|
Plagegeister aller Art und deren Bekämpfung: 6 Trojaner (adware.gen)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.09.2012, 10:21 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 6 Trojaner (adware.gen) Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
01.09.2012, 13:42 | #17 |
| 6 Trojaner (adware.gen)Code:
ATTFilter OTL logfile created on: 01.09.2012 14:16:27 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Björn\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 76,50% Memory free 6,50 Gb Paging File | 5,54 Gb Available in Paging File | 85,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 329,87 Gb Free Space | 70,84% Space Free | Partition Type: NTFS Computer Name: BJÖRN-PC | User Name: Björn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Björn\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () PRC - C:\Programme\Motorola\MotoConnectService\MotoConnect.exe (Motorola) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\PixArt\i-Look110\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3566.37220__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3566.37219__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3566.37218__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Runtime\2.0.3566.37218__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Runtime\2.0.3566.37220__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Runtime\2.0.3566.37219__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3566.37218__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3566.37219__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3566.37214__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3566.37220__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3566.37232__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3566.37228__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3566.37153__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3566.37212__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3566.37127__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3566.37201__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3566.37175__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3566.37105__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3566.37166__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3566.37221__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3566.37126__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3566.37126__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3566.37214__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3566.37166__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3566.37152__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3566.37158__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3566.37211__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3566.37180__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3566.37114__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3566.37165__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3566.37160__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3566.37202__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3566.37120__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3566.37158__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3566.37131__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3566.37215__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3566.37150__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3566.37114__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3566.37214__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3566.37213__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3566.37217__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3566.37213__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3566.37151__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3566.37147__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3531.24451__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3531.24414__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3531.24511__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3531.24556__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3531.24504__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3566.37151__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3531.24510__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3531.24538__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3566.37152__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3531.24410__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3566.37159__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3531.24412__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3531.24636__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3531.24499__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3531.24442__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3531.24506__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3531.24449__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3531.24426__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3531.24472__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3531.24440__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3531.24439__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3531.24466__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3531.24494__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3531.24455__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3531.24460__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3531.24478__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3531.24559__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3531.24552__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3531.24471__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3531.24549__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3566.37226__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3566.37195__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3566.37193__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3531.24503__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3531.24502__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3566.37206__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3531.24420__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3531.24509__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3531.24429__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3531.24476__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3531.24495__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3531.24467__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3531.24435__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3531.24459__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3531.24469__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3531.24441__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3566.37102__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3566.37110__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3566.37189__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3566.37119__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3566.37102__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3566.37100__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3566.37104__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3531.24457__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3566.37101__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3531.24445__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3531.24462__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3531.24463__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3531.24513__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3566.37195__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (MotoConnect Service) -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software) DRV - (fwlanusb4) -- C:\Windows\System32\drivers\fwlanusb4.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4010188098-783432063-3901806868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4010188098-783432063-3901806868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4010188098-783432063-3901806868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4010188098-783432063-3901806868-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F A4 D6 82 82 E9 CA 01 [binary data] IE - HKU\S-1-5-21-4010188098-783432063-3901806868-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4010188098-783432063-3901806868-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4010188098-783432063-3901806868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.19 17:52:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.19 17:52:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.18 23:55:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.05 10:23:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.06.05 10:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Extensions File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\KRNBS6IZ.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [mumservice] C:\Programme\Motorola\Software Update\mumservice.exe (Motorola) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\i-Look110\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-4010188098-783432063-3901806868-1000..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-4010188098-783432063-3901806868-1000..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4010188098-783432063-3901806868-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.65 217.0.43.81 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58C880EA-27C1-4CA1-B9B6-0F3B2FABA8FA}: DhcpNameServer = 217.0.43.65 217.0.43.81 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBADC491-D207-4AE4-ABCB-8FCAA8637465}: DhcpNameServer = 217.0.43.65 217.0.43.81 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\Shell - "" = AutoRun O33 - MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\Shell\directx\command - "" = E:\DirectX9\dxsetup.exe O33 - MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\Shell\setup\command - "" = E:\setup.exe O33 - MountPoints2\{aaa06ae2-eba0-11e1-9d47-90e6bacd1f0c}\Shell - "" = AutoRun O33 - MountPoints2\{aaa06ae2-eba0-11e1-9d47-90e6bacd1f0c}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.21 17:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN [2012.08.21 17:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\avmwlanstick [2012.08.21 17:00:02 | 000,926,080 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusb4.sys [2012.08.21 17:00:02 | 000,078,336 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwlan4ci.dll [2012.08.21 17:00:02 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys [2012.08.21 17:00:02 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver [2012.08.21 16:59:55 | 000,000,000 | ---D | C] -- C:\Users\Björn\AVM_Driver [2012.08.21 15:46:54 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Bilder [2010.03.07 19:04:43 | 814,143,398 | ---- | C] (GOA ) -- C:\Users\Björn\loleusetup.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Björn\AppData\Roaming\*.tmp files -> C:\Users\Björn\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.01 14:14:00 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe [2012.09.01 13:49:12 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.01 13:49:12 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.01 13:47:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.01 13:41:41 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.01 13:41:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.01 13:41:31 | 2616,594,432 | -HS- | M] () -- C:\hiberfil.sys [2012.08.31 17:41:25 | 000,511,265 | ---- | M] () -- C:\Users\Björn\Desktop\adwcleaner.exe [2012.08.31 16:27:11 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.31 16:27:11 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.31 16:27:11 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.31 16:27:11 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.31 11:23:02 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.08.30 11:24:50 | 001,314,395 | ---- | M] () -- C:\Users\Björn\Desktop\FB1_ab2011.pdf [2012.08.30 02:15:14 | 001,024,111 | ---- | M] () -- C:\Users\Björn\Desktop\Anl1_zu_FB1_ab2011.pdf [2012.08.29 13:20:11 | 000,158,290 | ---- | M] () -- C:\Users\Björn\Desktop\Vorblatt_ab2011.pdf [2012.08.19 22:30:13 | 000,236,409 | ---- | M] () -- C:\Users\Björn\Desktop\photo.jpg [2012.08.17 07:05:47 | 000,324,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Björn\AppData\Roaming\*.tmp files -> C:\Users\Björn\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.29 13:20:30 | 001,024,111 | ---- | C] () -- C:\Users\Björn\Desktop\Anl1_zu_FB1_ab2011.pdf [2012.08.29 13:20:22 | 001,314,395 | ---- | C] () -- C:\Users\Björn\Desktop\FB1_ab2011.pdf [2012.08.29 13:20:05 | 000,158,290 | ---- | C] () -- C:\Users\Björn\Desktop\Vorblatt_ab2011.pdf [2012.08.21 17:00:08 | 000,013,202 | ---- | C] () -- C:\Windows\instwcli.inf [2012.08.21 17:00:02 | 000,049,792 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusb4.bin [2012.08.19 22:30:12 | 000,236,409 | ---- | C] () -- C:\Users\Björn\Desktop\photo.jpg [2012.07.21 14:09:14 | 000,000,186 | ---- | C] () -- C:\Users\Björn\defogger_reenable [2011.07.20 21:22:12 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.07.20 21:22:12 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.02.06 23:07:35 | 000,003,584 | ---- | C] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.31 14:29:10 | 000,000,525 | ---- | C] () -- C:\Windows\eReg.dat [2010.12.10 17:46:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.12.10 17:46:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.08.12 01:40:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.13 22:51:51 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2010.04.08 16:52:43 | 000,138,056 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\PnkBstrK.sys [2010.01.30 23:21:42 | 008,890,496 | ---- | C] () -- C:\Users\Björn\Black Messiah - Feld der Ehre.mp3 [2010.01.20 17:00:12 | 000,007,607 | ---- | C] () -- C:\Users\Björn\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2012.07.03 01:22:49 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Amazon [2012.03.12 10:19:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Baecno [2010.07.02 13:22:43 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DAEMON Tools Pro [2010.07.13 22:51:00 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Degener [2011.08.04 00:56:49 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoft [2011.08.04 00:56:41 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.16 20:57:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\EPSON [2011.09.10 00:25:48 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\go [2012.03.18 18:54:18 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Iltoid [2011.06.10 12:59:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\kock [2010.07.30 21:26:36 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\LolClient [2010.03.31 12:43:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2011.01.22 01:50:55 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\MP3Rocket [2010.01.19 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\OpenOffice.org [2010.01.19 20:02:05 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Opera [2010.12.10 17:46:41 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Samsung [2010.01.21 15:49:39 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\SanDisk [2012.06.05 10:23:43 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Thunderbird [2011.06.13 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\UAs [2011.06.13 18:56:26 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\xmldm [2012.07.12 22:56:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.03.30 23:36:56 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Adobe [2012.07.03 01:22:49 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Amazon [2012.01.23 20:59:57 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Apple Computer [2010.01.19 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\ATI [2012.01.09 11:21:41 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Avira [2012.03.12 10:19:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Baecno [2010.07.02 13:22:43 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DAEMON Tools Pro [2010.07.13 22:51:00 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Degener [2011.07.20 21:29:30 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DivX [2011.08.04 00:56:49 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoft [2011.08.04 00:56:41 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.16 20:57:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\EPSON [2011.09.10 00:25:48 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\go [2010.03.14 18:01:19 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Google [2010.01.19 19:44:33 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Identities [2012.03.18 18:54:18 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Iltoid [2010.04.29 22:10:32 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\InstallShield [2011.06.10 12:59:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\kock [2010.07.30 21:26:36 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\LolClient [2010.03.31 12:43:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010.01.19 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Macromedia [2012.07.25 18:30:01 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Media Center Programs [2011.10.17 15:51:35 | 000,000,000 | --SD | M] -- C:\Users\Björn\AppData\Roaming\Microsoft [2012.06.05 10:23:43 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Mozilla [2011.01.22 01:50:55 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\MP3Rocket [2010.01.19 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\OpenOffice.org [2010.01.19 20:02:05 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Opera [2011.10.28 16:54:08 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Real [2010.12.10 17:46:41 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Samsung [2010.01.21 15:49:39 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\SanDisk [2010.01.19 23:39:04 | 000,000,000 | RH-D | M] -- C:\Users\Björn\AppData\Roaming\SecuROM [2011.09.10 01:25:10 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Skype [2011.06.02 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\skypePM [2012.06.05 10:23:43 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Thunderbird [2011.06.13 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\UAs [2010.01.20 22:20:18 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\WinRAR [2011.06.13 18:56:26 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\xmldm < %APPDATA%\*.exe /s > [2010.07.30 16:26:26 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Björn\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.01.19 21:36:49 | 000,010,134 | R--- | M] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Installer\{D4720B7D-5C0D-74E6-7F36-DC7253B20E43}\ARPPRODUCTICON.exe [2012.07.13 16:11:49 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Björn\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe [2010.12.10 18:00:14 | 000,069,632 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe [2010.12.10 18:31:53 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Users\Björn\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe [2010.01.21 15:49:57 | 000,354,744 | ---- | M] (SanDisk Corporation) -- C:\Users\Björn\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.10.07 04:29:14 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll < > < End of report > |
01.09.2012, 13:56 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 6 Trojaner (adware.gen) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL FF - user.js - File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [NPSStartup] File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\Shell - "" = AutoRun O33 - MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\Shell\directx\command - "" = E:\DirectX9\dxsetup.exe O33 - MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\Shell\setup\command - "" = E:\setup.exe O33 - MountPoints2\{aaa06ae2-eba0-11e1-9d47-90e6bacd1f0c}\Shell - "" = AutoRun O33 - MountPoints2\{aaa06ae2-eba0-11e1-9d47-90e6bacd1f0c}\Shell\AutoRun\command - "" = E:\pushinst.exe :Files C:\Users\Björn\AppData\Roaming\kock C:\Users\Björn\AppData\Roaming\UAs C:\Users\Björn\AppData\Roaming\xmldm ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
03.09.2012, 12:02 | #19 |
| 6 Trojaner (adware.gen)Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\ not found. File E:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\ not found. File E:\DirectX9\dxsetup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f5d2adc-85cb-11df-b141-90e6bacd1f0c}\ not found. File E:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaa06ae2-eba0-11e1-9d47-90e6bacd1f0c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aaa06ae2-eba0-11e1-9d47-90e6bacd1f0c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaa06ae2-eba0-11e1-9d47-90e6bacd1f0c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aaa06ae2-eba0-11e1-9d47-90e6bacd1f0c}\ not found. File E:\pushinst.exe not found. ========== FILES ========== C:\Users\Björn\AppData\Roaming\kock folder moved successfully. C:\Users\Björn\AppData\Roaming\UAs folder moved successfully. C:\Users\Björn\AppData\Roaming\xmldm folder moved successfully. < ipconfig /flushdns /c > No captured output from command... C:\Users\Björn\Desktop\cmd.bat deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Björn ->Temp folder emptied: 3147137887 bytes ->Temporary Internet Files folder emptied: 775513048 bytes ->Java cache emptied: 30073846 bytes ->Opera cache emptied: 73749149 bytes ->Flash cache emptied: 573579 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 313027215 bytes RecycleBin emptied: 19630587135 bytes Total Files Cleaned = 22.860,00 mb [EMPTYFLASH] User: All Users User: Björn ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.59.1 log created on 09032012_125528 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
03.09.2012, 20:14 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 6 Trojaner (adware.gen) Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
21.09.2012, 00:05 | #21 |
| 6 Trojaner (adware.gen)Code:
ATTFilter 01:03:27.0913 5424 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 01:03:28.0053 5424 ============================================================ 01:03:28.0053 5424 Current date / time: 2012/09/21 01:03:28.0053 01:03:28.0053 5424 SystemInfo: 01:03:28.0053 5424 01:03:28.0053 5424 OS Version: 6.1.7600 ServicePack: 0.0 01:03:28.0053 5424 Product type: Workstation 01:03:28.0053 5424 ComputerName: BJÖRN-PC 01:03:28.0053 5424 UserName: Björn 01:03:28.0053 5424 Windows directory: C:\Windows 01:03:28.0053 5424 System windows directory: C:\Windows 01:03:28.0053 5424 Processor architecture: Intel x86 01:03:28.0053 5424 Number of processors: 4 01:03:28.0053 5424 Page size: 0x1000 01:03:28.0053 5424 Boot type: Normal boot 01:03:28.0053 5424 ============================================================ 01:03:29.0543 5424 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 01:03:29.0543 5424 ============================================================ 01:03:29.0543 5424 \Device\Harddisk0\DR0: 01:03:29.0543 5424 MBR partitions: 01:03:29.0543 5424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 01:03:29.0543 5424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000 01:03:29.0543 5424 ============================================================ 01:03:29.0573 5424 C: <-> \Device\Harddisk0\DR0\Partition2 01:03:29.0573 5424 ============================================================ 01:03:29.0573 5424 Initialize success 01:03:29.0573 5424 ============================================================ 01:04:11.0393 0324 ============================================================ 01:04:11.0393 0324 Scan started 01:04:11.0393 0324 Mode: Manual; SigCheck; TDLFS; 01:04:11.0393 0324 ============================================================ 01:04:12.0853 0324 ================ Scan services ============================= 01:04:13.0003 0324 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 01:04:13.0243 0324 1394ohci - ok 01:04:13.0253 0324 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 01:04:13.0273 0324 ACPI - ok 01:04:13.0283 0324 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 01:04:13.0353 0324 AcpiPmi - ok 01:04:13.0453 0324 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 01:04:13.0483 0324 AdobeFlashPlayerUpdateSvc - ok 01:04:13.0523 0324 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 01:04:13.0553 0324 adp94xx - ok 01:04:13.0563 0324 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 01:04:13.0583 0324 adpahci - ok 01:04:13.0593 0324 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 01:04:13.0603 0324 adpu320 - ok 01:04:13.0633 0324 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 01:04:13.0723 0324 AeLookupSvc - ok 01:04:13.0773 0324 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys 01:04:13.0843 0324 AFD - ok 01:04:13.0853 0324 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 01:04:13.0873 0324 agp440 - ok 01:04:13.0893 0324 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 01:04:13.0903 0324 aic78xx - ok 01:04:13.0933 0324 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 01:04:14.0003 0324 ALG - ok 01:04:14.0023 0324 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 01:04:14.0053 0324 aliide - ok 01:04:14.0083 0324 [ 0472DE1B29EA5379A116CA168BFE7960 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 01:04:14.0153 0324 AMD External Events Utility - ok 01:04:14.0173 0324 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys 01:04:14.0183 0324 amdagp - ok 01:04:14.0193 0324 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys 01:04:14.0213 0324 amdide - ok 01:04:14.0223 0324 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 01:04:14.0243 0324 AmdK8 - ok 01:04:14.0273 0324 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 01:04:14.0313 0324 AmdPPM - ok 01:04:14.0333 0324 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys 01:04:14.0343 0324 amdsata - ok 01:04:14.0383 0324 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 01:04:14.0413 0324 amdsbs - ok 01:04:14.0453 0324 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys 01:04:14.0473 0324 amdxata - ok 01:04:14.0593 0324 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 01:04:14.0623 0324 AntiVirSchedulerService - ok 01:04:14.0663 0324 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 01:04:14.0673 0324 AntiVirService - ok 01:04:14.0683 0324 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys 01:04:14.0743 0324 AppID - ok 01:04:14.0803 0324 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 01:04:14.0923 0324 AppIDSvc - ok 01:04:14.0943 0324 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll 01:04:15.0013 0324 Appinfo - ok 01:04:15.0043 0324 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 01:04:15.0073 0324 arc - ok 01:04:15.0113 0324 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 01:04:15.0123 0324 arcsas - ok 01:04:15.0133 0324 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 01:04:15.0263 0324 AsyncMac - ok 01:04:15.0303 0324 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys 01:04:15.0313 0324 atapi - ok 01:04:15.0363 0324 [ 40A07E6916AC098E31A9E39AC202B8A1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 01:04:15.0373 0324 AtiHdmiService - ok 01:04:15.0503 0324 [ 25C5180540F76F4ABBBD46A201216EDC ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 01:04:15.0673 0324 atikmdag - ok 01:04:15.0723 0324 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 01:04:15.0773 0324 AudioEndpointBuilder - ok 01:04:15.0783 0324 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll 01:04:15.0803 0324 Audiosrv - ok 01:04:15.0853 0324 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 01:04:15.0883 0324 avgntflt - ok 01:04:15.0923 0324 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 01:04:15.0943 0324 avipbb - ok 01:04:16.0023 0324 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 01:04:16.0053 0324 avkmgr - ok 01:04:16.0153 0324 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe 01:04:16.0183 0324 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning 01:04:16.0183 0324 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1) 01:04:16.0233 0324 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\Windows\system32\drivers\avmeject.sys 01:04:16.0253 0324 avmeject ( UnsignedFile.Multi.Generic ) - warning 01:04:16.0253 0324 avmeject - detected UnsignedFile.Multi.Generic (1) 01:04:16.0283 0324 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll 01:04:16.0363 0324 AxInstSV - ok 01:04:16.0413 0324 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 01:04:16.0513 0324 b06bdrv - ok 01:04:16.0543 0324 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 01:04:16.0553 0324 b57nd60x - ok 01:04:16.0583 0324 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 01:04:16.0643 0324 BDESVC - ok 01:04:16.0673 0324 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 01:04:16.0703 0324 Beep - ok 01:04:16.0733 0324 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll 01:04:16.0773 0324 BFE - ok 01:04:16.0803 0324 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll 01:04:16.0873 0324 BITS - ok 01:04:16.0903 0324 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 01:04:16.0933 0324 blbdrive - ok 01:04:16.0963 0324 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 01:04:17.0003 0324 bowser - ok 01:04:17.0013 0324 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 01:04:17.0063 0324 BrFiltLo - ok 01:04:17.0083 0324 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 01:04:17.0133 0324 BrFiltUp - ok 01:04:17.0173 0324 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll 01:04:17.0263 0324 Browser - ok 01:04:17.0293 0324 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 01:04:17.0413 0324 Brserid - ok 01:04:17.0423 0324 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 01:04:17.0453 0324 BrSerWdm - ok 01:04:17.0473 0324 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 01:04:17.0513 0324 BrUsbMdm - ok 01:04:17.0533 0324 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 01:04:17.0623 0324 BrUsbSer - ok 01:04:17.0653 0324 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 01:04:17.0673 0324 BTHMODEM - ok 01:04:17.0713 0324 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 01:04:17.0783 0324 bthserv - ok 01:04:17.0813 0324 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 01:04:17.0843 0324 cdfs - ok 01:04:17.0873 0324 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 01:04:17.0913 0324 cdrom - ok 01:04:17.0943 0324 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll 01:04:17.0993 0324 CertPropSvc - ok 01:04:18.0003 0324 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 01:04:18.0023 0324 circlass - ok 01:04:18.0043 0324 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 01:04:18.0063 0324 CLFS - ok 01:04:18.0143 0324 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 01:04:18.0163 0324 clr_optimization_v2.0.50727_32 - ok 01:04:18.0173 0324 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 01:04:18.0183 0324 CmBatt - ok 01:04:18.0193 0324 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 01:04:18.0203 0324 cmdide - ok 01:04:18.0253 0324 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys 01:04:18.0293 0324 CNG - ok 01:04:18.0313 0324 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 01:04:18.0323 0324 Compbatt - ok 01:04:18.0343 0324 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 01:04:18.0393 0324 CompositeBus - ok 01:04:18.0413 0324 COMSysApp - ok 01:04:18.0463 0324 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 01:04:18.0483 0324 crcdisk - ok 01:04:18.0553 0324 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll 01:04:18.0613 0324 CryptSvc - ok 01:04:18.0673 0324 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll 01:04:18.0733 0324 DcomLaunch - ok 01:04:18.0773 0324 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 01:04:18.0823 0324 defragsvc - ok 01:04:18.0863 0324 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 01:04:18.0953 0324 DfsC - ok 01:04:18.0963 0324 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll 01:04:19.0033 0324 Dhcp - ok 01:04:19.0063 0324 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 01:04:19.0123 0324 discache - ok 01:04:19.0173 0324 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 01:04:19.0183 0324 Disk - ok 01:04:19.0223 0324 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll 01:04:19.0283 0324 Dnscache - ok 01:04:19.0313 0324 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll 01:04:19.0353 0324 dot3svc - ok 01:04:19.0373 0324 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll 01:04:19.0433 0324 DPS - ok 01:04:19.0473 0324 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 01:04:19.0523 0324 drmkaud - ok 01:04:19.0583 0324 [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 01:04:19.0613 0324 DXGKrnl - ok 01:04:19.0633 0324 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 01:04:19.0643 0324 EapHost - ok 01:04:19.0743 0324 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 01:04:19.0853 0324 ebdrv - ok 01:04:19.0893 0324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe 01:04:19.0983 0324 EFS - ok 01:04:20.0043 0324 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe 01:04:20.0153 0324 ehRecvr - ok 01:04:20.0173 0324 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 01:04:20.0223 0324 ehSched - ok 01:04:20.0273 0324 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 01:04:20.0303 0324 elxstor - ok 01:04:20.0313 0324 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 01:04:20.0343 0324 ErrDev - ok 01:04:20.0393 0324 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 01:04:20.0443 0324 EventSystem - ok 01:04:20.0463 0324 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 01:04:20.0503 0324 exfat - ok 01:04:20.0523 0324 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 01:04:20.0553 0324 fastfat - ok 01:04:20.0573 0324 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe 01:04:20.0623 0324 Fax - ok 01:04:20.0633 0324 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 01:04:20.0663 0324 fdc - ok 01:04:20.0683 0324 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 01:04:20.0743 0324 fdPHost - ok 01:04:20.0763 0324 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 01:04:20.0803 0324 FDResPub - ok 01:04:20.0823 0324 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 01:04:20.0833 0324 FileInfo - ok 01:04:20.0843 0324 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 01:04:20.0863 0324 Filetrace - ok 01:04:20.0883 0324 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 01:04:20.0903 0324 flpydisk - ok 01:04:20.0923 0324 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 01:04:20.0933 0324 FltMgr - ok 01:04:20.0973 0324 [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache C:\Windows\system32\FntCache.dll 01:04:21.0063 0324 FontCache - ok 01:04:21.0123 0324 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 01:04:21.0153 0324 FontCache3.0.0.0 - ok 01:04:21.0163 0324 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 01:04:21.0173 0324 FsDepends - ok 01:04:21.0213 0324 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS 01:04:21.0233 0324 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 01:04:21.0233 0324 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 01:04:21.0323 0324 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe 01:04:21.0353 0324 FsUsbExService - ok 01:04:21.0403 0324 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 01:04:21.0423 0324 Fs_Rec - ok 01:04:21.0453 0324 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 01:04:21.0493 0324 fvevol - ok 01:04:21.0533 0324 [ 7AD4C281CB1661086B05E087230D4B76 ] fwlanusb4 C:\Windows\system32\DRIVERS\fwlanusb4.sys 01:04:21.0643 0324 fwlanusb4 - ok 01:04:21.0673 0324 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 01:04:21.0683 0324 gagp30kx - ok 01:04:21.0743 0324 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys 01:04:21.0773 0324 giveio ( UnsignedFile.Multi.Generic ) - warning 01:04:21.0773 0324 giveio - detected UnsignedFile.Multi.Generic (1) 01:04:21.0813 0324 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll 01:04:21.0873 0324 gpsvc - ok 01:04:21.0963 0324 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 01:04:21.0993 0324 gupdate - ok 01:04:22.0023 0324 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 01:04:22.0033 0324 gupdatem - ok 01:04:22.0103 0324 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 01:04:22.0113 0324 gusvc - ok 01:04:22.0133 0324 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 01:04:22.0223 0324 hcw85cir - ok 01:04:22.0253 0324 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 01:04:22.0283 0324 HdAudAddService - ok 01:04:22.0313 0324 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 01:04:22.0363 0324 HDAudBus - ok 01:04:22.0383 0324 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 01:04:22.0413 0324 HidBatt - ok 01:04:22.0433 0324 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 01:04:22.0463 0324 HidBth - ok 01:04:22.0483 0324 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 01:04:22.0533 0324 HidIr - ok 01:04:22.0563 0324 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 01:04:22.0613 0324 hidserv - ok 01:04:22.0633 0324 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 01:04:22.0643 0324 HidUsb - ok 01:04:22.0653 0324 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll 01:04:22.0703 0324 hkmsvc - ok 01:04:22.0713 0324 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 01:04:22.0773 0324 HomeGroupListener - ok 01:04:22.0793 0324 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 01:04:22.0813 0324 HomeGroupProvider - ok 01:04:22.0853 0324 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 01:04:22.0883 0324 HpSAMD - ok 01:04:22.0933 0324 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys 01:04:23.0003 0324 HTTP - ok 01:04:23.0013 0324 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 01:04:23.0033 0324 hwpolicy - ok 01:04:23.0043 0324 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 01:04:23.0073 0324 i8042prt - ok 01:04:23.0093 0324 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys 01:04:23.0103 0324 iaStorV - ok 01:04:23.0203 0324 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 01:04:23.0233 0324 IDriverT ( UnsignedFile.Multi.Generic ) - warning 01:04:23.0233 0324 IDriverT - detected UnsignedFile.Multi.Generic (1) 01:04:23.0293 0324 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 01:04:23.0333 0324 idsvc - ok 01:04:23.0343 0324 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 01:04:23.0363 0324 iirsp - ok 01:04:23.0403 0324 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll 01:04:23.0453 0324 IKEEXT - ok 01:04:23.0463 0324 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys 01:04:23.0483 0324 intelide - ok 01:04:23.0493 0324 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 01:04:23.0503 0324 intelppm - ok 01:04:23.0523 0324 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 01:04:23.0573 0324 IPBusEnum - ok 01:04:23.0593 0324 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 01:04:23.0633 0324 IpFilterDriver - ok 01:04:23.0663 0324 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 01:04:23.0693 0324 iphlpsvc - ok 01:04:23.0723 0324 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 01:04:23.0723 0324 IPMIDRV - ok 01:04:23.0733 0324 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 01:04:23.0743 0324 IPNAT - ok 01:04:23.0763 0324 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 01:04:23.0773 0324 IRENUM - ok 01:04:23.0783 0324 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 01:04:23.0793 0324 isapnp - ok 01:04:23.0813 0324 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 01:04:23.0823 0324 iScsiPrt - ok 01:04:23.0843 0324 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 01:04:23.0853 0324 kbdclass - ok 01:04:23.0893 0324 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 01:04:23.0923 0324 kbdhid - ok 01:04:23.0933 0324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe 01:04:23.0953 0324 KeyIso - ok 01:04:24.0003 0324 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 01:04:24.0033 0324 KSecDD - ok 01:04:24.0053 0324 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 01:04:24.0063 0324 KSecPkg - ok 01:04:24.0103 0324 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 01:04:24.0153 0324 KtmRm - ok 01:04:24.0193 0324 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll 01:04:24.0273 0324 LanmanServer - ok 01:04:24.0293 0324 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 01:04:24.0323 0324 LanmanWorkstation - ok 01:04:24.0353 0324 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 01:04:24.0423 0324 lltdio - ok 01:04:24.0473 0324 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 01:04:24.0523 0324 lltdsvc - ok 01:04:24.0543 0324 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 01:04:24.0583 0324 lmhosts - ok 01:04:24.0623 0324 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 01:04:24.0633 0324 LSI_FC - ok 01:04:24.0633 0324 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 01:04:24.0643 0324 LSI_SAS - ok 01:04:24.0663 0324 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 01:04:24.0673 0324 LSI_SAS2 - ok 01:04:24.0683 0324 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 01:04:24.0703 0324 LSI_SCSI - ok 01:04:24.0713 0324 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 01:04:24.0743 0324 luafv - ok 01:04:24.0763 0324 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 01:04:24.0783 0324 Mcx2Svc - ok 01:04:24.0793 0324 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 01:04:24.0803 0324 megasas - ok 01:04:24.0813 0324 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 01:04:24.0833 0324 MegaSR - ok 01:04:24.0863 0324 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 01:04:24.0903 0324 MMCSS - ok 01:04:24.0923 0324 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 01:04:24.0983 0324 Modem - ok 01:04:24.0993 0324 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 01:04:25.0013 0324 monitor - ok 01:04:25.0073 0324 [ C741717B0A18813DD7D12085937CEE72 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys 01:04:25.0133 0324 motccgp - ok 01:04:25.0183 0324 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys 01:04:25.0223 0324 motccgpfl - ok 01:04:25.0243 0324 [ E190ED75BCC7928143F8F2AF4C34D91D ] MotDev C:\Windows\system32\DRIVERS\motodrv.sys 01:04:25.0293 0324 MotDev - ok 01:04:25.0333 0324 [ 54FEE02961C70FD9D4D7E2F87AFA23FA ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys 01:04:25.0403 0324 motmodem - ok 01:04:25.0493 0324 [ FFE58A28DE8EE9A1B0752A4A011F404A ] MotoConnect Service C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe 01:04:25.0513 0324 MotoConnect Service - ok 01:04:25.0543 0324 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 01:04:25.0553 0324 mouclass - ok 01:04:25.0593 0324 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 01:04:25.0633 0324 mouhid - ok 01:04:25.0663 0324 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 01:04:25.0693 0324 mountmgr - ok 01:04:25.0713 0324 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys 01:04:25.0723 0324 mpio - ok 01:04:25.0743 0324 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 01:04:25.0793 0324 mpsdrv - ok 01:04:25.0833 0324 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll 01:04:25.0883 0324 MpsSvc - ok 01:04:25.0913 0324 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 01:04:25.0943 0324 MRxDAV - ok 01:04:26.0003 0324 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 01:04:26.0063 0324 mrxsmb - ok 01:04:26.0113 0324 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 01:04:26.0143 0324 mrxsmb10 - ok 01:04:26.0153 0324 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 01:04:26.0163 0324 mrxsmb20 - ok 01:04:26.0173 0324 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 01:04:26.0183 0324 msahci - ok 01:04:26.0213 0324 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 01:04:26.0223 0324 msdsm - ok 01:04:26.0243 0324 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 01:04:26.0273 0324 MSDTC - ok 01:04:26.0293 0324 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 01:04:26.0313 0324 Msfs - ok 01:04:26.0323 0324 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 01:04:26.0343 0324 mshidkmdf - ok 01:04:26.0343 0324 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 01:04:26.0353 0324 msisadrv - ok 01:04:26.0393 0324 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 01:04:26.0443 0324 MSiSCSI - ok 01:04:26.0453 0324 msiserver - ok 01:04:26.0483 0324 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 01:04:26.0543 0324 MSKSSRV - ok 01:04:26.0573 0324 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 01:04:26.0633 0324 MSPCLOCK - ok 01:04:26.0643 0324 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 01:04:26.0683 0324 MSPQM - ok 01:04:26.0703 0324 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 01:04:26.0713 0324 MsRPC - ok 01:04:26.0723 0324 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 01:04:26.0733 0324 mssmbios - ok 01:04:26.0753 0324 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 01:04:26.0763 0324 MSTEE - ok 01:04:26.0773 0324 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 01:04:26.0783 0324 MTConfig - ok 01:04:26.0833 0324 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 01:04:26.0893 0324 MTsensor - ok 01:04:26.0913 0324 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 01:04:26.0933 0324 Mup - ok 01:04:26.0963 0324 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll 01:04:27.0013 0324 napagent - ok 01:04:27.0043 0324 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 01:04:27.0073 0324 NativeWifiP - ok 01:04:27.0103 0324 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys 01:04:27.0133 0324 NDIS - ok 01:04:27.0153 0324 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 01:04:27.0163 0324 NdisCap - ok 01:04:27.0183 0324 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 01:04:27.0203 0324 NdisTapi - ok 01:04:27.0233 0324 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 01:04:27.0253 0324 Ndisuio - ok 01:04:27.0263 0324 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 01:04:27.0283 0324 NdisWan - ok 01:04:27.0303 0324 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 01:04:27.0333 0324 NDProxy - ok 01:04:27.0343 0324 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 01:04:27.0373 0324 NetBIOS - ok 01:04:27.0393 0324 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 01:04:27.0413 0324 NetBT - ok 01:04:27.0413 0324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe 01:04:27.0423 0324 Netlogon - ok 01:04:27.0473 0324 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 01:04:27.0553 0324 Netman - ok 01:04:27.0583 0324 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 01:04:27.0613 0324 netprofm - ok 01:04:27.0633 0324 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 01:04:27.0643 0324 NetTcpPortSharing - ok 01:04:27.0673 0324 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 01:04:27.0673 0324 nfrd960 - ok 01:04:27.0693 0324 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll 01:04:27.0733 0324 NlaSvc - ok 01:04:27.0753 0324 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 01:04:27.0773 0324 Npfs - ok 01:04:27.0783 0324 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 01:04:27.0803 0324 nsi - ok 01:04:27.0813 0324 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 01:04:27.0843 0324 nsiproxy - ok 01:04:27.0893 0324 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 01:04:27.0953 0324 Ntfs - ok 01:04:27.0973 0324 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 01:04:28.0003 0324 Null - ok 01:04:28.0043 0324 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys 01:04:28.0053 0324 nvraid - ok 01:04:28.0073 0324 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys 01:04:28.0083 0324 nvstor - ok 01:04:28.0113 0324 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 01:04:28.0123 0324 nv_agp - ok 01:04:28.0213 0324 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 01:04:28.0243 0324 odserv - ok 01:04:28.0273 0324 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 01:04:28.0303 0324 ohci1394 - ok 01:04:28.0393 0324 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 01:04:28.0423 0324 ose - ok 01:04:28.0443 0324 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 01:04:28.0523 0324 p2pimsvc - ok 01:04:28.0543 0324 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 01:04:28.0553 0324 p2psvc - ok 01:04:28.0603 0324 [ 4A410C7AEA51123519C20D43A20BCE96 ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS 01:04:28.0663 0324 PAC207 - ok 01:04:28.0683 0324 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 01:04:28.0713 0324 Parport - ok 01:04:28.0753 0324 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys 01:04:28.0773 0324 partmgr - ok 01:04:28.0813 0324 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 01:04:28.0853 0324 Parvdm - ok 01:04:28.0873 0324 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 01:04:28.0893 0324 PcaSvc - ok 01:04:28.0913 0324 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys 01:04:28.0923 0324 pci - ok 01:04:28.0933 0324 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys 01:04:28.0943 0324 pciide - ok 01:04:28.0983 0324 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 01:04:28.0993 0324 pcmcia - ok 01:04:29.0013 0324 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 01:04:29.0023 0324 pcw - ok 01:04:29.0073 0324 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 01:04:29.0163 0324 PEAUTH - ok 01:04:29.0223 0324 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll 01:04:29.0283 0324 pla - ok 01:04:29.0333 0324 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 01:04:29.0393 0324 PlugPlay - ok 01:04:29.0463 0324 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe 01:04:29.0493 0324 PnkBstrA - ok 01:04:29.0513 0324 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 01:04:29.0553 0324 PNRPAutoReg - ok 01:04:29.0573 0324 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 01:04:29.0613 0324 PNRPsvc - ok 01:04:29.0643 0324 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 01:04:29.0693 0324 PolicyAgent - ok 01:04:29.0723 0324 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll 01:04:29.0743 0324 Power - ok 01:04:29.0783 0324 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 01:04:29.0863 0324 PptpMiniport - ok 01:04:29.0883 0324 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 01:04:29.0913 0324 Processor - ok 01:04:29.0933 0324 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll 01:04:29.0963 0324 ProfSvc - ok 01:04:29.0973 0324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe 01:04:29.0983 0324 ProtectedStorage - ok 01:04:30.0013 0324 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 01:04:30.0043 0324 Psched - ok 01:04:30.0093 0324 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 01:04:30.0143 0324 ql2300 - ok 01:04:30.0163 0324 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 01:04:30.0173 0324 ql40xx - ok 01:04:30.0193 0324 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 01:04:30.0223 0324 QWAVE - ok 01:04:30.0243 0324 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 01:04:30.0253 0324 QWAVEdrv - ok 01:04:30.0263 0324 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 01:04:30.0283 0324 RasAcd - ok 01:04:30.0313 0324 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 01:04:30.0333 0324 RasAgileVpn - ok 01:04:30.0343 0324 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 01:04:30.0363 0324 RasAuto - ok 01:04:30.0373 0324 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 01:04:30.0433 0324 Rasl2tp - ok 01:04:30.0473 0324 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll 01:04:30.0523 0324 RasMan - ok 01:04:30.0553 0324 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 01:04:30.0613 0324 RasPppoe - ok 01:04:30.0643 0324 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 01:04:30.0673 0324 RasSstp - ok 01:04:30.0683 0324 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 01:04:30.0703 0324 rdbss - ok 01:04:30.0713 0324 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 01:04:30.0723 0324 rdpbus - ok 01:04:30.0733 0324 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 01:04:30.0753 0324 RDPCDD - ok 01:04:30.0753 0324 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 01:04:30.0773 0324 RDPENCDD - ok 01:04:30.0793 0324 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 01:04:30.0803 0324 RDPREFMP - ok 01:04:30.0843 0324 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 01:04:30.0893 0324 RDPWD - ok 01:04:30.0913 0324 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 01:04:30.0943 0324 rdyboost - ok 01:04:30.0963 0324 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 01:04:31.0003 0324 RemoteAccess - ok 01:04:31.0043 0324 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 01:04:31.0093 0324 RemoteRegistry - ok 01:04:31.0123 0324 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 01:04:31.0143 0324 RpcEptMapper - ok 01:04:31.0173 0324 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 01:04:31.0203 0324 RpcLocator - ok 01:04:31.0243 0324 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll 01:04:31.0283 0324 RpcSs - ok 01:04:31.0293 0324 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 01:04:31.0323 0324 rspndr - ok 01:04:31.0353 0324 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 01:04:31.0403 0324 RTL8167 - ok 01:04:31.0423 0324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe 01:04:31.0453 0324 SamSs - ok 01:04:31.0483 0324 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 01:04:31.0513 0324 sbp2port - ok 01:04:31.0523 0324 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 01:04:31.0563 0324 SCardSvr - ok 01:04:31.0573 0324 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 01:04:31.0593 0324 scfilter - ok 01:04:31.0643 0324 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll 01:04:31.0703 0324 Schedule - ok 01:04:31.0733 0324 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll 01:04:31.0753 0324 SCPolicySvc - ok 01:04:31.0763 0324 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll 01:04:31.0803 0324 SDRSVC - ok 01:04:31.0853 0324 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 01:04:31.0933 0324 secdrv - ok 01:04:31.0953 0324 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 01:04:31.0993 0324 seclogon - ok 01:04:32.0003 0324 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 01:04:32.0033 0324 SENS - ok 01:04:32.0043 0324 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 01:04:32.0133 0324 SensrSvc - ok 01:04:32.0143 0324 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 01:04:32.0173 0324 Serenum - ok 01:04:32.0203 0324 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 01:04:32.0253 0324 Serial - ok 01:04:32.0273 0324 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 01:04:32.0293 0324 sermouse - ok 01:04:32.0323 0324 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll 01:04:32.0453 0324 SessionEnv - ok 01:04:32.0503 0324 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 01:04:32.0663 0324 sffdisk - ok 01:04:32.0673 0324 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys 01:04:32.0703 0324 sffp_mmc - ok 01:04:32.0723 0324 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 01:04:32.0733 0324 sffp_sd - ok 01:04:32.0743 0324 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 01:04:32.0753 0324 sfloppy - ok 01:04:32.0773 0324 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 01:04:32.0813 0324 SharedAccess - ok 01:04:32.0843 0324 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 01:04:32.0883 0324 ShellHWDetection - ok 01:04:32.0913 0324 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys 01:04:32.0923 0324 sisagp - ok 01:04:32.0953 0324 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 01:04:32.0963 0324 SiSRaid2 - ok 01:04:32.0973 0324 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 01:04:32.0983 0324 SiSRaid4 - ok 01:04:33.0053 0324 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 01:04:33.0073 0324 SkypeUpdate - ok 01:04:33.0103 0324 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 01:04:33.0163 0324 Smb - ok 01:04:33.0203 0324 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 01:04:33.0223 0324 SNMPTRAP - ok 01:04:33.0293 0324 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys 01:04:33.0323 0324 speedfan - ok 01:04:33.0333 0324 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 01:04:33.0363 0324 spldr - ok 01:04:33.0393 0324 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe 01:04:33.0463 0324 Spooler - ok 01:04:33.0563 0324 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe 01:04:33.0673 0324 sppsvc - ok 01:04:33.0693 0324 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll 01:04:33.0703 0324 sppuinotify - ok 01:04:33.0733 0324 sptd - ok 01:04:33.0783 0324 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys 01:04:33.0843 0324 srv - ok 01:04:33.0883 0324 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 01:04:33.0923 0324 srv2 - ok 01:04:33.0973 0324 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 01:04:33.0993 0324 srvnet - ok 01:04:34.0013 0324 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 01:04:34.0073 0324 SSDPSRV - ok 01:04:34.0133 0324 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 01:04:34.0153 0324 ssmdrv - ok 01:04:34.0153 0324 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 01:04:34.0203 0324 SstpSvc - ok 01:04:34.0233 0324 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys 01:04:34.0233 0324 ss_bbus - ok 01:04:34.0253 0324 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys 01:04:34.0263 0324 ss_bmdfl - ok 01:04:34.0283 0324 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys 01:04:34.0293 0324 ss_bmdm - ok 01:04:34.0303 0324 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 01:04:34.0313 0324 stexstor - ok 01:04:34.0343 0324 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll 01:04:34.0363 0324 StiSvc - ok 01:04:34.0383 0324 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 01:04:34.0383 0324 swenum - ok 01:04:34.0393 0324 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 01:04:34.0423 0324 swprv - ok 01:04:34.0453 0324 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll 01:04:34.0483 0324 SysMain - ok 01:04:34.0513 0324 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll 01:04:34.0533 0324 TabletInputService - ok 01:04:34.0553 0324 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll 01:04:34.0573 0324 TapiSrv - ok 01:04:34.0583 0324 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 01:04:34.0613 0324 TBS - ok 01:04:34.0693 0324 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys 01:04:34.0763 0324 Tcpip - ok 01:04:34.0793 0324 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 01:04:34.0823 0324 TCPIP6 - ok 01:04:34.0833 0324 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 01:04:34.0863 0324 tcpipreg - ok 01:04:34.0883 0324 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 01:04:34.0933 0324 TDPIPE - ok 01:04:34.0973 0324 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 01:04:35.0013 0324 TDTCP - ok 01:04:35.0033 0324 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 01:04:35.0053 0324 tdx - ok 01:04:35.0073 0324 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 01:04:35.0083 0324 TermDD - ok 01:04:35.0113 0324 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll 01:04:35.0133 0324 TermService - ok 01:04:35.0143 0324 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 01:04:35.0163 0324 Themes - ok 01:04:35.0173 0324 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 01:04:35.0193 0324 THREADORDER - ok 01:04:35.0203 0324 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 01:04:35.0233 0324 TrkWks - ok 01:04:35.0273 0324 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 01:04:35.0313 0324 TrustedInstaller - ok 01:04:35.0323 0324 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 01:04:35.0343 0324 tssecsrv - ok 01:04:35.0373 0324 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 01:04:35.0393 0324 tunnel - ok 01:04:35.0403 0324 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 01:04:35.0413 0324 uagp35 - ok 01:04:35.0423 0324 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys 01:04:35.0443 0324 udfs - ok 01:04:35.0463 0324 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 01:04:35.0473 0324 UI0Detect - ok 01:04:35.0503 0324 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 01:04:35.0503 0324 uliagpkx - ok 01:04:35.0513 0324 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys 01:04:35.0543 0324 umbus - ok 01:04:35.0573 0324 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 01:04:35.0583 0324 UmPass - ok 01:04:35.0603 0324 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 01:04:35.0633 0324 upnphost - ok 01:04:35.0653 0324 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 01:04:35.0663 0324 usbccgp - ok 01:04:35.0673 0324 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 01:04:35.0703 0324 usbcir - ok 01:04:35.0723 0324 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 01:04:35.0733 0324 usbehci - ok 01:04:35.0743 0324 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 01:04:35.0753 0324 usbhub - ok 01:04:35.0773 0324 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 01:04:35.0793 0324 usbohci - ok 01:04:35.0823 0324 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 01:04:35.0863 0324 usbprint - ok 01:04:35.0913 0324 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 01:04:35.0953 0324 USBSTOR - ok 01:04:35.0973 0324 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 01:04:36.0003 0324 usbuhci - ok 01:04:36.0013 0324 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 01:04:36.0033 0324 UxSms - ok 01:04:36.0043 0324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe 01:04:36.0053 0324 VaultSvc - ok 01:04:36.0073 0324 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 01:04:36.0083 0324 vdrvroot - ok 01:04:36.0103 0324 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe 01:04:36.0133 0324 vds - ok 01:04:36.0153 0324 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 01:04:36.0183 0324 vga - ok 01:04:36.0183 0324 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 01:04:36.0213 0324 VgaSave - ok 01:04:36.0233 0324 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 01:04:36.0243 0324 vhdmp - ok 01:04:36.0273 0324 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys 01:04:36.0283 0324 viaagp - ok 01:04:36.0293 0324 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 01:04:36.0323 0324 ViaC7 - ok 01:04:36.0343 0324 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys 01:04:36.0343 0324 viaide - ok 01:04:36.0373 0324 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 01:04:36.0373 0324 volmgr - ok 01:04:36.0393 0324 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 01:04:36.0403 0324 volmgrx - ok 01:04:36.0423 0324 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys 01:04:36.0433 0324 volsnap - ok 01:04:36.0453 0324 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 01:04:36.0463 0324 vsmraid - ok 01:04:36.0493 0324 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe 01:04:36.0533 0324 VSS - ok 01:04:36.0543 0324 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 01:04:36.0553 0324 vwifibus - ok 01:04:36.0573 0324 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 01:04:36.0603 0324 W32Time - ok 01:04:36.0633 0324 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 01:04:36.0643 0324 WacomPen - ok 01:04:36.0653 0324 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 01:04:36.0673 0324 WANARP - ok 01:04:36.0673 0324 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 01:04:36.0693 0324 Wanarpv6 - ok 01:04:36.0783 0324 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 01:04:36.0833 0324 WatAdminSvc - ok 01:04:36.0903 0324 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe 01:04:36.0993 0324 wbengine - ok 01:04:37.0013 0324 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 01:04:37.0043 0324 WbioSrvc - ok 01:04:37.0063 0324 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll 01:04:37.0083 0324 wcncsvc - ok 01:04:37.0103 0324 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 01:04:37.0183 0324 WcsPlugInService - ok 01:04:37.0203 0324 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 01:04:37.0233 0324 Wd - ok 01:04:37.0253 0324 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 01:04:37.0273 0324 Wdf01000 - ok 01:04:37.0293 0324 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 01:04:37.0323 0324 WdiServiceHost - ok 01:04:37.0323 0324 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 01:04:37.0343 0324 WdiSystemHost - ok 01:04:37.0363 0324 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll 01:04:37.0403 0324 WebClient - ok 01:04:37.0423 0324 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 01:04:37.0453 0324 Wecsvc - ok 01:04:37.0463 0324 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 01:04:37.0503 0324 wercplsupport - ok 01:04:37.0543 0324 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 01:04:37.0583 0324 WerSvc - ok 01:04:37.0613 0324 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 01:04:37.0633 0324 WfpLwf - ok 01:04:37.0653 0324 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 01:04:37.0653 0324 WIMMount - ok 01:04:37.0733 0324 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 01:04:37.0763 0324 WinDefend - ok 01:04:37.0763 0324 WinHttpAutoProxySvc - ok 01:04:37.0823 0324 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 01:04:37.0853 0324 Winmgmt - ok 01:04:37.0883 0324 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll 01:04:37.0913 0324 WinRM - ok 01:04:37.0973 0324 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 01:04:38.0003 0324 WinUsb - ok 01:04:38.0043 0324 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 01:04:38.0093 0324 Wlansvc - ok 01:04:38.0113 0324 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 01:04:38.0123 0324 WmiAcpi - ok 01:04:38.0143 0324 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 01:04:38.0173 0324 wmiApSrv - ok 01:04:38.0243 0324 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 01:04:38.0383 0324 WMPNetworkSvc - ok 01:04:38.0393 0324 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 01:04:38.0433 0324 WPCSvc - ok 01:04:38.0453 0324 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 01:04:38.0463 0324 WPDBusEnum - ok 01:04:38.0493 0324 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 01:04:38.0573 0324 ws2ifsl - ok 01:04:38.0593 0324 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 01:04:38.0613 0324 wscsvc - ok 01:04:38.0613 0324 WSearch - ok 01:04:38.0693 0324 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 01:04:38.0773 0324 wuauserv - ok 01:04:38.0783 0324 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 01:04:38.0813 0324 WudfPf - ok 01:04:38.0843 0324 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 01:04:38.0863 0324 WUDFRd - ok 01:04:38.0873 0324 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 01:04:38.0893 0324 wudfsvc - ok 01:04:38.0903 0324 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 01:04:38.0923 0324 WwanSvc - ok 01:04:38.0943 0324 ================ Scan global =============================== 01:04:38.0963 0324 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll 01:04:39.0003 0324 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll 01:04:39.0023 0324 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll 01:04:39.0053 0324 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 01:04:39.0083 0324 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 01:04:39.0093 0324 [Global] - ok 01:04:39.0093 0324 ================ Scan MBR ================================== 01:04:39.0113 0324 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 01:04:39.0413 0324 \Device\Harddisk0\DR0 - ok 01:04:39.0413 0324 ================ Scan VBR ================================== 01:04:39.0423 0324 [ 793A66CF077A41A0CA3A4758C14E4C97 ] \Device\Harddisk0\DR0\Partition1 01:04:39.0423 0324 \Device\Harddisk0\DR0\Partition1 - ok 01:04:39.0463 0324 [ ADCA9E1CF8DC2A303807EC975569963E ] \Device\Harddisk0\DR0\Partition2 01:04:39.0463 0324 \Device\Harddisk0\DR0\Partition2 - ok 01:04:39.0463 0324 ============================================================ 01:04:39.0463 0324 Scan finished 01:04:39.0463 0324 ============================================================ 01:04:39.0483 4380 Detected object count: 5 01:04:39.0483 4380 Actual detected object count: 5 01:04:57.0203 4380 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user 01:04:57.0203 4380 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:04:57.0213 4380 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user 01:04:57.0213 4380 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:04:57.0213 4380 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user 01:04:57.0213 4380 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:04:57.0213 4380 giveio ( UnsignedFile.Multi.Generic ) - skipped by user 01:04:57.0213 4380 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:04:57.0213 4380 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 01:04:57.0213 4380 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip |
21.09.2012, 14:57 | #22 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | 6 Trojaner (adware.gen) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.09.2012, 18:38 | #23 |
| 6 Trojaner (adware.gen)Code:
ATTFilter ComboFix 12-09-20.03 - Björn 21.09.2012 18:37:35.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3327.2602 [GMT 2:00] ausgeführt von:: c:\users\Bj÷rn\Desktop\Bilder\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Björn\AppData\Roaming\AcroIEHelpe.txt . . ((((((((((((((((((((((( Dateien erstellt von 2012-08-21 bis 2012-09-21 )))))))))))))))))))))))))))))) . . 2012-09-21 16:41 . 2012-09-21 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-15 10:53 . 2012-09-15 10:53 -------- d-----w- c:\program files\Common Files\Java 2012-09-15 10:53 . 2012-09-15 10:53 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-15 10:49 . 2012-09-21 09:40 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-14 23:15 . 2012-09-14 23:15 -------- d-----w- c:\program files\Common Files\Skype 2012-09-03 10:55 . 2012-09-03 10:55 -------- d-----w- C:\_OTL . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-21 09:40 . 2012-03-11 15:15 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-15 10:53 . 2011-11-12 10:48 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-25 19:37 . 2012-07-24 21:16 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D80F9C4F-7E11-4C80-8CEC-1383B6B15094}\offreg.dll 2012-07-18 17:10 . 2012-08-16 20:12 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 21:23 . 2012-08-16 20:12 41472 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:23 . 2012-08-16 20:12 102912 ----a-w- c:\windows\system32\browser.dll 2012-07-03 11:46 . 2012-07-25 16:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-29 08:44 . 2012-07-24 20:23 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D80F9C4F-7E11-4C80-8CEC-1383B6B15094}\mpengine.dll 2012-06-29 00:16 . 2012-08-16 22:42 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09 . 2012-08-16 22:42 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08 . 2012-08-16 22:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04 . 2012-08-16 22:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00 . 2012-08-16 22:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-06 98304] "PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584] "mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2010-05-12 1066304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-11-18 273528] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664] "AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x] R3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x] R3 PAC207;i-Look 110;c:\windows\system32\DRIVERS\PFC027.SYS [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x] S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [x] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x] S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2012-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 09:40] . 2012-09-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-14 20:48] . 2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 23:20] . 2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 23:20] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com IE: Free YouTube Download - c:\users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 217.0.43.65 217.0.43.81 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-Samsung Mobile phone USB driver Drive - c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-4010188098-783432063-3901806868-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:32,36,e4,d8,22,b3,d4,aa,f7,10,90,e8,8d,57,21,7d,8e,bd,78,bc,6e,cb,46, eb,a1,78,a5,59,1d,1c,f0,b5,42,7a,01,40,f1,ab,7a,af,f4,bf,b8,45,7d,3c,8a,a2,\ "??"=hex:fe,a4,13,90,eb,d6,d4,88,92,71,90,ef,ca,c3,eb,2b . [HKEY_USERS\S-1-5-21-4010188098-783432063-3901806868-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:88,03,54,fc,ad,90,00,f5,8f,e7,b7,db,2a,3e,7c,6d,12,51,cd,8a,57, af,f9,20,14,ca,89,eb,8a,9c,da,16,64,05,0f,b1,44,03,14,90,da,1a,36,10,b9,7d,\ "rkeysecu"=hex:a5,98,eb,9e,ef,74,6d,1c,b0,bd,25,71,75,63,9b,1a . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-09-21 18:42:36 ComboFix-quarantined-files.txt 2012-09-21 16:42 . Vor Suchlauf: 9 Verzeichnis(se), 381.450.051.584 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 381.359.550.464 Bytes frei . - - End Of File - - A2802DF58C95328269FF22F3975731E8 |
21.09.2012, 21:31 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 6 Trojaner (adware.gen) Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
21.09.2012, 22:53 | #25 |
| 6 Trojaner (adware.gen) GMER hat mich offenbar nicht lieb und schmiert ab. OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:31:41 on 21.09.2012 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Opera Software Opera Internet Browser 12.02 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "giveio" (giveio) - ? - C:\Windows\System32\giveio.sys (File found, but it contains no detailed information) "speedfan" (speedfan) - "Almico Software" - C:\Windows\System32\speedfan.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe "msnmsgr" - ? - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (File not found) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "mumservice" - "Motorola" - C:\Program Files\Motorola\Software Update\mumservice.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "c:\program files\real\realplayer\Update\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MotoConnect Service" (MotoConnect Service) - ? - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-21 23:32:54 ----------------------------- 23:32:54.811 OS Version: Windows 6.1.7600 23:32:54.811 Number of processors: 4 586 0x402 23:32:54.812 ComputerName: BJÖRN-PC UserName: Björn 23:33:13.242 Initialize success 23:38:27.766 AVAST engine defs: 12092100 23:38:44.759 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4 23:38:44.765 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3 23:38:44.781 Disk 0 MBR read successfully 23:38:44.787 Disk 0 MBR scan 23:38:44.793 Disk 0 Windows 7 default MBR code 23:38:44.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 23:38:44.812 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848 23:38:44.818 Disk 0 scanning sectors +976771072 23:38:44.907 Disk 0 scanning C:\Windows\system32\drivers 23:38:53.139 Service scanning 23:39:09.061 Modules scanning 23:39:12.489 Disk 0 trace - called modules: 23:39:12.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 23:39:12.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867ca418] 23:39:12.842 3 CLASSPNP.SYS[8bf8159e] -> nt!IofCallDriver -> [0x86656918] 23:39:12.857 5 ACPI.sys[83e143b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0x86686908] 23:39:14.206 AVAST engine scan C:\Windows 23:39:17.168 AVAST engine scan C:\Windows\system32 23:41:24.743 AVAST engine scan C:\Windows\system32\drivers 23:41:35.419 AVAST engine scan C:\Users\Björn 23:46:45.077 AVAST engine scan C:\ProgramData 23:48:15.087 Scan finished successfully 23:49:45.710 Disk 0 MBR has been saved successfully to "C:\Program Files\Opera\MBR.dat" 23:49:45.715 The log file has been saved successfully to "C:\Program Files\Opera\aswMBR.txt" |
22.09.2012, 16:46 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 6 Trojaner (adware.gen) Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu 6 Trojaner (adware.gen) |
.dll, avg, ccc.exe, desktop, explorer.exe, frage, google, home, juli 2012, lsass.exe, microsoft, modul, mom.exe, monitor.exe, netzwerk, opera, programme, prozesse, recycle.bin, registry, scan, services.exe, software, svchost.exe, taskhost.exe, teredo, trojaner, verweise, warnung, windows, winlogon.exe, wmp, wuauclt.exe |