| |
| |||||||
Log-Analyse und Auswertung: Trojaner: TAN-Abfrage beim Targobank-OnlinebankingWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.05.2012, 09:40
| #1 |
 |  Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Guten Morgen, meine Frau hat sich auf ihrem Rechner was eingefangen; nach dem Einloggen beim Onlinebanking sollte sie ihre gesamte TAN-Liste abtippen - was sie natürlich nicht gemacht hat. Den Bankingzugang hat sie erst mal sperren lassen, und dann war ich an der Reihe. - Nachdem sich in diesem Board auch schon einige ähnliche Threads fanden, habe ich Malwarebytes Anti-Malware drüberlaufen lassen. Hier der erste Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.30.01 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 *** :: ***-PC [Administrator] Schutz: Aktiviert 30.05.2012 07:41:26 mbam-log-2012-05-30 (07-41-26).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 267129 Laufzeit: 32 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\System32\cmdow.exe (PUP.Tool) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.30.01 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 *** :: ***-PC [Administrator] Schutz: Aktiviert 30.05.2012 08:26:49 mbam-log-2012-05-30 (08-26-49).txt Art des Suchlaufs: Flash-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P Durchsuchte Objekte: 145495 Laufzeit: 1 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) - OTL ausgeführt. Hier die OTL.txt: Code:
ATTFilter OTL logfile created on: 30.05.2012 09:05:40 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\***\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,62% Memory free 3,99 Gb Paging File | 3,04 Gb Available in Paging File | 76,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 91,51 Gb Total Space | 42,86 Gb Free Space | 46,83% Space Free | Partition Type: NTFS Drive D: | 20,27 Gb Total Space | 12,50 Gb Free Space | 61,66% Space Free | Partition Type: FAT32 Drive F: | 7,55 Gb Total Space | 6,97 Gb Free Space | 92,30% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.30 08:51:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 04:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.10.15 09:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.10.15 09:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe PRC - [2007.09.20 08:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe PRC - [2007.09.12 18:48:08 | 000,032,768 | ---- | M] () -- C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe PRC - [2007.08.09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.26 18:37:22 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\s3trayp.exe PRC - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMWDSrv.exe PRC - [2007.04.04 11:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMProcess.exe PRC - [2007.03.28 00:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMCONFIG.exe PRC - [2007.03.06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\StartAutorun.exe PRC - [2006.05.29 13:40:46 | 000,266,240 | ---- | M] () -- C:\Windows\System32\ESB.EXE ========== Modules (No Company Name) ========== MOD - [2007.09.12 18:48:08 | 000,032,768 | ---- | M] () -- C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe MOD - [2007.06.22 13:59:38 | 000,077,824 | ---- | M] () -- C:\Windows\System32\glspef.ax MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Programme\Mouse Driver\keydll.dll MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll MOD - [2006.05.29 13:40:46 | 000,266,240 | ---- | M] () -- C:\Windows\System32\ESB.EXE MOD - [2005.05.04 19:12:46 | 000,028,672 | ---- | M] () -- C:\Programme\Mouse Driver\MouseHook.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.03 19:20:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:35:13 | 000,122,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.01.21 04:34:00 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2008.01.21 04:33:46 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2006.06.01 21:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.10.01 00:41:55 | 000,337,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B) DRV - [2008.07.06 20:59:11 | 000,223,424 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2008.01.21 04:33:22 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2008.01.21 04:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR) DRV - [2008.01.21 04:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs) DRV - [2008.01.21 04:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:32:51 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2008.01.21 04:32:51 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass) DRV - [2008.01.21 04:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:32:50 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd) DRV - [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV) DRV - [2008.01.21 04:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:32:49 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk) DRV - [2008.01.21 04:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:32:48 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV) DRV - [2008.01.21 04:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:32:47 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm) DRV - [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:32:45 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio) DRV - [2008.01.21 04:32:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc) DRV - [2008.01.21 04:32:45 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk) DRV - [2008.01.21 04:32:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse) DRV - [2008.01.21 04:32:23 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp) DRV - [2008.01.21 04:32:22 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008.01.21 04:32:22 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp) DRV - [2008.01.21 04:32:22 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2008.01.21 04:32:21 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8) DRV - [2008.01.21 04:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7) DRV - [2008.01.21 04:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7) DRV - [2008.01.21 04:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor) DRV - [2008.01.21 04:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe) DRV - [2008.01.21 04:32:21 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci) DRV - [2008.01.21 04:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide) DRV - [2008.01.21 04:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2008.01.21 04:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide) DRV - [2008.01.21 04:32:21 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide) DRV - [2008.01.21 04:32:21 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2008.01.21 04:32:21 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev) DRV - [2007.07.20 09:59:44 | 000,791,040 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP) DRV - [2007.06.26 13:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene) DRV - [2007.06.18 16:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem) DRV - [2007.03.29 15:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM) DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth) DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394) DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR) DRV - [2006.11.02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci) DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr) DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen) DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2001.12.20 22:54:56 | 000,011,372 | ---- | M] (Copyright (C) Grand Tech Corp. ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\GT680x.SYS -- (GT680x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1<mpl=googlemail" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30109.0.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 19:20:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.30 21:09:37 | 000,000,000 | ---D | M] [2011.04.20 22:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.05.21 17:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions [2012.02.05 20:40:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.21 17:49:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.11.20 15:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.05 20:31:12 | 000,128,458 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OY07AAK.DEFAULT\EXTENSIONS\BETTERFACEBOOK@MATTKRUSE.COM.XPI [2011.11.08 23:40:42 | 000,009,644 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OY07AAK.DEFAULT\EXTENSIONS\PRINTPDF@PAVLOV.NET.XPI [2012.05.03 19:20:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.11 20:58:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.11 20:58:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.11 20:58:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.11 20:58:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.11 20:58:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.11 20:58:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [ESB] C:\Windows\System32\ESB.EXE () O4 - HKLM..\Run: [GenePccMon.exe] C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe () O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Esfoycohu] C:\Users\***\AppData\Roaming\Qafiic\ystoi.exe (IEInspector Software) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} hxxp://www.arcor.de/vod/dmd/WMDownload.cab (InetDownload Class) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DDB1FDD-F9EC-4C97-9B70-22795AAC9605}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{bce53fdf-c1d9-11dd-88e1-0040d0e87494}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe O33 - MountPoints2\{cf2db268-5cbb-11e1-afa4-0040d0e87494}\Shell - "" = AutoRun O33 - MountPoints2\{cf2db268-5cbb-11e1-afa4-0040d0e87494}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.30 09:03:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.05.30 07:38:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.05.30 07:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.30 07:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.30 07:38:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.30 07:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.25 19:10:04 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft-Support für [2012.05.25 19:10:04 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware [2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qafiic [2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ibqoz [2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ablum [2012.05.03 19:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.05.03 19:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla ========== Files - Modified Within 30 Days ========== [2012.05.30 09:04:19 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.05.30 08:52:11 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\qw9e5be1.exe [2012.05.30 08:51:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.05.30 08:51:01 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.05.30 08:24:41 | 000,628,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.30 08:24:41 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.30 08:24:41 | 000,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.30 08:24:41 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.30 08:20:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.30 08:20:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.30 08:20:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.30 08:20:14 | 2011,291,648 | -HS- | M] () -- C:\hiberfil.sys [2012.05.30 07:38:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.29 21:34:25 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job ========== Files Created - No Company Name ========== [2012.05.30 09:04:19 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.05.30 09:03:35 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\qw9e5be1.exe [2012.05.30 09:03:35 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.05.30 07:38:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.10.19 20:59:17 | 000,164,349 | ---- | C] () -- C:\Windows\hpoins19.dat [2011.10.19 20:59:04 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat ========== LOP Check ========== [2012.05.30 07:10:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ablum [2010.04.01 21:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cl-Soft [2012.05.30 08:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.02.05 21:34:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.02.05 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2009.08.06 20:37:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.02.05 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2012.05.23 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ibqoz [2012.05.23 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qafiic [2010.05.19 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SparweltGutschein [2008.07.06 22:29:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2012.05.30 08:19:26 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.05.29 21:34:25 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL logfile created on: 30.05.2012 09:05:40 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\***\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,62% Memory free 3,99 Gb Paging File | 3,04 Gb Available in Paging File | 76,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 91,51 Gb Total Space | 42,86 Gb Free Space | 46,83% Space Free | Partition Type: NTFS Drive D: | 20,27 Gb Total Space | 12,50 Gb Free Space | 61,66% Space Free | Partition Type: FAT32 Drive F: | 7,55 Gb Total Space | 6,97 Gb Free Space | 92,30% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.30 08:51:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 04:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.10.15 09:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.10.15 09:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe PRC - [2007.09.20 08:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe PRC - [2007.09.12 18:48:08 | 000,032,768 | ---- | M] () -- C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe PRC - [2007.08.09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.26 18:37:22 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\s3trayp.exe PRC - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMWDSrv.exe PRC - [2007.04.04 11:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMProcess.exe PRC - [2007.03.28 00:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMCONFIG.exe PRC - [2007.03.06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\StartAutorun.exe PRC - [2006.05.29 13:40:46 | 000,266,240 | ---- | M] () -- C:\Windows\System32\ESB.EXE ========== Modules (No Company Name) ========== MOD - [2007.09.12 18:48:08 | 000,032,768 | ---- | M] () -- C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe MOD - [2007.06.22 13:59:38 | 000,077,824 | ---- | M] () -- C:\Windows\System32\glspef.ax MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Programme\Mouse Driver\keydll.dll MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll MOD - [2006.05.29 13:40:46 | 000,266,240 | ---- | M] () -- C:\Windows\System32\ESB.EXE MOD - [2005.05.04 19:12:46 | 000,028,672 | ---- | M] () -- C:\Programme\Mouse Driver\MouseHook.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.03 19:20:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:35:13 | 000,122,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.01.21 04:34:00 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2008.01.21 04:33:46 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2006.06.01 21:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.10.01 00:41:55 | 000,337,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B) DRV - [2008.07.06 20:59:11 | 000,223,424 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2008.01.21 04:33:22 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2008.01.21 04:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR) DRV - [2008.01.21 04:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs) DRV - [2008.01.21 04:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:32:51 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2008.01.21 04:32:51 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass) DRV - [2008.01.21 04:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:32:50 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd) DRV - [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV) DRV - [2008.01.21 04:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:32:49 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk) DRV - [2008.01.21 04:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:32:48 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV) DRV - [2008.01.21 04:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:32:47 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm) DRV - [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:32:45 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio) DRV - [2008.01.21 04:32:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc) DRV - [2008.01.21 04:32:45 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk) DRV - [2008.01.21 04:32:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse) DRV - [2008.01.21 04:32:23 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp) DRV - [2008.01.21 04:32:22 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008.01.21 04:32:22 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp) DRV - [2008.01.21 04:32:22 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2008.01.21 04:32:21 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8) DRV - [2008.01.21 04:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7) DRV - [2008.01.21 04:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7) DRV - [2008.01.21 04:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor) DRV - [2008.01.21 04:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe) DRV - [2008.01.21 04:32:21 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci) DRV - [2008.01.21 04:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide) DRV - [2008.01.21 04:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2008.01.21 04:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide) DRV - [2008.01.21 04:32:21 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide) DRV - [2008.01.21 04:32:21 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2008.01.21 04:32:21 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev) DRV - [2007.07.20 09:59:44 | 000,791,040 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP) DRV - [2007.06.26 13:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene) DRV - [2007.06.18 16:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem) DRV - [2007.03.29 15:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM) DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth) DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394) DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR) DRV - [2006.11.02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci) DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr) DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen) DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2001.12.20 22:54:56 | 000,011,372 | ---- | M] (Copyright (C) Grand Tech Corp. ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\GT680x.SYS -- (GT680x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1<mpl=googlemail" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30109.0.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 19:20:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.30 21:09:37 | 000,000,000 | ---D | M] [2011.04.20 22:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.05.21 17:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions [2012.02.05 20:40:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.21 17:49:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8oy07aak.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.11.20 15:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.05 20:31:12 | 000,128,458 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OY07AAK.DEFAULT\EXTENSIONS\BETTERFACEBOOK@MATTKRUSE.COM.XPI [2011.11.08 23:40:42 | 000,009,644 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8OY07AAK.DEFAULT\EXTENSIONS\PRINTPDF@PAVLOV.NET.XPI [2012.05.03 19:20:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.11 20:58:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.11 20:58:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.11 20:58:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.11 20:58:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.11 20:58:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.11 20:58:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [ESB] C:\Windows\System32\ESB.EXE () O4 - HKLM..\Run: [GenePccMon.exe] C:\Programme\Genesys Logic PC Camera Device\GenePccMon.exe () O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Esfoycohu] C:\Users\***\AppData\Roaming\Qafiic\ystoi.exe (IEInspector Software) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} hxxp://www.arcor.de/vod/dmd/WMDownload.cab (InetDownload Class) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DDB1FDD-F9EC-4C97-9B70-22795AAC9605}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{bce53fdf-c1d9-11dd-88e1-0040d0e87494}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe O33 - MountPoints2\{cf2db268-5cbb-11e1-afa4-0040d0e87494}\Shell - "" = AutoRun O33 - MountPoints2\{cf2db268-5cbb-11e1-afa4-0040d0e87494}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.30 09:03:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.05.30 07:38:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.05.30 07:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.30 07:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.30 07:38:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.30 07:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.25 19:10:04 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft-Support für [2012.05.25 19:10:04 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware [2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qafiic [2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ibqoz [2012.05.23 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ablum [2012.05.03 19:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.05.03 19:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla ========== Files - Modified Within 30 Days ========== [2012.05.30 09:04:19 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.05.30 08:52:11 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\qw9e5be1.exe [2012.05.30 08:51:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.05.30 08:51:01 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.05.30 08:24:41 | 000,628,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.30 08:24:41 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.30 08:24:41 | 000,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.30 08:24:41 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.30 08:20:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.30 08:20:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.30 08:20:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.30 08:20:14 | 2011,291,648 | -HS- | M] () -- C:\hiberfil.sys [2012.05.30 07:38:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.29 21:34:25 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job ========== Files Created - No Company Name ========== [2012.05.30 09:04:19 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.05.30 09:03:35 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\qw9e5be1.exe [2012.05.30 09:03:35 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.05.30 07:38:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.10.19 20:59:17 | 000,164,349 | ---- | C] () -- C:\Windows\hpoins19.dat [2011.10.19 20:59:04 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat ========== LOP Check ========== [2012.05.30 07:10:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ablum [2010.04.01 21:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cl-Soft [2012.05.30 08:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.02.05 21:34:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.02.05 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2009.08.06 20:37:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.02.05 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2012.05.23 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ibqoz [2012.05.23 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qafiic [2010.05.19 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SparweltGutschein [2008.07.06 22:29:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2012.05.30 08:19:26 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.05.29 21:34:25 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job ========== Purity Check ========== < End of report > Ich würde mich sehr freuen, wenn ihr mal drüberschauen könnt und mir helft. Vielen Dank schon mal ! Gruß Christian |
|
30.05.2012, 10:22
| #2 | |
| /// Malwareteam    |  Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
30.05.2012, 11:26
| #3 |
| | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Hallo Marius,
__________________danke für die schnelle Rückmeldung. Hier ist das Combofix-Log: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-05-30.02 - *** 30.05.2012 12:01:29.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.49.1031.18.1917.949 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dsci0077.jpg
C:\dsci0081.jpg
C:\dsci0082.jpg
C:\dsci0084.jpg
C:\dsci0085.jpg
c:\users\***\AppData\Local\.#
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-28 bis 2012-05-30 ))))))))))))))))))))))))))))))
.
.
2012-05-30 10:09 . 2012-05-30 10:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-30 05:38 . 2012-05-30 05:38 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-05-30 05:38 . 2012-05-30 05:38 -------- d-----w- c:\programdata\Malwarebytes
2012-05-30 05:38 . 2012-05-30 05:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-30 05:38 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-25 17:10 . 2012-05-30 05:51 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-25 17:10 . 2012-05-25 17:10 -------- d-----w- c:\windows\Microsoft-Support für
2012-05-23 19:38 . 2012-05-30 05:10 -------- d-----w- c:\users\***\AppData\Roaming\Ablum
2012-05-23 19:38 . 2012-05-23 19:38 -------- d-----w- c:\users\***\AppData\Roaming\Qafiic
2012-05-23 19:38 . 2012-05-23 19:38 -------- d-----w- c:\users\***\AppData\Roaming\Ibqoz
2012-05-03 17:20 . 2012-05-03 17:20 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 17:20 . 2012-05-03 17:20 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 17:20 . 2012-05-03 17:20 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 08:05 . 2012-01-05 20:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 17:20 . 2011-04-20 20:23 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
"Esfoycohu"="c:\users\***\AppData\Roaming\Qafiic\ystoi.exe" [2010-09-21 359936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"ESB"="c:\windows\system32\ESB.EXE" [2006-05-29 266240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-24 869936]
"S3Trayp"="S3Trayp.exe" [2007-06-26 176128]
"GenePccMon.exe"="c:\program files\Genesys Logic PC Camera Device\GenePccMon.exe" [2007-09-12 32768]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-05 149280]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{F99B1A12-B83B-4C9A-89B7-1D4489A3F53F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.medion.com/
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8oy07aak.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1<mpl=googlemail
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{7095FD27-37F0-4750-9DE8-D37DC0043706} - c:\program files\InstallShield Installation Information\{7095FD27-37F0-4750-9DE8-D37DC0043706}\Install.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 12:11
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
GenePccMon.exe = c:\program files\Genesys Logic PC Camera Device\GenePccMon.exe?????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2500)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Mouse Driver\KMWDSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\conime.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\s3trayp.exe
c:\program files\Mouse Driver\KMConfig.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-30 12:16:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-05-30 10:16
.
Vor Suchlauf: 7 Verzeichnis(se), 46.835.748.864 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 47.687.786.496 Bytes frei
.
- - End Of File - - 4F7B1A62E69F61B30D96F082DA0667BE
Noch eine Frage: Auf dem System lief Avira Antivir. Habe Antivir heute morgen aber entfernt, um Kaspersky Internet Security 2012 zu installieren. Diese Installation brach aber mit einer Fehlermeldung ab. Kann das an dem Schädling gelegen haben? Gruß Christian |
|
30.05.2012, 11:41
| #4 |
| /// Malwareteam | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Hallo Christian, dass es an dem Schädling lag, ist eher unwahrscheinlich! Werden wir uns aber nachher ansehen, momentan haben wir andere Sorgen: CF-Script Hinweis: Durch *** ersetzte Komponenten müssen wieder umbenannt werden! Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter http://www.trojaner-board.de/115991-trojaner-tan-abfrage-beim-targobank-onlinebanking.html
COLLECT::
c:\users\***\AppData\Roaming\Qafiic\ystoi.exe
DIRLOOK::
c:\users\***\AppData\Roaming\Ablum
c:\users\***\AppData\Roaming\Qafiic
c:\users\***\AppData\Roaming\Ibqoz
REGISTRY::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Esfoycohu"=-
CLEARJAVACACHE::
Wichtig:
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
30.05.2012, 12:24
| #5 |
| | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Datei wurde durch ComboFix hochgeladen. Hier ist das Log: Code:
ATTFilter Combofix Logfile: Christian |
|
30.05.2012, 12:27
| #6 |
| /// Malwareteam | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Trojaner: TAN-Abfrage beim Targobank-Onlinebanking |
|
30.05.2012, 12:33
| #7 |
| | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Und hier das Log: Code:
ATTFilter 13:31:06.0675 2532 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
13:31:07.0175 2532 ============================================================
13:31:07.0175 2532 Current date / time: 2012/05/30 13:31:07.0175
13:31:07.0175 2532 SystemInfo:
13:31:07.0175 2532
13:31:07.0175 2532 OS Version: 6.0.6001 ServicePack: 1.0
13:31:07.0175 2532 Product type: Workstation
13:31:07.0175 2532 ComputerName: ***-PC
13:31:07.0175 2532 UserName: ***
13:31:07.0175 2532 Windows directory: C:\Windows
13:31:07.0175 2532 System windows directory: C:\Windows
13:31:07.0175 2532 Processor architecture: Intel x86
13:31:07.0175 2532 Number of processors: 2
13:31:07.0175 2532 Page size: 0x1000
13:31:07.0175 2532 Boot type: Normal boot
13:31:07.0175 2532 ============================================================
13:31:08.0300 2532 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:31:08.0300 2532 Drive \Device\Harddisk1\DR2 - Size: 0x1E3000000 (7.55 Gb), SectorSize: 0x200, Cylinders: 0x3D9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:31:08.0315 2532 ============================================================
13:31:08.0315 2532 \Device\Harddisk0\DR0:
13:31:08.0315 2532 MBR partitions:
13:31:08.0315 2532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xB703000
13:31:08.0315 2532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xB703800, BlocksNum 0x2890800
13:31:08.0315 2532 \Device\Harddisk1\DR2:
13:31:08.0315 2532 MBR partitions:
13:31:08.0315 2532 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0xF17FE0
13:31:08.0315 2532 ============================================================
13:31:08.0346 2532 C: <-> \Device\Harddisk0\DR0\Partition0
13:31:08.0378 2532 D: <-> \Device\Harddisk0\DR0\Partition1
13:31:08.0378 2532 ============================================================
13:31:08.0378 2532 Initialize success
13:31:08.0378 2532 ============================================================
13:31:27.0081 3808 ============================================================
13:31:27.0081 3808 Scan started
13:31:27.0081 3808 Mode: Manual; TDLFS;
13:31:27.0081 3808 ============================================================
13:31:27.0800 3808 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
13:31:27.0815 3808 ACPI - ok
13:31:27.0878 3808 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:31:27.0878 3808 adp94xx - ok
13:31:27.0909 3808 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:31:27.0925 3808 adpahci - ok
13:31:27.0956 3808 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:31:27.0956 3808 adpu160m - ok
13:31:28.0003 3808 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:31:28.0003 3808 adpu320 - ok
13:31:28.0034 3808 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:31:28.0034 3808 AeLookupSvc - ok
13:31:28.0081 3808 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
13:31:28.0112 3808 AFD - ok
13:31:28.0143 3808 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:31:28.0143 3808 aic78xx - ok
13:31:28.0190 3808 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:31:28.0190 3808 ALG - ok
13:31:28.0206 3808 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:31:28.0206 3808 aliide - ok
13:31:28.0253 3808 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:31:28.0253 3808 amdagp - ok
13:31:28.0284 3808 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:31:28.0284 3808 amdide - ok
13:31:28.0300 3808 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:31:28.0300 3808 AmdK7 - ok
13:31:28.0346 3808 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:31:28.0346 3808 AmdK8 - ok
13:31:28.0393 3808 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:31:28.0393 3808 Appinfo - ok
13:31:28.0456 3808 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:31:28.0456 3808 arc - ok
13:31:28.0471 3808 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:31:28.0471 3808 arcsas - ok
13:31:28.0565 3808 aspnet_state (ca89a5872dafab3d1932275d3eda26d8) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:31:28.0565 3808 aspnet_state - ok
13:31:28.0612 3808 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:31:28.0612 3808 AsyncMac - ok
13:31:28.0628 3808 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
13:31:28.0628 3808 atapi - ok
13:31:28.0690 3808 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
13:31:28.0690 3808 AudioEndpointBuilder - ok
13:31:28.0706 3808 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
13:31:28.0706 3808 Audiosrv - ok
13:31:28.0753 3808 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:31:28.0753 3808 Beep - ok
13:31:28.0815 3808 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
13:31:28.0831 3808 BFE - ok
13:31:28.0956 3808 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
13:31:28.0956 3808 BITS - ok
13:31:28.0971 3808 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:31:28.0987 3808 blbdrive - ok
13:31:29.0003 3808 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
13:31:29.0003 3808 bowser - ok
13:31:29.0050 3808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:31:29.0050 3808 BrFiltLo - ok
13:31:29.0081 3808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:31:29.0081 3808 BrFiltUp - ok
13:31:29.0128 3808 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:31:29.0128 3808 Browser - ok
13:31:29.0159 3808 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:31:29.0159 3808 Brserid - ok
13:31:29.0190 3808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:31:29.0190 3808 BrSerWdm - ok
13:31:29.0221 3808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:31:29.0221 3808 BrUsbMdm - ok
13:31:29.0253 3808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:31:29.0253 3808 BrUsbSer - ok
13:31:29.0284 3808 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:31:29.0284 3808 BTHMODEM - ok
13:31:29.0315 3808 catchme - ok
13:31:29.0378 3808 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:31:29.0378 3808 cdfs - ok
13:31:29.0393 3808 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
13:31:29.0393 3808 cdrom - ok
13:31:29.0456 3808 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
13:31:29.0456 3808 CertPropSvc - ok
13:31:29.0565 3808 CFcatchme - ok
13:31:29.0612 3808 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:31:29.0612 3808 circlass - ok
13:31:29.0643 3808 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
13:31:29.0659 3808 CLFS - ok
13:31:29.0721 3808 clr_optimization_v2.0.50727_32 (a4af4201bd519971f8f34724f3ca9dbb) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:31:29.0737 3808 clr_optimization_v2.0.50727_32 - ok
13:31:29.0784 3808 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:31:29.0784 3808 CmBatt - ok
13:31:29.0831 3808 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:31:29.0831 3808 cmdide - ok
13:31:29.0862 3808 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:31:29.0862 3808 Compbatt - ok
13:31:29.0878 3808 COMSysApp - ok
13:31:29.0909 3808 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:31:29.0909 3808 crcdisk - ok
13:31:29.0925 3808 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:31:29.0925 3808 Crusoe - ok
13:31:29.0971 3808 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
13:31:29.0971 3808 CryptSvc - ok
13:31:30.0034 3808 DCamUSBGene (4aefc07ae970fb75201cdcb79e9bad33) C:\Windows\system32\DRIVERS\usbgene.sys
13:31:30.0034 3808 DCamUSBGene - ok
13:31:30.0112 3808 DcomLaunch (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
13:31:30.0128 3808 DcomLaunch - ok
13:31:30.0143 3808 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
13:31:30.0143 3808 DfsC - ok
13:31:30.0300 3808 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
13:31:30.0346 3808 DFSR - ok
13:31:30.0487 3808 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
13:31:30.0503 3808 Dhcp - ok
13:31:30.0565 3808 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
13:31:30.0565 3808 disk - ok
13:31:30.0612 3808 Dnscache (f5a0f1da1ed8b429597e71d27d976e31) C:\Windows\System32\dnsrslvr.dll
13:31:30.0612 3808 Dnscache - ok
13:31:30.0643 3808 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
13:31:30.0659 3808 dot3svc - ok
13:31:30.0737 3808 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:31:30.0753 3808 Dot4 - ok
13:31:30.0784 3808 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:31:30.0784 3808 Dot4Print - ok
13:31:30.0815 3808 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:31:30.0815 3808 dot4usb - ok
13:31:30.0846 3808 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:31:30.0862 3808 DPS - ok
13:31:30.0893 3808 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:31:30.0893 3808 drmkaud - ok
13:31:30.0971 3808 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
13:31:30.0987 3808 DXGKrnl - ok
13:31:31.0018 3808 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:31:31.0018 3808 E1G60 - ok
13:31:31.0050 3808 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:31:31.0050 3808 EapHost - ok
13:31:31.0096 3808 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
13:31:31.0112 3808 Ecache - ok
13:31:31.0159 3808 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:31:31.0175 3808 elxstor - ok
13:31:31.0237 3808 EMDMgmt (ba4e96d951ddad6ac3af3c91d4ac68bf) C:\Windows\system32\emdmgmt.dll
13:31:31.0237 3808 EMDMgmt - ok
13:31:31.0268 3808 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:31:31.0268 3808 ErrDev - ok
13:31:31.0346 3808 EventSystem (f4bf4fa769db51b106d2b4b35256988b) C:\Windows\system32\es.dll
13:31:31.0346 3808 EventSystem - ok
13:31:31.0378 3808 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
13:31:31.0393 3808 exfat - ok
13:31:31.0409 3808 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
13:31:31.0425 3808 fastfat - ok
13:31:31.0456 3808 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:31:31.0456 3808 fdc - ok
13:31:31.0471 3808 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:31:31.0471 3808 fdPHost - ok
13:31:31.0503 3808 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:31:31.0518 3808 FDResPub - ok
13:31:31.0565 3808 FET5X86V (263f2507788917ab54c4ab8bc740f290) C:\Windows\system32\DRIVERS\fetnd5bv.sys
13:31:31.0581 3808 FET5X86V - ok
13:31:31.0643 3808 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
13:31:31.0643 3808 FETNDIS - ok
13:31:31.0675 3808 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:31:31.0675 3808 FileInfo - ok
13:31:31.0690 3808 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:31:31.0690 3808 Filetrace - ok
13:31:31.0721 3808 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:31:31.0721 3808 flpydisk - ok
13:31:31.0768 3808 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
13:31:31.0768 3808 FltMgr - ok
13:31:31.0878 3808 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:31:31.0878 3808 FontCache3.0.0.0 - ok
13:31:31.0893 3808 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:31:31.0893 3808 Fs_Rec - ok
13:31:31.0940 3808 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:31:31.0940 3808 gagp30kx - ok
13:31:32.0018 3808 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
13:31:32.0018 3808 gpsvc - ok
13:31:32.0065 3808 GT680x (eac11a7e7d21e50b42eb5ebe4e4abfde) C:\Windows\system32\Drivers\GT680x.sys
13:31:32.0065 3808 GT680x - ok
13:31:32.0175 3808 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:31:32.0190 3808 gusvc - ok
13:31:32.0237 3808 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:31:32.0253 3808 HdAudAddService - ok
13:31:32.0284 3808 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:31:32.0300 3808 HDAudBus - ok
13:31:32.0315 3808 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:31:32.0315 3808 HidBth - ok
13:31:32.0346 3808 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:31:32.0346 3808 HidIr - ok
13:31:32.0393 3808 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
13:31:32.0393 3808 hidserv - ok
13:31:32.0425 3808 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
13:31:32.0425 3808 HidUsb - ok
13:31:32.0471 3808 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:31:32.0471 3808 hkmsvc - ok
13:31:32.0487 3808 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:31:32.0487 3808 HpCISSs - ok
13:31:32.0612 3808 hpqcxs08 (fcb563b0a23643e5f80b6ff1e60f610f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:31:32.0628 3808 hpqcxs08 - ok
13:31:32.0659 3808 hpqddsvc (25e443e27165c652723a92d9bdfd4649) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:31:32.0675 3808 hpqddsvc - ok
13:31:32.0721 3808 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:31:32.0721 3808 HSFHWAZL - ok
13:31:32.0815 3808 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:31:32.0831 3808 HSF_DPV - ok
13:31:32.0862 3808 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
13:31:32.0893 3808 HTTP - ok
13:31:32.0909 3808 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:31:32.0909 3808 i2omp - ok
13:31:32.0956 3808 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:31:32.0971 3808 i8042prt - ok
13:31:33.0018 3808 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:31:33.0018 3808 iaStorV - ok
13:31:33.0159 3808 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:31:33.0175 3808 idsvc - ok
13:31:33.0190 3808 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:31:33.0190 3808 iirsp - ok
13:31:33.0253 3808 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
13:31:33.0253 3808 IKEEXT - ok
13:31:33.0425 3808 IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys
13:31:33.0440 3808 IntcAzAudAddService - ok
13:31:33.0612 3808 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:31:33.0612 3808 intelide - ok
13:31:33.0643 3808 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:31:33.0643 3808 intelppm - ok
13:31:33.0675 3808 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:31:33.0675 3808 IPBusEnum - ok
13:31:33.0706 3808 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:31:33.0721 3808 IpFilterDriver - ok
13:31:33.0753 3808 iphlpsvc (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll
13:31:33.0753 3808 iphlpsvc - ok
13:31:33.0753 3808 IpInIp - ok
13:31:33.0800 3808 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:31:33.0800 3808 IPMIDRV - ok
13:31:33.0846 3808 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:31:33.0846 3808 IPNAT - ok
13:31:33.0862 3808 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:31:33.0862 3808 IRENUM - ok
13:31:33.0893 3808 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:31:33.0893 3808 isapnp - ok
13:31:33.0940 3808 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
13:31:33.0956 3808 iScsiPrt - ok
13:31:33.0956 3808 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:31:33.0956 3808 iteatapi - ok
13:31:33.0987 3808 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:31:33.0987 3808 iteraid - ok
13:31:34.0018 3808 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:31:34.0018 3808 kbdclass - ok
13:31:34.0050 3808 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
13:31:34.0050 3808 kbdhid - ok
13:31:34.0096 3808 KeyIso (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
13:31:34.0096 3808 KeyIso - ok
13:31:34.0159 3808 KMWDFilter (73186a580e287152b1be5087c0e92339) C:\Windows\System32\Drivers\KMWDFilter.SYS
13:31:34.0159 3808 KMWDFilter - ok
13:31:34.0284 3808 KMWDSERVICE (3d6cb0db6fe125f622c02dc0249dde9f) C:\Program Files\Mouse Driver\KMWDSrv.exe
13:31:34.0284 3808 KMWDSERVICE - ok
13:31:34.0346 3808 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
13:31:34.0346 3808 KSecDD - ok
13:31:34.0409 3808 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:31:34.0425 3808 KtmRm - ok
13:31:34.0471 3808 LanmanServer (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\System32\srvsvc.dll
13:31:34.0471 3808 LanmanServer - ok
13:31:34.0503 3808 LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll
13:31:34.0503 3808 LanmanWorkstation - ok
13:31:34.0518 3808 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:31:34.0534 3808 lltdio - ok
13:31:34.0596 3808 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:31:34.0596 3808 lltdsvc - ok
13:31:34.0628 3808 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:31:34.0628 3808 lmhosts - ok
13:31:34.0659 3808 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:31:34.0659 3808 LSI_FC - ok
13:31:34.0706 3808 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:31:34.0706 3808 LSI_SAS - ok
13:31:34.0737 3808 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:31:34.0737 3808 LSI_SCSI - ok
13:31:34.0768 3808 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:31:34.0784 3808 luafv - ok
13:31:34.0862 3808 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:31:34.0862 3808 MBAMProtector - ok
13:31:35.0003 3808 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:31:35.0018 3808 MBAMService - ok
13:31:35.0050 3808 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:31:35.0065 3808 megasas - ok
13:31:35.0112 3808 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:31:35.0112 3808 MegaSR - ok
13:31:35.0143 3808 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:31:35.0143 3808 MMCSS - ok
13:31:35.0175 3808 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:31:35.0175 3808 Modem - ok
13:31:35.0206 3808 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:31:35.0206 3808 monitor - ok
13:31:35.0253 3808 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
13:31:35.0253 3808 motmodem - ok
13:31:35.0284 3808 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:31:35.0284 3808 mouclass - ok
13:31:35.0315 3808 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:31:35.0315 3808 mouhid - ok
13:31:35.0346 3808 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:31:35.0346 3808 MountMgr - ok
13:31:35.0456 3808 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:31:35.0456 3808 MozillaMaintenance - ok
13:31:35.0503 3808 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:31:35.0503 3808 mpio - ok
13:31:35.0534 3808 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:31:35.0534 3808 mpsdrv - ok
13:31:35.0596 3808 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
13:31:35.0596 3808 MpsSvc - ok
13:31:35.0628 3808 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:31:35.0628 3808 Mraid35x - ok
13:31:35.0643 3808 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
13:31:35.0643 3808 MRxDAV - ok
13:31:35.0690 3808 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:31:35.0690 3808 mrxsmb - ok
13:31:35.0721 3808 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:31:35.0737 3808 mrxsmb10 - ok
13:31:35.0768 3808 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:31:35.0768 3808 mrxsmb20 - ok
13:31:35.0784 3808 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:31:35.0784 3808 msahci - ok
13:31:35.0831 3808 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:31:35.0831 3808 msdsm - ok
13:31:35.0862 3808 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:31:35.0893 3808 MSDTC - ok
13:31:35.0909 3808 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:31:35.0909 3808 Msfs - ok
13:31:35.0956 3808 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:31:35.0956 3808 msisadrv - ok
13:31:35.0987 3808 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:31:35.0987 3808 MSiSCSI - ok
13:31:36.0003 3808 msiserver - ok
13:31:36.0018 3808 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:31:36.0018 3808 MSKSSRV - ok
13:31:36.0065 3808 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:31:36.0065 3808 MSPCLOCK - ok
13:31:36.0096 3808 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:31:36.0096 3808 MSPQM - ok
13:31:36.0159 3808 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
13:31:36.0159 3808 MsRPC - ok
13:31:36.0190 3808 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:31:36.0190 3808 mssmbios - ok
13:31:36.0206 3808 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:31:36.0221 3808 MSTEE - ok
13:31:36.0237 3808 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
13:31:36.0237 3808 Mup - ok
13:31:36.0300 3808 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
13:31:36.0300 3808 napagent - ok
13:31:36.0331 3808 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
13:31:36.0362 3808 NativeWifiP - ok
13:31:36.0425 3808 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
13:31:36.0425 3808 NDIS - ok
13:31:36.0456 3808 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:31:36.0456 3808 NdisTapi - ok
13:31:36.0487 3808 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:31:36.0487 3808 Ndisuio - ok
13:31:36.0534 3808 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
13:31:36.0534 3808 NdisWan - ok
13:31:36.0550 3808 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:31:36.0550 3808 NDProxy - ok
13:31:36.0737 3808 Nero BackItUp Scheduler 3 (6d4028d458eaaa1782099750790dc8c9) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
13:31:36.0753 3808 Nero BackItUp Scheduler 3 - ok
13:31:36.0815 3808 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
13:31:36.0815 3808 Net Driver HPZ12 - ok
13:31:36.0862 3808 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:31:36.0862 3808 NetBIOS - ok
13:31:36.0893 3808 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
13:31:36.0893 3808 netbt - ok
13:31:36.0925 3808 Netlogon (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
13:31:36.0925 3808 Netlogon - ok
13:31:36.0971 3808 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:31:36.0971 3808 Netman - ok
13:31:37.0018 3808 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:31:37.0018 3808 netprofm - ok
13:31:37.0096 3808 NetTcpPortSharing (f9102685f97f9ba85f4a70afcf722cfe) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:31:37.0096 3808 NetTcpPortSharing - ok
13:31:37.0128 3808 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:31:37.0128 3808 nfrd960 - ok
13:31:37.0159 3808 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:31:37.0175 3808 NlaSvc - ok
13:31:37.0284 3808 NMIndexingService (d36107465e716cf2335a25c54b6d11c2) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:31:37.0284 3808 NMIndexingService - ok
13:31:37.0315 3808 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
13:31:37.0315 3808 Npfs - ok
13:31:37.0331 3808 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:31:37.0331 3808 nsi - ok
13:31:37.0362 3808 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:31:37.0362 3808 nsiproxy - ok
13:31:37.0487 3808 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
13:31:37.0503 3808 Ntfs - ok
13:31:37.0518 3808 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:31:37.0534 3808 ntrigdigi - ok
13:31:37.0550 3808 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:31:37.0550 3808 Null - ok
13:31:37.0596 3808 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:31:37.0596 3808 nvraid - ok
13:31:37.0612 3808 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:31:37.0612 3808 nvstor - ok
13:31:37.0659 3808 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:31:37.0659 3808 nv_agp - ok
13:31:37.0659 3808 NwlnkFlt - ok
13:31:37.0675 3808 NwlnkFwd - ok
13:31:37.0721 3808 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
13:31:37.0721 3808 ohci1394 - ok
13:31:37.0815 3808 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:31:37.0815 3808 ose - ok
13:31:37.0909 3808 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:31:37.0925 3808 p2pimsvc - ok
13:31:37.0925 3808 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:31:37.0940 3808 p2psvc - ok
13:31:37.0956 3808 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:31:37.0956 3808 Parport - ok
13:31:37.0987 3808 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
13:31:37.0987 3808 partmgr - ok
13:31:38.0018 3808 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:31:38.0018 3808 Parvdm - ok
13:31:38.0034 3808 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:31:38.0050 3808 PcaSvc - ok
13:31:38.0081 3808 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
13:31:38.0081 3808 pci - ok
13:31:38.0112 3808 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
13:31:38.0112 3808 pciide - ok
13:31:38.0159 3808 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:31:38.0159 3808 pcmcia - ok
13:31:38.0253 3808 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:31:38.0284 3808 PEAUTH - ok
13:31:38.0425 3808 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:31:38.0456 3808 pla - ok
13:31:38.0612 3808 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
13:31:38.0628 3808 PlugPlay - ok
13:31:38.0706 3808 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
13:31:38.0706 3808 Pml Driver HPZ12 - ok
13:31:38.0784 3808 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:31:38.0784 3808 PNRPAutoReg - ok
13:31:38.0800 3808 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:31:38.0815 3808 PNRPsvc - ok
13:31:38.0878 3808 PolicyAgent (017fb87911583b00da1581f07cb7e7f2) C:\Windows\System32\ipsecsvc.dll
13:31:38.0878 3808 PolicyAgent - ok
13:31:38.0956 3808 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:31:38.0956 3808 PptpMiniport - ok
13:31:38.0987 3808 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:31:38.0987 3808 Processor - ok
13:31:39.0018 3808 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
13:31:39.0018 3808 ProfSvc - ok
13:31:39.0050 3808 ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
13:31:39.0065 3808 ProtectedStorage - ok
13:31:39.0096 3808 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
13:31:39.0096 3808 PSched - ok
13:31:39.0143 3808 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
13:31:39.0143 3808 PxHelp20 - ok
13:31:39.0268 3808 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:31:39.0284 3808 ql2300 - ok
13:31:39.0315 3808 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:31:39.0315 3808 ql40xx - ok
13:31:39.0362 3808 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:31:39.0378 3808 QWAVE - ok
13:31:39.0393 3808 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:31:39.0393 3808 QWAVEdrv - ok
13:31:39.0425 3808 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:31:39.0425 3808 RasAcd - ok
13:31:39.0471 3808 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:31:39.0471 3808 RasAuto - ok
13:31:39.0518 3808 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:31:39.0518 3808 Rasl2tp - ok
13:31:39.0550 3808 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
13:31:39.0565 3808 RasMan - ok
13:31:39.0596 3808 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
13:31:39.0596 3808 RasPppoe - ok
13:31:39.0628 3808 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
13:31:39.0628 3808 RasSstp - ok
13:31:39.0675 3808 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
13:31:39.0675 3808 rdbss - ok
13:31:39.0690 3808 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:31:39.0690 3808 RDPCDD - ok
13:31:39.0737 3808 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:31:39.0737 3808 rdpdr - ok
13:31:39.0753 3808 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:31:39.0753 3808 RDPENCDD - ok
13:31:39.0800 3808 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
13:31:39.0800 3808 RDPWD - ok
13:31:39.0846 3808 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:31:39.0846 3808 RemoteAccess - ok
13:31:39.0862 3808 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
13:31:39.0878 3808 RemoteRegistry - ok
13:31:39.0909 3808 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:31:39.0909 3808 RpcLocator - ok
13:31:39.0971 3808 RpcSs (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
13:31:39.0971 3808 RpcSs - ok
13:31:39.0987 3808 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:31:40.0003 3808 rspndr - ok
13:31:40.0050 3808 RTL8187B (c279a9a9f946359548e5665c0e8bab15) C:\Windows\system32\DRIVERS\RTL8187B.sys
13:31:40.0081 3808 RTL8187B - ok
13:31:40.0175 3808 S3GIGP (f42777bda6d33bdf54a67b1d608300b3) C:\Windows\system32\DRIVERS\VTGKModeDX32.sys
13:31:40.0175 3808 S3GIGP - ok
13:31:40.0221 3808 SamSs (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
13:31:40.0221 3808 SamSs - ok
13:31:40.0253 3808 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:31:40.0253 3808 sbp2port - ok
13:31:40.0315 3808 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
13:31:40.0315 3808 SCardSvr - ok
13:31:40.0393 3808 Schedule (1d5e99db3c10f4fa034010dc49043ca4) C:\Windows\system32\schedsvc.dll
13:31:40.0393 3808 Schedule - ok
13:31:40.0440 3808 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
13:31:40.0440 3808 SCPolicySvc - ok
13:31:40.0471 3808 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:31:40.0487 3808 SDRSVC - ok
13:31:40.0487 3808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:31:40.0503 3808 secdrv - ok
13:31:40.0518 3808 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:31:40.0518 3808 seclogon - ok
13:31:40.0550 3808 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
13:31:40.0550 3808 SENS - ok
13:31:40.0596 3808 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:31:40.0596 3808 Serenum - ok
13:31:40.0612 3808 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:31:40.0612 3808 Serial - ok
13:31:40.0643 3808 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:31:40.0643 3808 sermouse - ok
13:31:40.0706 3808 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:31:40.0706 3808 SessionEnv - ok
13:31:40.0721 3808 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:31:40.0737 3808 sffdisk - ok
13:31:40.0768 3808 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:31:40.0768 3808 sffp_mmc - ok
13:31:40.0800 3808 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:31:40.0800 3808 sffp_sd - ok
13:31:40.0815 3808 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:31:40.0831 3808 sfloppy - ok
13:31:40.0878 3808 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:31:40.0878 3808 SharedAccess - ok
13:31:40.0909 3808 ShellHWDetection (27f10f348e508243f6254846f8370d0d) C:\Windows\System32\shsvcs.dll
13:31:40.0909 3808 ShellHWDetection - ok
13:31:40.0940 3808 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:31:40.0940 3808 SiSRaid2 - ok
13:31:40.0971 3808 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:31:40.0971 3808 SiSRaid4 - ok
13:31:41.0175 3808 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
13:31:41.0237 3808 slsvc - ok
13:31:41.0362 3808 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
13:31:41.0362 3808 SLUINotify - ok
13:31:41.0425 3808 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
13:31:41.0425 3808 Smb - ok
13:31:41.0440 3808 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:31:41.0456 3808 SNMPTRAP - ok
13:31:41.0471 3808 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:31:41.0487 3808 spldr - ok
13:31:41.0518 3808 Spooler (846cdf9a3cf4da9b306adfb7d55ee4c2) C:\Windows\System32\spoolsv.exe
13:31:41.0534 3808 Spooler - ok
13:31:41.0581 3808 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
13:31:41.0596 3808 srv - ok
13:31:41.0628 3808 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
13:31:41.0628 3808 srv2 - ok
13:31:41.0659 3808 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
13:31:41.0659 3808 srvnet - ok
13:31:41.0690 3808 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:31:41.0706 3808 SSDPSRV - ok
13:31:41.0753 3808 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:31:41.0753 3808 ssmdrv - ok
13:31:41.0815 3808 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:31:41.0815 3808 SstpSvc - ok
13:31:41.0893 3808 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
13:31:41.0893 3808 stisvc - ok
13:31:41.0925 3808 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:31:41.0925 3808 swenum - ok
13:31:41.0971 3808 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
13:31:41.0987 3808 swprv - ok
13:31:42.0003 3808 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:31:42.0003 3808 Symc8xx - ok
13:31:42.0034 3808 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:31:42.0034 3808 Sym_hi - ok
13:31:42.0050 3808 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:31:42.0050 3808 Sym_u3 - ok
13:31:42.0112 3808 SynTP (362e61958317ad657e79b282a78b26cb) C:\Windows\system32\DRIVERS\SynTP.sys
13:31:42.0112 3808 SynTP - ok
13:31:42.0159 3808 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
13:31:42.0175 3808 SysMain - ok
13:31:42.0190 3808 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:31:42.0190 3808 TabletInputService - ok
13:31:42.0221 3808 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
13:31:42.0237 3808 TapiSrv - ok
13:31:42.0253 3808 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:31:42.0253 3808 TBS - ok
13:31:42.0346 3808 Tcpip (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
13:31:42.0362 3808 Tcpip - ok
13:31:42.0378 3808 Tcpip6 (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
13:31:42.0393 3808 Tcpip6 - ok
13:31:42.0425 3808 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
13:31:42.0425 3808 tcpipreg - ok
13:31:42.0456 3808 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:31:42.0456 3808 TDPIPE - ok
13:31:42.0471 3808 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:31:42.0487 3808 TDTCP - ok
13:31:42.0503 3808 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
13:31:42.0503 3808 tdx - ok
13:31:42.0534 3808 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
13:31:42.0534 3808 TermDD - ok
13:31:42.0596 3808 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
13:31:42.0596 3808 TermService - ok
13:31:42.0643 3808 Themes (27f10f348e508243f6254846f8370d0d) C:\Windows\system32\shsvcs.dll
13:31:42.0643 3808 Themes - ok
13:31:42.0675 3808 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:31:42.0675 3808 THREADORDER - ok
13:31:42.0706 3808 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:31:42.0706 3808 TrkWks - ok
13:31:42.0784 3808 truecrypt (1592a0c126cf28b6d22d16ffe15a8a0d) C:\Windows\system32\drivers\truecrypt.sys
13:31:42.0784 3808 truecrypt - ok
13:31:42.0846 3808 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
13:31:42.0846 3808 TrustedInstaller - ok
13:31:42.0878 3808 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:31:42.0878 3808 tssecsrv - ok
13:31:42.0925 3808 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:31:42.0925 3808 tunmp - ok
13:31:42.0940 3808 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
13:31:42.0940 3808 tunnel - ok
13:31:42.0971 3808 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
13:31:42.0971 3808 uagp35 - ok
13:31:43.0018 3808 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
13:31:43.0018 3808 udfs - ok
13:31:43.0050 3808 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:31:43.0065 3808 UI0Detect - ok
13:31:43.0112 3808 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:31:43.0112 3808 uliagpkx - ok
13:31:43.0143 3808 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:31:43.0143 3808 uliahci - ok
13:31:43.0175 3808 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:31:43.0175 3808 UlSata - ok
13:31:43.0206 3808 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:31:43.0206 3808 ulsata2 - ok
13:31:43.0237 3808 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:31:43.0237 3808 umbus - ok
13:31:43.0284 3808 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:31:43.0284 3808 upnphost - ok
13:31:43.0331 3808 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:31:43.0346 3808 usbccgp - ok
13:31:43.0362 3808 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:31:43.0362 3808 usbcir - ok
13:31:43.0409 3808 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
13:31:43.0409 3808 usbehci - ok
13:31:43.0456 3808 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
13:31:43.0456 3808 usbhub - ok
13:31:43.0471 3808 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:31:43.0471 3808 usbohci - ok
13:31:43.0503 3808 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:31:43.0503 3808 usbprint - ok
13:31:43.0565 3808 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:31:43.0565 3808 usbscan - ok
13:31:43.0628 3808 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:31:43.0628 3808 USBSTOR - ok
13:31:43.0659 3808 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:31:43.0659 3808 usbuhci - ok
13:31:43.0690 3808 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
13:31:43.0690 3808 UxSms - ok
13:31:43.0753 3808 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
13:31:43.0784 3808 vds - ok
13:31:43.0815 3808 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:31:43.0815 3808 vga - ok
13:31:43.0846 3808 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:31:43.0846 3808 VgaSave - ok
13:31:43.0862 3808 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:31:43.0862 3808 viaagp - ok
13:31:43.0893 3808 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:31:43.0893 3808 ViaC7 - ok
13:31:43.0940 3808 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:31:43.0940 3808 viaide - ok
13:31:43.0956 3808 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:31:43.0971 3808 volmgr - ok
13:31:44.0003 3808 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
13:31:44.0003 3808 volmgrx - ok
13:31:44.0050 3808 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
13:31:44.0065 3808 volsnap - ok
13:31:44.0112 3808 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:31:44.0112 3808 vsmraid - ok
13:31:44.0221 3808 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
13:31:44.0253 3808 VSS - ok
13:31:44.0284 3808 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
13:31:44.0284 3808 W32Time - ok
13:31:44.0331 3808 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:31:44.0331 3808 WacomPen - ok
13:31:44.0378 3808 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:44.0378 3808 Wanarp - ok
13:31:44.0393 3808 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:44.0393 3808 Wanarpv6 - ok
13:31:44.0456 3808 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
13:31:44.0471 3808 wcncsvc - ok
13:31:44.0487 3808 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:31:44.0487 3808 WcsPlugInService - ok
13:31:44.0518 3808 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:31:44.0518 3808 Wd - ok
13:31:44.0581 3808 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:31:44.0596 3808 Wdf01000 - ok
13:31:44.0612 3808 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:31:44.0612 3808 WdiServiceHost - ok
13:31:44.0628 3808 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:31:44.0643 3808 WdiSystemHost - ok
13:31:44.0690 3808 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
13:31:44.0690 3808 WebClient - ok
13:31:44.0721 3808 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
13:31:44.0721 3808 Wecsvc - ok
13:31:44.0753 3808 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:31:44.0753 3808 wercplsupport - ok
13:31:44.0784 3808 WerSvc (4081288554294f144e5a7d4ee20e3ce6) C:\Windows\System32\WerSvc.dll
13:31:44.0800 3808 WerSvc - ok
13:31:44.0862 3808 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:31:44.0878 3808 winachsf - ok
13:31:44.0971 3808 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:31:44.0971 3808 WinDefend - ok
13:31:44.0987 3808 WinHttpAutoProxySvc - ok
13:31:45.0065 3808 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
13:31:45.0081 3808 Winmgmt - ok
13:31:45.0143 3808 WinRM (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
13:31:45.0175 3808 WinRM - ok
13:31:45.0237 3808 Wlansvc (4b40ff01db5357299dcbdb5a5746ad21) C:\Windows\System32\wlansvc.dll
13:31:45.0253 3808 Wlansvc - ok
13:31:45.0315 3808 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:31:45.0331 3808 WmiAcpi - ok
13:31:45.0378 3808 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
13:31:45.0393 3808 wmiApSrv - ok
13:31:45.0503 3808 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:31:45.0503 3808 WMPNetworkSvc - ok
13:31:45.0534 3808 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
13:31:45.0550 3808 WPCSvc - ok
13:31:45.0581 3808 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
13:31:45.0596 3808 WPDBusEnum - ok
13:31:45.0659 3808 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
13:31:45.0659 3808 WpdUsb - ok
13:31:45.0706 3808 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:31:45.0706 3808 ws2ifsl - ok
13:31:45.0737 3808 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
13:31:45.0737 3808 wscsvc - ok
13:31:45.0753 3808 WSearch - ok
13:31:45.0893 3808 wuauserv (d79538b67fa641e986855def651e78fe) C:\Windows\system32\wuaueng.dll
13:31:45.0925 3808 wuauserv - ok
13:31:46.0096 3808 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:31:46.0096 3808 WUDFRd - ok
13:31:46.0143 3808 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:31:46.0159 3808 wudfsvc - ok
13:31:46.0190 3808 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:31:46.0721 3808 \Device\Harddisk0\DR0 - ok
13:31:46.0721 3808 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR2
13:31:47.0628 3808 \Device\Harddisk1\DR2 - ok
13:31:47.0628 3808 Boot (0x1200) (4d8a967b4c33665580c9e7781e59a8e7) \Device\Harddisk0\DR0\Partition0
13:31:47.0643 3808 \Device\Harddisk0\DR0\Partition0 - ok
13:31:47.0706 3808 Boot (0x1200) (0e83ac762c6c4c8f967a669881cc19e3) \Device\Harddisk0\DR0\Partition1
13:31:47.0706 3808 \Device\Harddisk0\DR0\Partition1 - ok
13:31:47.0706 3808 Boot (0x1200) (ceb1a6fc88cf91ad6de9739bc3198ea6) \Device\Harddisk1\DR2\Partition0
13:31:47.0721 3808 \Device\Harddisk1\DR2\Partition0 - ok
13:31:47.0721 3808 ============================================================
13:31:47.0721 3808 Scan finished
13:31:47.0721 3808 ============================================================
13:31:47.0753 1436 Detected object count: 0
13:31:47.0753 1436 Actual detected object count: 0
13:31:59.0221 2932 Deinitialize success
|
|
30.05.2012, 12:45
| #8 |
| /// Malwareteam | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter FOLDER::
c:\users\***\AppData\Roaming\Qafiic
c:\users\***\AppData\Roaming\Ablum
c:\users\***\AppData\Roaming\Ibqoz
Wichtig:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
30.05.2012, 13:17
| #9 |
| | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Anbei der Log von Combofix: Code:
ATTFilter Combofix Logfile: Gruss Christian Ergänzung: ich sehe gerade, dass ich nach dem letzten Neustart, der durch Combofix durchgeführt wurde, Malwarebytes Anti-Malware nicht deaktiviert habe...  |
|
30.05.2012, 13:35
| #10 | |
| /// Malwareteam | Trojaner: TAN-Abfrage beim Targobank-OnlinebankingZitat:
 Nochmal von vorn, den letzten Schritt!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
30.05.2012, 13:39
| #11 |
| | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Das hatte ich (meine ich zumindest) gemacht, aber dann im Log wieder unkenntlich gemacht. Aber ist ja auch wurscht, ich mach ja schon...  Jetzt aber: Code:
ATTFilter Combofix Logfile: |
|
30.05.2012, 14:21
| #12 |
| /// Malwareteam | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Sieht ganz gut aus - kontrollieren wir alles nochmal!  Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
30.05.2012, 19:50
| #13 |
| | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Hallo Marius, hier die 2 Logs. MBAM Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.30.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 *** :: ***-PC [Administrator] Schutz: Deaktiviert 30.05.2012 16:20:58 mbam-log-2012-05-30 (16-20-58).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 270016 Laufzeit: 30 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESAT Code:
ATTFilter C:\Program Files\JDownloader\tools\reconnect\phael curl reconnect\curl_router_reconnect.exe probably a variant of Win32/Agent.LMCXWHR trojan
C:\Qoobox\Quarantine\[4]-Submit_2012-05-30_12.59.46.zip a variant of Win32/Kryptik.AFZX trojan
|
|
31.05.2012, 07:04
| #14 | |
| /// Malwareteam | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking Schritt 1: VT Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
31.05.2012, 07:18
| #15 |
| | Trojaner: TAN-Abfrage beim Targobank-Onlinebanking hier der Link: https://www.virustotal.com/file/17592e1c52f1a65b5d8611f2fb985bf76d8817ddab324fff793bf9d7510494d1/analysis/1338444917/ Gruß Christian |
|
| Themen zu Trojaner: TAN-Abfrage beim Targobank-Onlinebanking |
| .com, administrator, avira, bho, continue, converter, corp./icp, dateisystem, defender, download, ebanking, einloggen, entfernen, excel, explorer, firefox, format, heuristiks/extra, heuristiks/shuriken, home, intranet, logfile, mozilla, mp3, nvidia, nvstor.sys, pdf, plug-in, programme, pup.tool, realtek, registry, searchscopes, software, trojaner, version=1.0, vista |
Linear-Darstellung
