 - ok 19:18:16.0716 3124 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:18:16.0716 3124 WfpLwf - ok 19:18:16.0763 3124 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:18:16.0763 3124 WIMMount - ok 19:18:16.0856 3124 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 19:18:16.0856 3124 WinUsb - ok 19:18:16.0997 3124 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 19:18:16.0997 3124 WmiAcpi - ok 19:18:17.0106 3124 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:18:17.0106 3124 ws2ifsl - ok 19:18:17.0137 3124 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 19:18:17.0137 3124 WudfPf - ok 19:18:17.0231 3124 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:18:17.0231 3124 WUDFRd - ok 19:18:17.0293 3124 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 19:18:17.0356 3124 \Device\Harddisk0\DR0 - ok 19:18:17.0356 3124 Boot (0x1200) (b75f3197fab78ff0c95e24771e1155cb) \Device\Harddisk0\DR0\Partition0 19:18:17.0356 3124 \Device\Harddisk0\DR0\Partition0 - ok 19:18:17.0371 3124 Boot (0x1200) (0dfc673b63ce4a1efb6acdcb496b0ce7) \Device\Harddisk0\DR0\Partition1 19:18:17.0371 3124 \Device\Harddisk0\DR0\Partition1 - ok 19:18:17.0387 3124 Boot (0x1200) (b8bfee9dbbd77bd28564a3699778c111) \Device\Harddisk0\DR0\Partition2 19:18:17.0402 3124 \Device\Harddisk0\DR0\Partition2 - ok 19:18:17.0402 3124 ============================================================ 19:18:17.0402 3124 Scan finished 19:18:17.0402 3124 ============================================================ 19:18:17.0402 1892 Detected object count: 0 19:18:17.0402 1892 Actual detected object count: 0 |
Themen zu Trojaner Win32/ransom.ej |
abgesicherten, ahnung, anhang, arbeiten, bezahlen, checklist, entferne, entfernen, essen, fenster, gestartet, gestern, hängt, laptop, microsoft, microsoft security, microsoft security essentials, modus, programm, scan, security, trojan, trojaner, virenscan, virus, win, win32/ransom.ej, windows |