| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wie entferne ich den BKA-Trojaner vollständig?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.03.2012, 02:02
| #1 |
| |  Wie entferne ich den BKA-Trojaner vollständig? Erstmal ein herzliches Hallo!  Ich habe mir nun den BKA-Trojaner (1.03) eingefangen. Mittlerweile kann ich mein Konto wieder ohne Probleme nutzen, und zwar habe ich einfach die exe-Datei aus dem Autostart-Ordner gelöscht (den exakten Lösungsweg von hxxp://bka-trojaner.de/ konnte ich noicht ausführen, mein Laptop hat da nicht mitgemacht). Nun besteht bei mir natürlich die Frage: wie soll ich jetzt vorgehen, um den Virus vollständig zu entfernen? (System neu aufsetzen steht bei mir als Notfallplan, den ich hoffentlich nicht durchführen muss). Ich bin echt für jede Hilfe dankbar! PS: Mein System ist Windows 7 Ultimate, 32bit PPS: hier noch mal die Logs von Malwarebytes und Avira AntiVir Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.04.01 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Administrator :: MILA-PC [Administrator] Schutz: Aktiviert 04.03.2012 02:19:38 mbam-log-2012-03-04 (02-19-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 231329 Laufzeit: 9 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Antivir: Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 4. März 2012 01:08
Es wird nach 3515858 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MILA-PC
Versionsinformationen:
BUILD.DAT : 10.2.0.707 36070 Bytes 25.01.2012 12:53:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 30.06.2011 12:20:59
AVSCAN.DLL : 10.0.5.0 57192 Bytes 30.06.2011 12:20:59
LUKE.DLL : 10.3.0.5 45416 Bytes 30.06.2011 12:20:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 09:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 30.06.2011 12:21:00
AVREG.DLL : 10.3.0.9 88833 Bytes 13.07.2011 12:43:30
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 06:35:52
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:44:06
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:17:32
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:38:38
VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 14:38:38
VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 14:38:38
VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 14:38:38
VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 14:38:38
VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 14:38:38
VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 14:38:38
VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 14:38:38
VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 14:38:38
VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 14:38:38
VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 14:40:19
VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 14:40:28
VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 14:40:31
VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 14:40:32
VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 14:17:36
VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 16:52:05
VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 16:52:05
VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 18:47:21
VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 08:34:39
VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 14:54:11
VBASE023.VDF : 7.11.24.53 2048 Bytes 28.02.2012 14:54:11
VBASE024.VDF : 7.11.24.54 2048 Bytes 28.02.2012 14:54:11
VBASE025.VDF : 7.11.24.55 2048 Bytes 28.02.2012 14:54:11
VBASE026.VDF : 7.11.24.56 2048 Bytes 28.02.2012 14:54:11
VBASE027.VDF : 7.11.24.57 2048 Bytes 28.02.2012 14:54:11
VBASE028.VDF : 7.11.24.58 2048 Bytes 28.02.2012 14:54:12
VBASE029.VDF : 7.11.24.59 2048 Bytes 28.02.2012 14:54:12
VBASE030.VDF : 7.11.24.60 2048 Bytes 28.02.2012 14:54:12
VBASE031.VDF : 7.11.24.142 131584 Bytes 02.03.2012 17:08:25
Engineversion : 8.2.10.8
AEVDF.DLL : 8.1.2.2 106868 Bytes 26.10.2011 04:04:51
AESCRIPT.DLL : 8.1.4.7 442746 Bytes 25.02.2012 08:34:42
AESCN.DLL : 8.1.8.2 131444 Bytes 29.01.2012 08:18:00
AESBX.DLL : 8.2.4.5 434549 Bytes 06.12.2011 14:41:51
AERDL.DLL : 8.1.9.15 639348 Bytes 11.09.2011 07:35:50
AEPACK.DLL : 8.2.16.3 799094 Bytes 11.02.2012 14:40:57
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 10.01.2012 14:47:14
AEHEUR.DLL : 8.1.4.0 4436342 Bytes 25.02.2012 08:34:42
AEHELP.DLL : 8.1.19.0 254327 Bytes 21.01.2012 07:25:16
AEGEN.DLL : 8.1.5.21 409971 Bytes 11.02.2012 14:40:36
AEEXP.DLL : 8.1.0.23 70005 Bytes 25.02.2012 08:34:43
AEEMU.DLL : 8.1.3.0 393589 Bytes 23.11.2010 13:52:59
AECORE.DLL : 8.1.25.4 201079 Bytes 14.02.2012 14:17:37
AEBB.DLL : 8.1.1.0 53618 Bytes 25.04.2010 21:16:30
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 09:59:10
AVPREF.DLL : 10.0.3.2 44904 Bytes 30.06.2011 12:20:59
AVREP.DLL : 10.0.0.10 174120 Bytes 18.05.2011 11:51:50
AVARKT.DLL : 10.0.26.1 255336 Bytes 30.06.2011 12:20:59
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 30.06.2011 12:20:59
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 10:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 13:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 12:40:55
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 30.06.2011 12:20:59
RCTEXT.DLL : 10.0.64.0 98664 Bytes 30.06.2011 12:20:59
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Auszulassende Dateien.................: G:\Autorun.inf,
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Sonntag, 4. März 2012 01:08
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage\bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage\route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage\export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanServer\Linkage\bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanServer\Linkage\route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanServer\Linkage\export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanWorkstation\Linkage\bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanWorkstation\Linkage\route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanWorkstation\Linkage\export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBIOS\Linkage\bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBIOS\Linkage\route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBIOS\Linkage\export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBT\Linkage\bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBT\Linkage\route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBT\Linkage\export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\Smb\Linkage\bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\Smb\Linkage\route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\Smb\Linkage\export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\TCPIP6\Linkage\bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\TCPIP6\Linkage\route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\TCPIP6\Linkage\export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'CCleaner.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCleaner.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ObjectDock.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'Rainlendar2.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RocketDock.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISUSPM.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'PassThruSvr.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SupServ.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxbkbmon.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSIService.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxbkcoms.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'LXBKbmgr.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'MGSysCtrl.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ Service.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '177' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvXDSync.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '545' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <System>
Beginne mit der Suche in 'D:\' <Daten>
Ende des Suchlaufs: Sonntag, 4. März 2012 02:21
Benötigte Zeit: 1:12:21 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
43036 Verzeichnisse wurden überprüft
538803 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
538803 Dateien ohne Befall
26023 Archive wurden durchsucht
0 Warnungen
21 Hinweise
625470 Objekte wurden beim Rootkitscan durchsucht
21 Versteckte Objekte wurden gefunden
Geändert von aries (04.03.2012 um 02:33 Uhr) |
|
04.03.2012, 21:37
| #2 |
  | Wie entferne ich den BKA-Trojaner vollständig? Hi,
__________________Schauen wir mal.. Wichtig:Du musst mit dem verseuchten Konto booten! OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris Ps.: Mit dem "Quickscann" findet MAM ihn nicht, FULLSCAN...
__________________ |
|
05.03.2012, 18:27
| #3 |
| | Wie entferne ich den BKA-Trojaner vollständig? erstmal danke für die Antwort
__________________also: OTL.txt: Code:
ATTFilter OTL logfile created on: 05.03.2012 18:15:26 - Run 1 OTL by OldTimer - Version 3.2.35.1 Folder = D:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 46,10% Memory free 5,50 Gb Paging File | 3,63 Gb Available in Paging File | 66,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 61,53 Gb Total Space | 3,37 Gb Free Space | 5,47% Space Free | Partition Type: NTFS Drive D: | 163,44 Gb Total Space | 8,63 Gb Free Space | 5,28% Space Free | Partition Type: NTFS Computer Name: MILA-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\VideoLAN\VLC\vlc.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Rainlendar2\Rainlendar2.exe () PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.) PRC - C:\Programme\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.) PRC - C:\Windows\System32\lxbkcoms.exe ( ) PRC - C:\Programme\RocketDock\RocketDock.exe () PRC - C:\Programme\Stardock\ObjectDock\ObjectDock.exe (Stardock) PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libvorbis_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libxml_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libtaglib_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libtheora_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libswscale_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libzip_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libwaveout_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libyuvp_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libtrivial_mixer_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libqt4_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libskins2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libschroedinger_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libspeex_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libscaletempo_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libscale_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libspdif_mixer_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libpng_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libmp4_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libplaylist_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libmono_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liblibass_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liblua_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libhotkeys_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liblpcm_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_i420_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfreetype_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfaad_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libflac_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdvdnav_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdshow_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdirectx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdirect3d_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfilesystem_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdts_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfake_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdrawable_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libavcodec_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libavi_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libblend_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libaout_directx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libaraw_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libaudio_format_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libcdg_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libaes3_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\libvlccore.dll () MOD - C:\Programme\VideoLAN\VLC\vlc.exe () MOD - C:\Programme\VideoLAN\VLC\libvlc.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liba52_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll () MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll () MOD - C:\Programme\Rainlendar2\Rainlendar2.exe () MOD - C:\Programme\Rainlendar2\wxmsw28u_xrc_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxbase28u_xml_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxmsw28u_html_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxmsw28u_adv_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxmsw28u_core_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxbase28u_vc_rny.dll () MOD - C:\Programme\Rainlendar2\lfs.dll () MOD - C:\Programme\Rainlendar2\lua51.dll () MOD - C:\Programme\Rainlendar2\zlib1.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\RocketDock\RocketDock.exe () MOD - C:\Programme\RocketDock\RocketDock.dll () MOD - C:\Programme\Stardock\ObjectDock\DockShellHook.dll () MOD - C:\Programme\Stardock\ObjectDock\zlib.dll () MOD - C:\Programme\Stardock\ObjectDock\CrashRpt.dll () MOD - C:\Programme\Common Files\Stardock\ODimg.dll () MOD - C:\Programme\Stardock\ObjectDock\ODimg.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Micro Star SCM) -- C:\Programme\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.) SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (Tosrfcom) -- File not found DRV - (pbfilter) -- File not found DRV - (ala1g2qn) -- File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.) DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.musicfrost.com IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {AB79D3B4-AEDB-428a-B504-BAC00521A1C7} IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = hxxp://search.musicfrost.com/results.php?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google Custom Search" FF - prefs.js..browser.search.selectedEngine: "MFGSearch.NET" FF - prefs.js..browser.startup.homepage: "hxxp://search.musicfrost.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: MFToolbar@skywebsearch.com:0.0.0.1 FF - prefs.js..keyword.URL: "hxxp://search.musicfrost.com/results.php?q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Mila\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 20:16:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.26 15:31:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011.08.26 15:31:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.26 15:31:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\MFToolbar@skywebsearch.com: C:\Program Files\MusicFrost\Music Frost Toolbar\FF FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\search@helper: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\o2j6rhp5.default\extensions\SearchHelper [2011.01.31 20:03:10 | 000,000,000 | ---D | M] [2010.07.06 12:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2011.03.18 18:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\o2j6rhp5.default\extensions [2011.03.18 18:33:29 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\o2j6rhp5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.01.31 20:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\o2j6rhp5.default\extensions\SearchHelper [2011.01.31 20:03:10 | 000,002,119 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\o2j6rhp5.default\searchplugins\MFGSearch.xml [2012.02.02 20:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.10 12:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google Custom Search () CHR - default_search_provider: search_url = hxxp://landing.savetubevideo.com/results.php?q={searchTerms} CHR - default_search_provider: suggest_url = O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [SecureBanking] C:\Programme\Secure Banking\v1.3\SecureBanking.exe (Secure Banking) O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6581784D-12D8-44E9-88C9-529928002767}: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA92C3E6-268F-4C79-AF59-14A98EC298C3}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFD3FE08-C101-472D-90CC-353E4411F7E8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8E4ABA2-5642-4A62-9D18-D090F9609B75}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E11DB2B1-B951-4E08-89FE-5CC9CA615373}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{763a9401-7e09-11df-8f3d-000e50aae96d}\Shell - "" = AutoRun O33 - MountPoints2\{763a9401-7e09-11df-8f3d-000e50aae96d}\Shell\AutoRun\command - "" = F:\OblivionLauncher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.05 15:32:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent [2012.03.05 15:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µTorrent [2012.03.04 15:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2012.03.04 11:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Secure Banking [2012.03.04 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.03.04 11:15:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Dropbox [2012.03.04 02:18:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2012.03.04 02:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.04 02:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.04 02:18:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.04 02:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.04 00:22:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Neuer Ordner [2012.03.03 23:57:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\mila [2012.03.03 23:31:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited [2012.02.27 16:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012.02.27 16:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon [2012.02.24 06:24:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.24 06:24:03 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.02.24 06:24:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.02.24 06:24:03 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.02.24 06:24:03 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.02.24 06:24:03 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.02.24 06:24:03 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.02.24 06:24:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.02.24 06:24:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.02.24 06:24:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.02.24 06:24:03 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.02.24 06:24:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.02.24 06:24:02 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.02.24 06:24:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.24 06:24:02 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.02.24 06:24:02 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.02.24 06:24:02 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.02.24 06:24:02 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.02.24 06:24:02 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.02.24 06:24:02 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.02.24 06:24:02 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.02.24 06:24:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.24 06:24:02 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.02.24 06:24:02 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.02.24 06:24:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.02.24 06:24:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.02.24 06:24:02 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.02.24 06:24:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.02.24 06:24:02 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.02.24 06:24:02 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.02.24 06:24:02 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.02.24 06:24:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.02.24 06:24:02 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.02.24 06:24:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.02.24 06:24:02 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.02.24 06:24:02 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.02.24 06:24:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.02.23 15:21:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\uTorrent [2012.02.16 15:43:23 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2012.02.16 15:43:04 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2012.03.05 17:49:16 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.05 17:49:16 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.05 17:49:16 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.05 17:49:16 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.05 17:30:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.05 15:19:14 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.05 15:19:14 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.05 15:11:36 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.05 15:11:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.05 15:11:17 | 2213,990,400 | -HS- | M] () -- C:\hiberfil.sys [2012.03.04 14:25:25 | 000,001,541 | ---- | M] () -- C:\Users\Administrator\Desktop\Dropbox.lnk [2012.03.04 11:16:23 | 000,001,034 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.04 00:08:55 | 197,132,288 | ---- | M] () -- C:\Users\Administrator\Desktop\pmagic_2012_2_27.iso [2012.02.29 18:08:28 | 000,482,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.24 06:24:03 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.24 06:24:03 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.02.24 06:24:03 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.02.24 06:24:03 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.02.24 06:24:03 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.02.24 06:24:03 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.02.24 06:24:03 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.02.24 06:24:03 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.02.24 06:24:03 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.02.24 06:24:03 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.02.24 06:24:03 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.02.24 06:24:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.02.24 06:24:02 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.02.24 06:24:02 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.24 06:24:02 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.02.24 06:24:02 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.02.24 06:24:02 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.02.24 06:24:02 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.02.24 06:24:02 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.02.24 06:24:02 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.02.24 06:24:02 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.02.24 06:24:02 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.24 06:24:02 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.02.24 06:24:02 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.02.24 06:24:02 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.02.24 06:24:02 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.02.24 06:24:02 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.02.24 06:24:02 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.02.24 06:24:02 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.02.24 06:24:02 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.02.24 06:24:02 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.02.24 06:24:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.02.24 06:24:02 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.02.24 06:24:02 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.02.24 06:24:02 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.02.24 06:24:02 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.02.24 06:24:02 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.02.24 06:24:02 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll ========== Files Created - No Company Name ========== [2012.03.04 11:22:52 | 000,001,541 | ---- | C] () -- C:\Users\Administrator\Desktop\Dropbox.lnk [2012.03.04 11:16:23 | 000,001,034 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.04 00:36:22 | 197,132,288 | ---- | C] () -- C:\Users\Administrator\Desktop\pmagic_2012_2_27.iso [2012.02.24 06:24:02 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.11.02 17:41:32 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E} [2011.11.02 17:41:32 | 000,000,092 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2010.12.26 15:37:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2010.10.10 08:43:06 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.10.04 19:27:19 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.09.06 10:08:36 | 000,033,792 | ---- | C] () -- C:\Windows\System32\rgbacodec.dll [2010.05.06 17:05:20 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.04.18 09:24:49 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI [2010.04.02 13:51:28 | 000,000,000 | ---- | C] () -- C:\Windows\ulead32.ini [2010.04.01 21:30:45 | 000,000,285 | ---- | C] () -- C:\Windows\Lexstat.ini [2010.04.01 21:30:04 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll [2010.04.01 21:30:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll [2010.04.01 21:30:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll [2010.04.01 21:30:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll [2010.04.01 21:30:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll [2010.04.01 21:30:04 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll [2010.04.01 21:30:04 | 000,537,256 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe [2010.04.01 21:30:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll [2010.04.01 21:30:04 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll [2010.04.01 21:30:04 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll [2010.04.01 21:30:04 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll [2010.04.01 21:30:04 | 000,385,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe [2010.04.01 21:30:04 | 000,381,608 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe [2010.04.01 21:30:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll [2010.04.01 21:30:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll [2010.04.01 21:30:04 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll [2010.04.01 21:30:04 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll [2010.03.28 13:25:53 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.03.25 17:37:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.03.19 10:39:51 | 000,000,092 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini < End of report > Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 05.03.2012 18:15:26 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = D:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 46,10% Memory free
5,50 Gb Paging File | 3,63 Gb Available in Paging File | 66,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61,53 Gb Total Space | 3,37 Gb Free Space | 5,47% Space Free | Partition Type: NTFS
Drive D: | 163,44 Gb Total Space | 8,63 Gb Free Space | 5,28% Space Free | Partition Type: NTFS
Computer Name: MILA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C554B9-79B7-4B5A-8AF0-C6E5CBE108CC}" = KnC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{833D97B9-AC16-45C1-AD44-0A32198956F8}" = Gimp Themes v1.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB59E92-98BB-4BE9-9CA2-66FD929EB57A}" = SafeGuard® PrivateCrypto 2.31.1 - Unlicensed Version
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.76
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.76
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.76
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"284D9B4A58796481EC5A61D01DCC5E654761629C" = ENE CIR Receiver Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"G'MIC for GIMP_is1" = G'MIC for GIMP Version 1.3.9.0
"Google Chrome" = Google Chrome
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 1.1.0.12
"Inkscape" = Inkscape 0.48.0
"JDownloader" = JDownloader
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Minecraft Cracked" = Minecraft Cracked
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"Mp3tag" = Mp3tag v2.49a
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ObjectDock" = ObjectDock
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Rainlendar2" = Rainlendar2 (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"Sigel BusinessCardSoftware" = Sigel BusinessCardSoftware
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Super Mario 3 : Mario Forever" = Super Mario 3 : Mario Forever
"SystemRequirementsLab" = System Requirements Lab
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.8
"Xilisoft Video Cutter 2" = Xilisoft Video Cutter 2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"284e5ee6705b8534" = Logon Editor - 1
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.12.2011 13:25:32 | Computer Name = Mila-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 07.12.2011 13:25:32 | Computer Name = Mila-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 07.12.2011 13:25:32 | Computer Name = Mila-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 07.12.2011 13:25:32 | Computer Name = Mila-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 07.12.2011 13:25:32 | Computer Name = Mila-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 10.12.2011 04:01:27 | Computer Name = Mila-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 10.12.2011 04:01:27 | Computer Name = Mila-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 10.12.2011 15:21:08 | Computer Name = Mila-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
ericsson\sony ericsson pc suite\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.12.2011 04:25:59 | Computer Name = Mila-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.12.2011 04:25:59 | Computer Name = Mila-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 04.03.2012 12:29:46 | Computer Name = Mila-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
Error - 04.03.2012 12:29:46 | Computer Name = Mila-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
Error - 04.03.2012 14:45:21 | Computer Name = Mila-PC | Source = ipnathlp | ID = 31004
Description =
Error - 05.03.2012 01:06:53 | Computer Name = Mila-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 05.03.2012 10:12:49 | Computer Name = Mila-PC | Source = ipnathlp | ID = 31004
Description =
Error - 05.03.2012 10:15:13 | Computer Name = Mila-PC | Source = ipnathlp | ID = 31004
Description =
Error - 05.03.2012 10:19:14 | Computer Name = Mila-PC | Source = ipnathlp | ID = 31004
Description =
Error - 05.03.2012 10:24:49 | Computer Name = Mila-PC | Source = ipnathlp | ID = 31004
Description =
Error - 05.03.2012 10:25:11 | Computer Name = Mila-PC | Source = ipnathlp | ID = 31004
Description =
Error - 05.03.2012 12:53:22 | Computer Name = Mila-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
|
|
05.03.2012, 20:47
| #4 |
| | Wie entferne ich den BKA-Trojaner vollständig? Hi, Log von MAM ebenfalls posten, es sieht eigentlich recht gut aus... Allerdings gibt es Treiber, die zwar laufen aber das File dazu nicht gefunden werden kann (üblicherweise tun das Rootkits)... Das Script stoppt die Treiber und versucht die Files zu löschen... Falls Du die Treiber kennst, aus dem Script rauslöschen... OSAM Prüft Programme/Treiber die gestartet werden online. Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread. OTL:
 Code:
ATTFilter :OTL
DRV - (Tosrfcom) -- File not found
DRV - (pbfilter) -- File not found
DRV - (ala1g2qn) -- File not found
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
:Commands
[purity]
[emptytemp]
[Reboot]
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
06.03.2012, 16:01
| #5 |
| | Wie entferne ich den BKA-Trojaner vollständig? Malewarebytes Full scan: Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.04.02 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Mila :: MILA-PC [limited] Protection: Enabled 05.03.2012 18:14:23 mbam-log-2012-03-05 (18-14-23).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 341757 Time elapsed: 1 hour(s), 5 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:38:20 on 06.03.2012 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 10.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a2jvo4xl" (a2jvo4xl) - "Microsoft Corporation" - C:\Windows\system32\drivers\a2jvo4xl.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "SEMC USB Flash Driver" (ggsemc) - "Sony Ericsson Mobile Communications" - C:\Windows\System32\DRIVERS\ggsemc.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "wlpg" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - (File not found | COM-object registry key not found) {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {59AF8E81-BE3C-11d5-BE40-00A0244C457F} "SafeGuard® PrivateCrypto extension" - ? - G:\SafeGuardPrivateCrypto_2.31\SafeGuard PrivateCrypto\pcshell.dll (File not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - ? - (File not found | COM-object registry key not found) {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Autoplay Drop Target Shim" - ? - (File not found | COM-object registry key not found) {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Editor Drop Target" - ? - (File not found | COM-object registry key not found) {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Drop Target Shim" - ? - (File not found | COM-object registry key not found) {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Viewer Drop Target" - ? - (File not found | COM-object registry key not found) {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Drop Target Shim" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "{00F33137-EE26-412F-8D71-F84E4C2C6625}" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "Stardock ObjectDock.lnk" - "Stardock" - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "SecureBanking" - ? - C:\Program Files\Secure Banking\v1.3\SecureBanking.exe "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "lxbkbmgr.exe" - "Lexmark International, Inc." - "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MGSysCtrl" - "Micro-Star International Co., Ltd." - C:\Program Files\System Control Manager\MGSysCtrl.exe "PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Google Update Service (gupdate1cacaaa532c07b0)" (gupdate1cacaaa532c07b0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Internet Pass-Through Service" (PassThru Service) - ? - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Micro Star SCM" (Micro Star SCM) - "Micro-Star International Co., Ltd." - C:\Program Files\System Control Manager\MSIService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "NMSAccess" (NMSAccess) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named Tosrfcom was found to stop!
Service\Driver key Tosrfcom not found.
File File not found not found.
Error: No service named pbfilter was found to stop!
Service\Driver key pbfilter not found.
File File not found not found.
Error: No service named ala1g2qn was found to stop!
Service\Driver key ala1g2qn not found.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: MG
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mila
->Temp folder emptied: 41694 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 281709031 bytes
->Google Chrome cache emptied: 7034921 bytes
->Flash cache emptied: 116373 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2629126 bytes
RecycleBin emptied: 1713384 bytes
Total Files Cleaned = 280,00 mb
OTL by OldTimer - Version 3.2.35.1 log created on 03062012_154208
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter 15:55:14.0931 4452 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
15:55:15.0031 4452 ============================================================
15:55:15.0031 4452 Current date / time: 2012/03/06 15:55:15.0031
15:55:15.0031 4452 SystemInfo:
15:55:15.0031 4452
15:55:15.0031 4452 OS Version: 6.1.7600 ServicePack: 0.0
15:55:15.0031 4452 Product type: Workstation
15:55:15.0031 4452 ComputerName: MILA-PC
15:55:15.0031 4452 UserName: Administrator
15:55:15.0031 4452 Windows directory: C:\Windows
15:55:15.0031 4452 System windows directory: C:\Windows
15:55:15.0031 4452 Processor architecture: Intel x86
15:55:15.0031 4452 Number of processors: 2
15:55:15.0031 4452 Page size: 0x1000
15:55:15.0031 4452 Boot type: Normal boot
15:55:15.0031 4452 ============================================================
15:55:16.0238 4452 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:55:16.0248 4452 \Device\Harddisk0\DR0:
15:55:16.0249 4452 MBR used
15:55:16.0249 4452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFA0800, BlocksNum 0x32000
15:55:16.0249 4452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFD2800, BlocksNum 0x7B10800
15:55:16.0268 4452 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8AE3800, BlocksNum 0x146E1800
15:55:16.0329 4452 Initialize success
15:55:16.0329 4452 ============================================================
15:55:37.0150 5192 ============================================================
15:55:37.0150 5192 Scan started
15:55:37.0150 5192 Mode: Manual; SigCheck; TDLFS;
15:55:37.0150 5192 ============================================================
15:55:37.0761 5192 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
15:55:37.0874 5192 1394ohci - ok
15:55:38.0010 5192 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:55:38.0038 5192 ACPI - ok
15:55:38.0163 5192 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:55:38.0227 5192 AcpiPmi - ok
15:55:38.0357 5192 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:55:38.0406 5192 adp94xx - ok
15:55:38.0533 5192 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:55:38.0581 5192 adpahci - ok
15:55:38.0747 5192 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:55:38.0770 5192 adpu320 - ok
15:55:38.0917 5192 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
15:55:39.0011 5192 AFD - ok
15:55:39.0072 5192 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:55:39.0092 5192 agp440 - ok
15:55:39.0160 5192 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:55:39.0181 5192 aic78xx - ok
15:55:39.0246 5192 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:55:39.0263 5192 aliide - ok
15:55:39.0293 5192 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:55:39.0314 5192 amdagp - ok
15:55:39.0342 5192 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:55:39.0367 5192 amdide - ok
15:55:39.0408 5192 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:55:39.0444 5192 AmdK8 - ok
15:55:39.0469 5192 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:55:39.0517 5192 AmdPPM - ok
15:55:39.0571 5192 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
15:55:39.0592 5192 amdsata - ok
15:55:39.0643 5192 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:55:39.0667 5192 amdsbs - ok
15:55:39.0695 5192 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
15:55:39.0747 5192 amdxata - ok
15:55:39.0848 5192 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:55:39.0871 5192 AppID - ok
15:55:39.0941 5192 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:55:39.0963 5192 arc - ok
15:55:39.0995 5192 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:55:40.0016 5192 arcsas - ok
15:55:40.0066 5192 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:55:40.0185 5192 AsyncMac - ok
15:55:40.0218 5192 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
15:55:40.0236 5192 atapi - ok
15:55:40.0310 5192 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
15:55:40.0428 5192 athr - ok
15:55:40.0558 5192 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:55:40.0572 5192 avgio - ok
15:55:40.0677 5192 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
15:55:41.0143 5192 avgntflt - ok
15:55:41.0256 5192 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
15:55:41.0285 5192 avipbb - ok
15:55:41.0362 5192 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:55:41.0404 5192 b06bdrv - ok
15:55:41.0442 5192 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:55:41.0505 5192 b57nd60x - ok
15:55:41.0561 5192 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:55:41.0604 5192 Beep - ok
15:55:41.0643 5192 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:55:41.0663 5192 blbdrive - ok
15:55:41.0707 5192 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
15:55:41.0808 5192 bowser - ok
15:55:41.0830 5192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:55:41.0865 5192 BrFiltLo - ok
15:55:41.0876 5192 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:55:41.0917 5192 BrFiltUp - ok
15:55:41.0954 5192 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:55:42.0016 5192 Brserid - ok
15:55:42.0027 5192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:55:42.0075 5192 BrSerWdm - ok
15:55:42.0098 5192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:55:42.0139 5192 BrUsbMdm - ok
15:55:42.0149 5192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:55:42.0189 5192 BrUsbSer - ok
15:55:42.0202 5192 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:55:42.0227 5192 BTHMODEM - ok
15:55:42.0277 5192 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:55:42.0323 5192 cdfs - ok
15:55:42.0364 5192 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:55:42.0416 5192 cdrom - ok
15:55:42.0463 5192 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:55:42.0502 5192 circlass - ok
15:55:42.0531 5192 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:55:42.0567 5192 CLFS - ok
15:55:42.0669 5192 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:55:42.0701 5192 CmBatt - ok
15:55:42.0712 5192 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:55:42.0731 5192 cmdide - ok
15:55:42.0783 5192 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
15:55:42.0827 5192 CNG - ok
15:55:42.0859 5192 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:55:42.0876 5192 Compbatt - ok
15:55:42.0908 5192 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:55:42.0946 5192 CompositeBus - ok
15:55:42.0994 5192 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:55:43.0017 5192 crcdisk - ok
15:55:43.0077 5192 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
15:55:43.0151 5192 CSC - ok
15:55:43.0196 5192 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
15:55:43.0257 5192 DfsC - ok
15:55:43.0284 5192 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:55:43.0333 5192 discache - ok
15:55:43.0369 5192 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:55:43.0389 5192 Disk - ok
15:55:43.0452 5192 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:55:43.0471 5192 drmkaud - ok
15:55:43.0531 5192 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
15:55:43.0585 5192 DXGKrnl - ok
15:55:43.0708 5192 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:55:43.0904 5192 ebdrv - ok
15:55:43.0996 5192 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:55:44.0031 5192 elxstor - ok
15:55:44.0099 5192 enecir (f13c945115b8a8c7c4427d5925f88f23) C:\Windows\system32\DRIVERS\enecir.sys
15:55:44.0162 5192 enecir - ok
15:55:44.0209 5192 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:55:44.0228 5192 ErrDev - ok
15:55:44.0265 5192 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:55:44.0315 5192 exfat - ok
15:55:44.0342 5192 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:55:44.0393 5192 fastfat - ok
15:55:44.0404 5192 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:55:44.0440 5192 fdc - ok
15:55:44.0474 5192 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:55:44.0493 5192 FileInfo - ok
15:55:44.0515 5192 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:55:44.0576 5192 Filetrace - ok
15:55:44.0587 5192 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:55:44.0614 5192 flpydisk - ok
15:55:44.0650 5192 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:55:44.0677 5192 FltMgr - ok
15:55:44.0704 5192 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:55:44.0747 5192 FsDepends - ok
15:55:44.0775 5192 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:55:44.0793 5192 Fs_Rec - ok
15:55:44.0834 5192 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:55:44.0865 5192 fvevol - ok
15:55:44.0909 5192 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:55:44.0929 5192 gagp30kx - ok
15:55:44.0997 5192 ggsemc (9acdecca8fa4fefd6b4c4c423dc8ada5) C:\Windows\system32\DRIVERS\ggsemc.sys
15:55:45.0026 5192 ggsemc ( UnsignedFile.Multi.Generic ) - warning
15:55:45.0026 5192 ggsemc - detected UnsignedFile.Multi.Generic (1)
15:55:45.0182 5192 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:55:45.0217 5192 hcw85cir - ok
15:55:45.0299 5192 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:55:45.0359 5192 HdAudAddService - ok
15:55:45.0382 5192 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:55:45.0411 5192 HDAudBus - ok
15:55:45.0439 5192 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:55:45.0470 5192 HidBatt - ok
15:55:45.0499 5192 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:55:45.0532 5192 HidBth - ok
15:55:45.0567 5192 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:55:45.0598 5192 HidIr - ok
15:55:45.0639 5192 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:55:45.0687 5192 HidUsb - ok
15:55:45.0773 5192 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:55:45.0799 5192 HpSAMD - ok
15:55:45.0843 5192 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:55:45.0873 5192 HTCAND32 - ok
15:55:45.0944 5192 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys
15:55:45.0989 5192 htcnprot - ok
15:55:46.0065 5192 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:55:46.0184 5192 HTTP - ok
15:55:46.0215 5192 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:55:46.0231 5192 hwpolicy - ok
15:55:46.0256 5192 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:55:46.0288 5192 i8042prt - ok
15:55:46.0336 5192 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
15:55:46.0373 5192 iaStorV - ok
15:55:46.0407 5192 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:55:46.0426 5192 iirsp - ok
15:55:46.0561 5192 IntcAzAudAddService (c5df8a7fdc75019bf8d8aa4b56be85c0) C:\Windows\system32\drivers\RTKVHDA.sys
15:55:46.0732 5192 IntcAzAudAddService - ok
15:55:46.0782 5192 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:55:46.0799 5192 intelide - ok
15:55:46.0835 5192 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:55:46.0860 5192 intelppm - ok
15:55:46.0890 5192 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:55:46.0940 5192 IpFilterDriver - ok
15:55:46.0986 5192 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:55:47.0011 5192 IPMIDRV - ok
15:55:47.0027 5192 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:55:47.0077 5192 IPNAT - ok
15:55:47.0115 5192 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:55:47.0171 5192 IRENUM - ok
15:55:47.0185 5192 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:55:47.0205 5192 isapnp - ok
15:55:47.0236 5192 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:55:47.0263 5192 iScsiPrt - ok
15:55:47.0301 5192 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:55:47.0320 5192 kbdclass - ok
15:55:47.0356 5192 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:55:47.0393 5192 kbdhid - ok
15:55:47.0430 5192 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
15:55:47.0452 5192 KSecDD - ok
15:55:47.0473 5192 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
15:55:47.0497 5192 KSecPkg - ok
15:55:47.0547 5192 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:55:47.0597 5192 lltdio - ok
15:55:47.0648 5192 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:55:47.0669 5192 LSI_FC - ok
15:55:47.0694 5192 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:55:47.0716 5192 LSI_SAS - ok
15:55:47.0744 5192 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:55:47.0763 5192 LSI_SAS2 - ok
15:55:47.0785 5192 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:55:47.0805 5192 LSI_SCSI - ok
15:55:47.0832 5192 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:55:47.0865 5192 luafv - ok
15:55:47.0949 5192 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
15:55:47.0974 5192 MBAMProtector - ok
15:55:48.0007 5192 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:55:48.0025 5192 megasas - ok
15:55:48.0059 5192 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:55:48.0095 5192 MegaSR - ok
15:55:48.0161 5192 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:55:48.0209 5192 Modem - ok
15:55:48.0245 5192 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:55:48.0275 5192 monitor - ok
15:55:48.0296 5192 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:55:48.0314 5192 mouclass - ok
15:55:48.0339 5192 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:55:48.0359 5192 mouhid - ok
15:55:48.0383 5192 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:55:48.0404 5192 mountmgr - ok
15:55:48.0424 5192 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:55:48.0448 5192 mpio - ok
15:55:48.0473 5192 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:55:48.0520 5192 mpsdrv - ok
15:55:48.0545 5192 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:55:48.0571 5192 MRxDAV - ok
15:55:48.0611 5192 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:55:48.0659 5192 mrxsmb - ok
15:55:48.0732 5192 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:55:48.0771 5192 mrxsmb10 - ok
15:55:48.0796 5192 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:55:48.0833 5192 mrxsmb20 - ok
15:55:48.0875 5192 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
15:55:48.0893 5192 msahci - ok
15:55:48.0918 5192 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:55:48.0940 5192 msdsm - ok
15:55:48.0982 5192 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:55:49.0026 5192 Msfs - ok
15:55:49.0044 5192 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:55:49.0077 5192 mshidkmdf - ok
15:55:49.0092 5192 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
15:55:49.0110 5192 msisadrv - ok
15:55:49.0164 5192 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:55:49.0208 5192 MSKSSRV - ok
15:55:49.0234 5192 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:55:49.0281 5192 MSPCLOCK - ok
15:55:49.0301 5192 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:55:49.0352 5192 MSPQM - ok
15:55:49.0375 5192 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:55:49.0398 5192 MsRPC - ok
15:55:49.0413 5192 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:55:49.0426 5192 mssmbios - ok
15:55:49.0453 5192 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:55:49.0489 5192 MSTEE - ok
15:55:49.0501 5192 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:55:49.0538 5192 MTConfig - ok
15:55:49.0561 5192 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:55:49.0580 5192 Mup - ok
15:55:49.0619 5192 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:55:49.0672 5192 NativeWifiP - ok
15:55:49.0760 5192 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:55:49.0810 5192 NDIS - ok
15:55:49.0840 5192 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:55:49.0887 5192 NdisCap - ok
15:55:49.0916 5192 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:55:49.0963 5192 NdisTapi - ok
15:55:49.0998 5192 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:55:50.0050 5192 Ndisuio - ok
15:55:50.0070 5192 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:55:50.0123 5192 NdisWan - ok
15:55:50.0149 5192 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:55:50.0199 5192 NDProxy - ok
15:55:50.0237 5192 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:55:50.0282 5192 NetBIOS - ok
15:55:50.0308 5192 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
15:55:50.0370 5192 NetBT - ok
15:55:50.0450 5192 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
15:55:50.0513 5192 netr28u - ok
15:55:50.0568 5192 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:55:50.0587 5192 nfrd960 - ok
15:55:50.0652 5192 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:55:50.0698 5192 Npfs - ok
15:55:50.0746 5192 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:55:50.0796 5192 nsiproxy - ok
15:55:50.0871 5192 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
15:55:50.0961 5192 Ntfs - ok
15:55:50.0990 5192 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:55:51.0023 5192 Null - ok
15:55:51.0105 5192 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys
15:55:51.0132 5192 NVHDA - ok
15:55:51.0467 5192 nvlddmkm (eab7a01791777cd40cc979c495730fae) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:55:51.0917 5192 nvlddmkm - ok
15:55:52.0072 5192 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
15:55:52.0105 5192 nvraid - ok
15:55:52.0174 5192 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\Windows\system32\DRIVERS\nvsmu.sys
15:55:52.0217 5192 nvsmu - ok
15:55:52.0281 5192 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
15:55:52.0314 5192 nvstor - ok
15:55:52.0355 5192 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
15:55:52.0367 5192 nvstor32 - ok
15:55:52.0423 5192 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:55:52.0445 5192 nv_agp - ok
15:55:52.0493 5192 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbmdm.sys
15:55:52.0529 5192 NWUSBModem - ok
15:55:52.0560 5192 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbser.sys
15:55:52.0583 5192 NWUSBPort - ok
15:55:52.0629 5192 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:55:52.0661 5192 ohci1394 - ok
15:55:52.0745 5192 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:55:52.0778 5192 Parport - ok
15:55:52.0807 5192 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
15:55:52.0827 5192 partmgr - ok
15:55:52.0848 5192 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:55:52.0883 5192 Parvdm - ok
15:55:52.0928 5192 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
15:55:52.0951 5192 pci - ok
15:55:52.0973 5192 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
15:55:52.0992 5192 pciide - ok
15:55:53.0022 5192 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:55:53.0047 5192 pcmcia - ok
15:55:53.0069 5192 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:55:53.0087 5192 pcw - ok
15:55:53.0121 5192 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:55:53.0187 5192 PEAUTH - ok
15:55:53.0256 5192 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:55:53.0293 5192 PptpMiniport - ok
15:55:53.0318 5192 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:55:53.0350 5192 Processor - ok
15:55:53.0394 5192 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:55:53.0447 5192 Psched - ok
15:55:53.0508 5192 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:55:53.0591 5192 ql2300 - ok
15:55:53.0617 5192 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:55:53.0639 5192 ql40xx - ok
15:55:53.0665 5192 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:55:53.0702 5192 QWAVEdrv - ok
15:55:53.0756 5192 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:55:53.0798 5192 RasAcd - ok
15:55:53.0851 5192 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:55:53.0899 5192 RasAgileVpn - ok
15:55:53.0932 5192 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:55:54.0016 5192 Rasl2tp - ok
15:55:54.0156 5192 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:55:54.0216 5192 RasPppoe - ok
15:55:54.0312 5192 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:55:54.0406 5192 RasSstp - ok
15:55:54.0448 5192 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:55:54.0529 5192 rdbss - ok
15:55:54.0547 5192 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:55:54.0568 5192 rdpbus - ok
15:55:54.0586 5192 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:55:54.0629 5192 RDPCDD - ok
15:55:54.0654 5192 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
15:55:54.0695 5192 RDPDR - ok
15:55:54.0732 5192 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:55:54.0776 5192 RDPENCDD - ok
15:55:54.0804 5192 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:55:54.0852 5192 RDPREFMP - ok
15:55:54.0874 5192 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
15:55:54.0931 5192 RDPWD - ok
15:55:54.0976 5192 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:55:55.0001 5192 rdyboost - ok
15:55:55.0053 5192 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:55:55.0099 5192 rspndr - ok
15:55:55.0148 5192 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\Windows\system32\Drivers\RtsUStor.sys
15:55:55.0163 5192 RSUSBSTOR - ok
15:55:55.0199 5192 RTL8167 (06bd46be6141556125f89df738333720) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:55:55.0221 5192 RTL8167 - ok
15:55:55.0269 5192 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
15:55:55.0288 5192 s0017bus - ok
15:55:55.0314 5192 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
15:55:55.0329 5192 s0017mdfl - ok
15:55:55.0355 5192 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
15:55:55.0374 5192 s0017mdm - ok
15:55:55.0403 5192 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
15:55:55.0423 5192 s0017mgmt - ok
15:55:55.0465 5192 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
15:55:55.0480 5192 s0017nd5 - ok
15:55:55.0541 5192 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
15:55:55.0561 5192 s0017obex - ok
15:55:55.0594 5192 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
15:55:55.0614 5192 s0017unic - ok
15:55:55.0651 5192 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
15:55:55.0685 5192 s3cap - ok
15:55:55.0771 5192 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:55:55.0796 5192 sbp2port - ok
15:55:55.0824 5192 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:55:55.0874 5192 scfilter - ok
15:55:55.0912 5192 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:55:55.0957 5192 secdrv - ok
15:55:56.0009 5192 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:55:56.0029 5192 Serenum - ok
15:55:56.0040 5192 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:55:56.0076 5192 Serial - ok
15:55:56.0102 5192 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:55:56.0132 5192 sermouse - ok
15:55:56.0156 5192 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:55:56.0192 5192 sffdisk - ok
15:55:56.0207 5192 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:55:56.0260 5192 sffp_mmc - ok
15:55:56.0284 5192 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:55:56.0306 5192 sffp_sd - ok
15:55:56.0317 5192 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:55:56.0347 5192 sfloppy - ok
15:55:56.0363 5192 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:55:56.0383 5192 sisagp - ok
15:55:56.0425 5192 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:55:56.0443 5192 SiSRaid2 - ok
15:55:56.0462 5192 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:55:56.0482 5192 SiSRaid4 - ok
15:55:56.0510 5192 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:55:56.0565 5192 Smb - ok
15:55:56.0633 5192 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
15:55:56.0761 5192 smserial - ok
15:55:56.0830 5192 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:55:56.0847 5192 spldr - ok
15:55:56.0946 5192 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
15:55:56.0946 5192 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
15:55:56.0950 5192 sptd ( LockedFile.Multi.Generic ) - warning
15:55:56.0950 5192 sptd - detected LockedFile.Multi.Generic (1)
15:55:56.0994 5192 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
15:55:57.0077 5192 srv - ok
15:55:57.0106 5192 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
15:55:57.0170 5192 srv2 - ok
15:55:57.0200 5192 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
15:55:57.0239 5192 srvnet - ok
15:55:57.0296 5192 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:55:57.0309 5192 ssmdrv - ok
15:55:57.0377 5192 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
15:55:57.0403 5192 StarOpen ( UnsignedFile.Multi.Generic ) - warning
15:55:57.0403 5192 StarOpen - detected UnsignedFile.Multi.Generic (1)
15:55:57.0473 5192 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:55:57.0498 5192 stexstor - ok
15:55:57.0527 5192 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:55:57.0546 5192 storflt - ok
15:55:57.0584 5192 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
15:55:57.0602 5192 storvsc - ok
15:55:57.0624 5192 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:55:57.0641 5192 swenum - ok
15:55:57.0776 5192 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
15:55:57.0887 5192 Tcpip - ok
15:55:57.0929 5192 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
15:55:57.0963 5192 TCPIP6 - ok
15:55:57.0986 5192 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:55:58.0042 5192 tcpipreg - ok
15:55:58.0069 5192 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:55:58.0121 5192 TDPIPE - ok
15:55:58.0146 5192 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
15:55:58.0180 5192 TDTCP - ok
15:55:58.0206 5192 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:55:58.0244 5192 tdx - ok
15:55:58.0269 5192 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:55:58.0288 5192 TermDD - ok
15:55:58.0340 5192 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:55:58.0386 5192 tssecsrv - ok
15:55:58.0434 5192 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:55:58.0475 5192 tunnel - ok
15:55:58.0498 5192 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:55:58.0517 5192 uagp35 - ok
15:55:58.0549 5192 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
15:55:58.0613 5192 udfs - ok
15:55:58.0656 5192 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:55:58.0676 5192 uliagpkx - ok
15:55:58.0701 5192 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:55:58.0745 5192 umbus - ok
15:55:58.0788 5192 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:55:58.0806 5192 UmPass - ok
15:55:58.0858 5192 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
15:55:58.0874 5192 usbccgp - ok
15:55:58.0898 5192 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:55:58.0950 5192 usbcir - ok
15:55:58.0991 5192 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
15:55:59.0013 5192 usbehci - ok
15:55:59.0048 5192 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
15:55:59.0094 5192 usbhub - ok
15:55:59.0118 5192 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
15:55:59.0149 5192 usbohci - ok
15:55:59.0193 5192 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:55:59.0225 5192 usbprint - ok
15:55:59.0263 5192 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:55:59.0299 5192 usbscan - ok
15:55:59.0341 5192 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:55:59.0357 5192 USBSTOR - ok
15:55:59.0400 5192 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
15:55:59.0430 5192 usbuhci - ok
15:55:59.0495 5192 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
15:55:59.0547 5192 usbvideo - ok
15:55:59.0591 5192 USB_RNDIS (b71da871254d96d0349639d03e4c1cc1) C:\Windows\system32\DRIVERS\usb8023.sys
15:55:59.0654 5192 USB_RNDIS - ok
15:55:59.0705 5192 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
15:55:59.0750 5192 usb_rndisx - ok
15:55:59.0784 5192 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:55:59.0803 5192 vdrvroot - ok
15:55:59.0840 5192 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:55:59.0863 5192 vga - ok
15:55:59.0882 5192 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:55:59.0927 5192 VgaSave - ok
15:55:59.0962 5192 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:55:59.0986 5192 vhdmp - ok
15:56:00.0028 5192 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:56:00.0048 5192 viaagp - ok
15:56:00.0071 5192 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:56:00.0093 5192 ViaC7 - ok
15:56:00.0118 5192 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:56:00.0134 5192 viaide - ok
15:56:00.0157 5192 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
15:56:00.0186 5192 vmbus - ok
15:56:00.0209 5192 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:56:00.0237 5192 VMBusHID - ok
15:56:00.0261 5192 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:56:00.0281 5192 volmgr - ok
15:56:00.0302 5192 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:56:00.0339 5192 volmgrx - ok
15:56:00.0363 5192 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:56:00.0398 5192 volsnap - ok
15:56:00.0438 5192 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:56:00.0462 5192 vsmraid - ok
15:56:00.0481 5192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:56:00.0520 5192 vwifibus - ok
15:56:00.0551 5192 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:56:00.0586 5192 vwififlt - ok
15:56:00.0628 5192 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
15:56:00.0661 5192 vwifimp - ok
15:56:00.0694 5192 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:56:00.0758 5192 WacomPen - ok
15:56:00.0793 5192 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:56:00.0839 5192 WANARP - ok
15:56:00.0844 5192 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:56:00.0875 5192 Wanarpv6 - ok
15:56:00.0912 5192 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:56:00.0930 5192 Wd - ok
15:56:00.0962 5192 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:56:00.0999 5192 Wdf01000 - ok
15:56:01.0049 5192 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:56:01.0083 5192 WfpLwf - ok
15:56:01.0103 5192 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:56:01.0121 5192 WIMMount - ok
15:56:01.0198 5192 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
15:56:01.0236 5192 WinUsb - ok
15:56:01.0306 5192 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:56:01.0340 5192 WmiAcpi - ok
15:56:01.0402 5192 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:56:01.0436 5192 ws2ifsl - ok
15:56:01.0476 5192 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
15:56:01.0529 5192 WudfPf - ok
15:56:01.0556 5192 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:56:01.0589 5192 WUDFRd - ok
15:56:01.0716 5192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:56:01.0913 5192 \Device\Harddisk0\DR0 - ok
15:56:01.0918 5192 Boot (0x1200) (3eb0a761e5d10568aced7c544748ba9c) \Device\Harddisk0\DR0\Partition0
15:56:01.0920 5192 \Device\Harddisk0\DR0\Partition0 - ok
15:56:01.0937 5192 Boot (0x1200) (ffe9b122c9670d4d88158423cc483966) \Device\Harddisk0\DR0\Partition1
15:56:01.0939 5192 \Device\Harddisk0\DR0\Partition1 - ok
15:56:01.0964 5192 Boot (0x1200) (bd8a997a3be4a19018107c8632cde3e0) \Device\Harddisk0\DR0\Partition2
15:56:01.0966 5192 \Device\Harddisk0\DR0\Partition2 - ok
15:56:01.0966 5192 ============================================================
15:56:01.0966 5192 Scan finished
15:56:01.0966 5192 ============================================================
15:56:02.0056 4408 Detected object count: 3
15:56:02.0056 4408 Actual detected object count: 3
15:56:15.0171 4408 ggsemc ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:15.0171 4408 ggsemc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:15.0176 4408 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:56:15.0176 4408 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:56:15.0178 4408 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:15.0178 4408 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
07.03.2012, 07:35
| #6 |
| | Wie entferne ich den BKA-Trojaner vollständig? Hi, OSAM findet einen sehr suspekten Treiber... Achtung: Das File ist versteckt... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\system32\drivers\a2jvo4xl.sys
chris
__________________ --> Wie entferne ich den BKA-Trojaner vollständig? |
|
07.03.2012, 17:23
| #7 |
| | Wie entferne ich den BKA-Trojaner vollständig? Die Datei wird bei mir nicht gefunden... (versteckte Dateien werden angezeigt, Einstellungen sind wie in der Anleitung). Was nun? |
|
07.03.2012, 19:53
| #8 |
| | Wie entferne ich den BKA-Trojaner vollständig? Hi, Fix für OSAM:
Code:
ATTFilter [Drivers]
"a2jvo4xl" (a2jvo4xl) - "Microsoft Corporation" - C:\Windows\system32\drivers\a2jvo4xl.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
 chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
08.03.2012, 16:55
| #9 |
| | Wie entferne ich den BKA-Trojaner vollständig? Komischerweise finde ich den Eintrag "a2jvo4xl" bei OSAM nicht, weder per "Search" noch manuell. Jedoch ist mir folgender Eintrag aufgefallen (war auch rot hinterlegt): Name: a9e36znu Full path. C:\Windows\system32\drivers\a9e36znu.sys Status: Hidden registry entry, rootkit activity | File signed by Microsoft Key/Value modified: 06.03.2012 15:45:57 Er hat eben vieles gleich mit "a2jvo4xl" und wurde anscheinend auch kurz nachdem ich den Scan mit OSAM gemacht habe, bearbeitet, wie auch immer. Ist es möglich, dass das die richtige Datei ist? Gruß Mila |
|
08.03.2012, 17:15
| #10 |
| | Wie entferne ich den BKA-Trojaner vollständig? Hi, ja... probiere das mal aus... Hmm, in mir keimt der Verdacht, dass sich der Treiber jedesmal neu mit zufälligem Namen instanziiert... könnte was von Daemon-Tools sein... (Gewissheit gibt es nur nach Deinstallation von den Tools ;o)... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
08.03.2012, 21:20
| #12 |
| | Wie entferne ich den BKA-Trojaner vollständig? Hi, notier dir den Namen des unsichtbaren Treibers, boote neu, lass dann mal OSAM laufen und Du wirst sehen, der Name des Treibers hat sich wieder geändert... Wenn Du kannst, deinstalliere die Tools und probiere es dann nochmal... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
12.03.2012, 15:10
| #13 |
| | Wie entferne ich den BKA-Trojaner vollständig? Hey, nach einem Neustart hat sich der Name des Triebrs wirklich geändert. Ich habe nun Daemon Tools deinstalliert und sehe den Eintrag nicht mehr in der Liste. Trotzdem hier noch mal der Log von OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:07:25 on 12.03.2012 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 10.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "SEMC USB Flash Driver" (ggsemc) - "Sony Ericsson Mobile Communications" - C:\Windows\System32\DRIVERS\ggsemc.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "wlpg" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - (File not found | COM-object registry key not found) {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {59AF8E81-BE3C-11d5-BE40-00A0244C457F} "SafeGuard® PrivateCrypto extension" - ? - G:\SafeGuardPrivateCrypto_2.31\SafeGuard PrivateCrypto\pcshell.dll (File not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - ? - (File not found | COM-object registry key not found) {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Autoplay Drop Target Shim" - ? - (File not found | COM-object registry key not found) {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Editor Drop Target" - ? - (File not found | COM-object registry key not found) {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Drop Target Shim" - ? - (File not found | COM-object registry key not found) {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Viewer Drop Target" - ? - (File not found | COM-object registry key not found) {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Drop Target Shim" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "{00F33137-EE26-412F-8D71-F84E4C2C6625}" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "Stardock ObjectDock.lnk" - "Stardock" - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "lxbkbmgr.exe" - "Lexmark International, Inc." - "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MGSysCtrl" - "Micro-Star International Co., Ltd." - C:\Program Files\System Control Manager\MGSysCtrl.exe "PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Google Update Service (gupdate1cacaaa532c07b0)" (gupdate1cacaaa532c07b0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Internet Pass-Through Service" (PassThru Service) - ? - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Micro Star SCM" (Micro Star SCM) - "Micro-Star International Co., Ltd." - C:\Program Files\System Control Manager\MSIService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "NMSAccess" (NMSAccess) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Mila |
|
12.03.2012, 15:26
| #14 |
| | Wie entferne ich den BKA-Trojaner vollständig? Hi, sieht gut aus... Cleaner drüber jagen... Anleitung & Download: http://www.trojaner-board.de/51464-a...-ccleaner.html Die Registry (blaues Würfel-Symbol linke Seite) musst du mehrmals durchsuchen und bereinigen lassen, bis nichts mehr gefunden wird. Installation des cCleaners ohne die Toolbar! Benutzerdefinierte Installation wählen. Dann startest du den Rechner im normalen Modus neu. Nur Download über: Redirecting... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
12.03.2012, 19:24
| #15 |
| | Wie entferne ich den BKA-Trojaner vollständig? Hey, hab ich gemacht. Ein Fehler konnte immer nicht behoben werden, aber das liegt wohl laut Google an Antivir 9. Auf jeden Fall vielen vielen Dank nochmal für deine Mühe! Gruß Mila |
|
| Themen zu Wie entferne ich den BKA-Trojaner vollständig? |
| aufsetzen, ausführen, bka - trojaner, dateisystem, durchführen, einfach, entferne, entfernen, frage, gelöscht, herzliches, heuristiks/extra, heuristiks/shuriken, hoffe, konnte, konto, lanmanworkstation, laptop, natürlich, neu, neu aufsetzen, nt.dll, nutze, nutzen, probleme, system, system neu, system neu aufsetzen, taskhost.exe, verweise, virus, vollständig, vorgehen, windows, windows 7 |
Linear-Darstellung
