| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "ATRAPS.gen" und "ATRAPS.gen2" Trojaner FundWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.08.2012, 10:49
| #1 |
| |  "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Hallo zusammen ich hoffe ihr könnt mir helfen siet heut Morgen tauchte plötzlich ein Virus Fund von Avira auf und meldete die Zwei Trojaner ATRAPS.gen und "".gen2. Ich hab gleich mal wie bei allen anderen Themen die Tests durchlaufen lassen sprich OTL und Malwarebytes. OTL.txt Code:
ATTFilter OTL logfile created on: 02.08.2012 11:31:49 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 57,52% Memory free 5,96 Gb Paging File | 4,70 Gb Available in Paging File | 78,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,84 Gb Total Space | 14,21 Gb Free Space | 4,68% Space Free | Partition Type: NTFS Drive D: | 152,92 Gb Total Space | 29,02 Gb Free Space | 18,98% Space Free | Partition Type: NTFS Computer Name: DERCOMPUTER | User Name: Gabi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\GbPlugin\gbpsv.exe ( ) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll () MOD - C:\Programme\Mozilla Firefox\js3250.dll () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (GbpSv) -- C:\Programme\GbPlugin\gbpsv.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA) SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA) SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () ========== Driver Services (SafeList) ========== DRV - (GbpKm) -- C:\Windows\system32\drivers\gbpkm.sys (GAS Tecnologia) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.145.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 19:45:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.06 16:56:36 | 000,000,000 | ---D | M] [2011.01.23 20:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Extensions [2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions [2011.01.23 20:09:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.07.18 22:02:49 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\battlefieldheroespatcher@ea.com [2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.18 21:59:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.12.28 19:41:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.06.06 16:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.07.18 21:59:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.12.28 19:41:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.06.06 16:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2010.11.12 12:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.12 12:45:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.11.12 12:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.12 12:45:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml ========== Chrome ========== O1 HOSTS File: ([2012.01.16 02:03:23 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0169DC82-20BB-43D7-9C30-B0DA25C3A568}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA7E0B6-A087-4954-92D6-2FA645EC1AF7}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0E9E3E0-3468-44F4-8735-70FF3931833B}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.07.31 23:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\PermissionResearch [2012.07.28 21:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\THQ [2012.07.22 19:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.07.22 19:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2012.07.18 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Local\PunkBuster [2012.07.18 23:28:19 | 000,000,000 | ---D | C] -- C:\Users\Gabi\Documents\Battlefield Heroes [2012.07.18 22:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2012.07.12 09:38:41 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.12 09:35:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.12 09:35:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.12 09:35:10 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.12 09:35:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.12 09:35:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.12 09:35:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.12 09:35:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 19:08:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.10 20:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.07.10 20:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2010.11.03 10:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Gabi\AppData\Roaming\MinecraftSP.exe ========== Files - Modified Within 30 Days ========== [2012.08.02 11:31:56 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job [2012.08.02 10:55:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.02 10:49:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.02 10:49:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 10:49:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 10:48:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 10:48:57 | 3079,262,208 | -HS- | M] () -- C:\hiberfil.sys [2012.08.02 10:37:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.01 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job [2012.07.22 19:20:28 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012.07.18 23:48:36 | 000,139,080 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.07.18 23:48:27 | 000,270,240 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.07.18 22:53:04 | 000,138,056 | ---- | M] () -- C:\Users\Gabi\AppData\Roaming\PnkBstrK.sys [2012.07.18 22:52:54 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.07.13 14:35:31 | 000,655,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.13 14:35:30 | 000,699,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.13 14:35:30 | 000,157,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.13 14:35:30 | 000,128,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.12 09:57:28 | 000,324,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.22 19:20:28 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.07.18 23:48:27 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2012.07.18 22:53:05 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.07.18 22:53:04 | 000,138,056 | ---- | C] () -- C:\Users\Gabi\AppData\Roaming\PnkBstrK.sys [2012.07.18 22:52:49 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.07.18 22:52:49 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.07.18 22:52:45 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.12.07 22:49:28 | 000,093,671 | ---- | C] () -- C:\Users\Gabi\AppData\Roaming\Uninstal.exe [2011.11.13 21:48:09 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.11.13 21:47:37 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.10.27 22:01:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2011.09.26 21:53:01 | 000,000,639 | ---- | C] () -- C:\Windows\eReg.dat [2011.06.18 15:53:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.06.18 15:52:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.06 20:52:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011.01.24 13:25:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.01.24 12:57:10 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2011.01.24 12:57:10 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.10.31 07:20:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.09.17 18:51:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.13 18:53:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.13 18:53:41 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.11 10:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.09.11 08:51:24 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.10.20 13:37:54 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2008.10.20 13:37:53 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2008.10.20 13:37:52 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2008.10.20 13:37:52 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008.10.20 12:58:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.25 12:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.01.21 07:15:58 | 000,699,828 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 07:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 07:15:58 | 000,157,120 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 07:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 12:47:37 | 000,324,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 10:33:01 | 000,655,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 10:33:01 | 000,128,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.08.01 15:35:04 | 000,002,831 | ---- | C] () -- C:\Windows\wavemix.ini ========== LOP Check ========== [2011.12.15 18:55:55 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\.minecraft [2012.01.11 21:51:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\DAEMON Tools Lite [2011.11.12 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Easeware [2011.11.12 20:12:53 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\fltk.org [2011.09.29 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Leadertech [2012.07.03 10:21:30 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\LolClient [2012.05.04 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Propellerhead Software [2012.06.17 15:13:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\uTorrent [2011.01.18 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\wxMozBrowserLib [2012.05.10 23:22:14 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\YoudaGames [2011.11.28 10:21:52 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\DriverEasy Scheduled Scan.job [2012.08.01 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job [2012.08.02 11:31:56 | 000,001,154 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job [2012.08.02 10:47:58 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 2 bytes -> C:\Windows\System32:EF87F1B4_Bb.gbp < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 02.08.2012 11:31:49 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 57,52% Memory free
5,96 Gb Paging File | 4,70 Gb Available in Paging File | 78,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 14,21 Gb Free Space | 4,68% Space Free | Partition Type: NTFS
Drive D: | 152,92 Gb Total Space | 29,02 Gb Free Space | 18,98% Space Free | Partition Type: NTFS
Computer Name: DERCOMPUTER | User Name: Gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8B0B26-FFE6-4ECF-8298-FAA609342576}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1512EB15-60C0-49B2-9E99-C5E1AA49E3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F7D19CF-8C14-40C7-A8B5-10C7C64A6177}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31D7BAA4-BA38-4658-939E-7E44CA66549C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34D94C5E-6CF4-4FF0-8D74-34F4872A4F24}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4D8FAA36-EAEF-407B-ABF5-9DBB172149A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4ED82306-77B9-4275-95C5-F78AAE64573E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55CE7E2A-6A0B-419C-9AE4-49ECE309E4C1}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{5809861F-42A1-4D62-B03B-5C1CA7879407}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B359E3A-DC14-4C0F-AE4A-3ED21DC60012}" = rport=10243 | protocol=6 | dir=out | app=system |
"{66F66EC7-6B56-40A6-ABD2-1927E8AB473F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88DB133D-8FD7-49DD-9F0A-8CDE93EB9369}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{B384ACE6-62BC-4111-BDA0-8662B42B4C79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2DE4EAC-1C83-4399-A973-5D4E81CD1155}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D10EC664-C2B0-4AEF-913E-772EADC2E965}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D961EDCC-C6FB-41E4-AEAF-D1F7B3F36986}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{E3FBDF1D-4938-4589-AA6F-3A9CB0A68757}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E44B06BF-5D13-4C1F-8818-73ED4E7CE463}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F89769C0-96AA-4DF0-81D1-DE4010D76881}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F95014A7-6422-4E14-965E-9600C352B3C7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FAB0312A-4B8E-40C9-9192-5F354BF378C4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FB091B93-6B0A-4E9E-A130-DB813553F089}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ECDE24D-FC5B-4127-A1BB-D5D97E0F6588}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{161AAFC7-5028-49B7-BFE8-42B29BD054FF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{274A62D6-5858-4AA3-8E66-6C5D14DFC351}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{28C22EFD-DF7C-4CE4-884B-0ED50BD85229}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29924917-17A2-4086-A372-BD4D22FA3FB0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2A81C4F9-D67A-4F0A-8B80-BC674EC92AEA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2C9A92BB-EAE3-44CA-AB31-CA9AF3087FDB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3DBEEFB1-6993-499A-A374-C5D031758E19}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{4D856B98-6146-43A3-8702-F423D0F61367}" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"{4F5AFC8E-44FF-48ED-93AF-CB9D505C60F0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5011F880-A715-4C74-9062-B6F04E22E2E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{55DFB885-A669-4B23-85D5-E39A2C1B72B9}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{5A0D3E12-75DA-4732-9E75-033F069D7AAC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5A443BAE-2A02-46C5-9B42-3416730F594B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BF0AC86-618E-48E8-BA7D-4E3347A10C4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C0EBF5F-5327-41EC-ABB1-CDC7B988FC97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5FA39179-E25C-419C-8D61-FC4A7DF37E09}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{635C9861-3C11-4497-94AB-7B3D61FC1CB7}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{72988D27-8115-4873-9367-57CD44038BB4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A3EEFA8-8744-4656-9A2E-F145A2315124}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EDCF0C9-BE3E-4BDA-B01A-B47004D6A801}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{8146D948-5BAD-44A8-8F89-5D921176F3AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8295C084-2610-43BF-AFFD-BE99FBE775A0}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8D2F7495-D886-4022-AD74-09AA63CCEDB5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8E01978C-70C5-4EA5-AF9B-EF5A6A17A573}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{94AA5E7B-33AF-44DA-8212-DBF26B972D90}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CDE3B11-F727-4C18-9302-9B59826E3936}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3917432-99FA-4B0E-92BC-7B8F71451FE9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B6D80CBE-4FFC-468D-AFFB-43858CB40273}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B9365176-101D-40CE-99AA-C141EB26851E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BC0626C6-ADF7-4033-9716-38D818A32071}" = protocol=6 | dir=out | app=system |
"{BD485E64-E3A2-4EB6-8257-938669840A80}" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"{C156407D-1115-4D9A-A3F6-0EB939B27F61}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C7B72D04-0138-4F32-BF9B-F20C7FBCAD00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF964DCC-3BFA-444B-91E8-22F1EAE29226}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{D58B76A8-EFE8-4C00-A59C-9D86A21C3B7F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D69339DB-3F77-427C-9D96-43B00C439955}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D94EADB9-06ED-4F93-9F35-908C142D2828}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB0584F7-C39E-4C86-AD42-E42EBD26D245}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DBAA6259-CF4D-4E86-BFFC-A6119E16795D}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{E28C2411-862D-4615-88F7-CEA15B3F78CD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E39504C4-BE72-42C1-82D5-D3673723069A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0A94F50F-8626-47EF-B382-89BF7995ECDD}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=6 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"TCP Query User{0EF0ACD2-5DC4-4C48-96DD-3BB776C4C89F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3774265D-BC09-417E-9BAA-972C741048D8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{467DE04B-BD31-44EA-B53C-A1A9B9BF4E76}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |
"TCP Query User{46BEB7B7-5F79-4691-98AF-03927CBEAA56}C:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe |
"TCP Query User{47BCE3A5-72D2-4509-85F0-E6E5E1EA5B6F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{50DA31AC-065B-462A-B086-EFF8CC7BAB2A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{60DD221A-4AB9-47EA-A2FC-40D491336DB2}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{6C734ABE-0C82-405A-965D-16E1EE156A92}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{76C0570D-ADF4-4729-BAE3-3DC7C1ECF522}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{871A49B7-FAA2-45B9-8350-1937DFC80748}C:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{8D3A0D2C-9D55-49B7-904E-160FC09801E0}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{966415D1-E67D-49CE-9FF9-096AEDF1D4B9}C:\program files\audiosurf\engine\questviewer.exe" = protocol=6 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"TCP Query User{9BAC6973-1E4E-4F34-A838-0F0368AFA828}C:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe |
"TCP Query User{9E53D579-4135-4F1E-A446-A515E6979189}C:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe |
"TCP Query User{A6BEB1A9-F5D0-4912-8C91-0C0B2350838A}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"TCP Query User{C275CBF3-3FAA-40F5-A5B7-2482859908F3}C:\program files\audiosurf\engine\questviewer.exe" = protocol=6 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"TCP Query User{E187C766-12E1-4648-B790-419B7715204E}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=6 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"TCP Query User{EF1E3FEA-F7DA-4E4E-96BE-96064B184907}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{F891D6AA-6C19-4C89-BB4C-A2E2F5CC4FA3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{FCCA50B1-05FD-4525-A783-55863C30DC0D}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"UDP Query User{094577A3-94F8-418F-9838-D24E00679FB5}C:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe |
"UDP Query User{1D60A1EA-A8E2-42F7-8461-B5F6240A8E3D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{28BABCA5-EC32-499B-9704-B390745551E7}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"UDP Query User{3678918A-76CE-4FE8-9764-7DCC84D92EA0}C:\program files\audiosurf\engine\questviewer.exe" = protocol=17 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"UDP Query User{3682CD82-1806-4337-B253-4DE30352B0AA}C:\program files\audiosurf\engine\questviewer.exe" = protocol=17 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"UDP Query User{4953406A-6C61-426B-ACB5-3CAC74284E09}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4A7D287B-F79F-4713-925C-7636F63E4F1B}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{4A900F4F-56E8-4C7F-9649-20F290F932F4}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{4BBC645A-5C68-4F87-BDA3-CFB95F4C8E9F}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=17 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"UDP Query User{6896719B-28B5-4818-910C-31224730447A}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=17 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"UDP Query User{78D224F1-8702-4044-AF40-8CDA759CAAD6}C:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe |
"UDP Query User{9E21719A-0E5B-4722-9D31-0DBFE2420725}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A5CE583C-CCD0-4E9A-ACA9-4824083BE17C}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{BBE1723B-F277-4FE1-9737-9245C3EE3596}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{C72BAC74-9DB7-4AB1-A279-44876756F44A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DABD39E1-B7CD-406A-A7AC-EE408F466B10}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |
"UDP Query User{DBBE56E1-A8EC-459F-ADA1-5C6792770E0D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{DC2BEA43-F32C-4323-AF81-FE503FCA2A36}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"UDP Query User{E8470E48-447E-4694-9F52-FEFF05E58A11}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E88A7570-C7EB-4F14-9DE9-1E382CABFF3C}C:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe |
"UDP Query User{F4B34126-5377-48D1-8B08-81A08684C37B}C:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06ACD0D6-537A-4831-9608-AA74A5795698}" = Fantasy Sound Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20052CA0-FF43-4901-8261-E6DBF0A09ED1}" = Farm Animal Sounds
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Launch Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2BD6FF-CE8D-47B5-AD9C-0A5C2D54EB3C}" = League of Legends
"{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}" = Norman Security Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C05BC4CD-C001-37E7-939C-3392604DFBEF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C85B6A70-2ABB-4A31-8FD1-E183553A94F9}" = MoD ImperiaL v4.1
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D801B39E-CE01-409F-8E7C-B7976EA3C9DC}_is1" = Audiosurf
"{D813EF9B-69CF-4996-893C-B400AE7292FA}" = Spooky Sounds
"{D91802D9-6A42-4563-BC37-B3E2D04DC95B}" = Ancient Weapon Sounds
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"DriverEasy_is1" = DriverEasy 3.11.0
"Eastern Front" = Eastern Front
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Launch Manager
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Minecraft 1.2.0_02" = Minecraft 1.2.0_02
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Picasa 3" = Picasa 3
"PONS Softwarekurs für Anfänger Portugiesisch" = PONS Softwarekurs für Anfänger Portugiesisch
"PunkBusterSvc" = PunkBuster Services
"Reason5_is1" = Reason 5.0
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Gabi)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.10.2011 01:19:50 | Computer Name = DERComputer | Source = System Restore | ID = 8193
Description =
Error - 03.10.2011 01:23:42 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05, Prozess-ID 0x1484, Anwendungsstartzeit
01cc818c9c11149d.
Error - 03.10.2011 01:24:06 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05, Prozess-ID 0x16cc, Anwendungsstartzeit
01cc818caacfa5ad.
Error - 03.10.2011 01:24:12 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05, Prozess-ID 0x750, Anwendungsstartzeit
01cc818cae3a6efd.
Error - 03.10.2011 02:04:43 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
Error - 03.10.2011 09:48:50 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
Error - 04.10.2011 12:47:14 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
Error - 04.10.2011 13:20:39 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung stdrt.exe, Version 3.0.239.0, Zeitstempel 0x4462f982,
fehlerhaftes Modul oggflt.sft, Version 1.0.1.0, Zeitstempel 0x4460ff48, Ausnahmecode
0xc0000005, Fehleroffset 0x0000fa77, Prozess-ID 0x484, Anwendungsstartzeit 01cc82b54fabe0a2.
Error - 04.10.2011 13:32:18 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung stdrt.exe, Version 3.0.239.0, Zeitstempel 0x4462f982,
fehlerhaftes Modul oggflt.sft, Version 1.0.1.0, Zeitstempel 0x4460ff48, Ausnahmecode
0xc0000005, Fehleroffset 0x00016300, Prozess-ID 0x1580, Anwendungsstartzeit 01cc82b9f6b96492.
Error - 05.10.2011 09:17:56 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 02.08.2012 05:44:35 | Computer Name = DERComputer | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00238B55C2FD zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 02.08.2012 05:46:14 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 02.08.2012 05:46:29 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.6 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 02.08.2012 05:46:51 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.7 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 02.08.2012 05:49:42 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.8 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 02.08.2012 05:49:51 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 02.08.2012 05:50:00 | Computer Name = DERComputer | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00238B55C2FD zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 02.08.2012 06:50:38 | Computer Name = DERComputer | Source = Service Control Manager | ID = 7023
Description =
Error - 02.08.2012 06:51:43 | Computer Name = DERComputer | Source = Service Control Manager | ID = 7024
Description =
Error - 02.08.2012 07:10:04 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
< End of report >
Malewarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.10.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 TimTobias :: DERCOMPUTER [limited] 02.08.2012 11:22:34 mbam-log-2012-08-02 (11-22-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 167506 Time elapsed: 5 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files\PermissionResearch (Spyware.PermissionResearch) -> Delete on reboot. Files Detected: 4 C:\Program Files\PermissionResearch\prls.dll (Spyware.PermissionResearch) -> Delete on reboot. C:\Program Files\PermissionResearch\prls64.dll (Spyware.PermissionResearch) -> Delete on reboot. C:\Program Files\PermissionResearch\prmrsr64.exe (Spyware.PermissionResearch) -> Delete on reboot. C:\Program Files\PermissionResearch\prservice.exe (Spyware.PermissionResearch) -> Delete on reboot. (end) Ich hoffe es ist nichts schlimmes, wisst ihr was der ATRAPS Trojaner genau macht ?? Ich hab gesehen ihr hattet das Probelm ja schon öfter hier im Forum. Danke im vorraus schonmal und nen Lieben Gruß, Tim. |
|
02.08.2012, 13:54
| #2 |
  | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Hi,
__________________es sind keine der üblichen Files zu finden, taucht die Malware noch auf? Bitte folgende Files prüfen (Hast Du Banking-SW der Bank of Brasil auf dem Rechner)?: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Programme\GbPlugin\gbieh.dll
Fix für OTL:
 Code:
ATTFilter
:OTL
@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:EF87F1B4_Bb.gbp
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01
:Commands
[emptytemp]
[resethosts]
[Reboot]
Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren! TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten... MAM updaten und Fullscan machen, Log posten! chris
__________________ |
|
03.08.2012, 17:35
| #3 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Ok nu haben wirs. Danke erstmal das ihr mir helft ist ja jetzt endlich nicht selbst verständlich. ^^
__________________Ok bei Virustotal war ich mir nicht sicher was genau du alles Kopiert haben wolltest, somit ist hier ALLES. Virustotal HTML-Code: SHA256: 9b6eb848604850bddf331fbbe70240d5caa326c92eba8b5ac1ed8ffb76c56e0a
SHA1: a2266d6ea4791a784cd8f647c9d08dc5abab8237
MD5: f136508dd68d1973ba934164bc13e94a
File size: 1.3 MB ( 1313864 bytes )
File name: gbieh.dll
File type: Win32 DLL
Detection ratio: 0 / 41
Analysis date: 2012-08-03 15:04:21 UTC ( 1 Minute ago )
1
2
More details
Antivirus Result Update
AhnLab-V3 - 20120803
AntiVir - 20120803
Antiy-AVL - 20120803
Avast - 20120803
AVG - 20120803
BitDefender - 20120803
ByteHero - 20120723
CAT-QuickHeal - 20120803
ClamAV - 20120803
Commtouch - 20120803
Comodo - 20120803
DrWeb - 20120803
Emsisoft - 20120803
eSafe - 20120802
ESET-NOD32 - 20120803
F-Prot - 20120803
F-Secure - 20120803
Fortinet - 20120803
GData - 20120803
Ikarus - 20120803
Jiangmin - 20120803
K7AntiVirus - 20120802
Kaspersky - 20120803
McAfee - 20120803
McAfee-GW-Edition - 20120802
Microsoft - 20120803
Norman - 20120803
nProtect - 20120803
Panda - 20120803
Rising - 20120803
Sophos - 20120803
SUPERAntiSpyware - 20120803
Symantec - 20120803
TheHacker - 20120801
TotalDefense - 20120802
TrendMicro - 20120803
TrendMicro-HouseCall - 20120803
VBA32 - 20120803
VIPRE - 20120803
ViRobot - 20120803
VirusBuster - 20120803
* Comments
* Votes
* Additional information
No comments
NUEVA VARIANTE DE SPY BANKER GB
controlado a partir de ELISTARA 25.74
www.satinfo.es
Posted 1 Monat, 1 Woche ago by SATINFO
More comments
Leave your comment...
?
Rich Text Area
Toolbar
Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y)
StylesStyles ▼
Remove Formatting
Post comment
You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community
No votes
*
anonymous
+1
2012-06-08 12:50:52 UTC ( 1 Monat, 3 Wochen ago )
*
anonymous
-1
2012-06-21 16:42:11 UTC ( 1 Monat, 1 Woche ago )
*
SATINFO
-34
2012-06-21 14:53:33 UTC ( 1 Monat, 1 Woche ago )
More votes
An error occurred
ssdeep
24576:3KIJzr7Irr+oyhoHCAZWInmXYbyYquDchkOTr5tr2qqsglzAsKUMa7+19Z11mNw8:3KMH7Irr+CCAAImXgLquoH5d3qsgdKU9
TrID
Windows OCX File (90.7%)
Win32 Executable Generic (6.2%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ExifTool
CodeSize.................: 1314304
SubsystemVersion.........: 5.0
Comments.................:
InitializedDataSize......: 481280
ImageVersion.............: 0.0
ProductName..............: Banco do Brasil Gbieh
FileVersionNumber........: 3.14.11.8
UninitializedDataSize....: 0
LanguageCode.............: Portuguese (Brazilian)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 9.0
OriginalFilename.........: Gbieh.dll
PrivateBuild.............: Banco do Brasil
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 3,14,11,8
TimeStamp................: 2012:04:28 00:36:26+02:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: Gbieh
OLESelfRegister..........: yes
ProductVersion...........: 3,14,11,8
FileDescription..........: Gbieh Module
OSVersion................: 5.0
FileOS...................: Win32
LegalCopyright...........: Copyright 2003-2012, Banco do Brasil
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Banco do Brasil
LegalTrademarks..........: Banco do Brasil, Gbieh
FileSubtype..............: 0
ProductVersionNumber.....: 3.14.11.8
EntryPoint...............: 0x300bd7
ObjectFileType...........: Dynamic link library
Sigcheck
publisher................: Banco do Brasil
product..................: Banco do Brasil Gbieh
internal name............: Gbieh
copyright................: Copyright (c) 2003-2012, Banco do Brasil
original name............: Gbieh.dll
signing date.............: 2:00 PM 5/9/2012
comments.................:
file version.............: 3,14,11,8
signers..................: Banco do Brasil S.A.; VeriSign Class 3 Code Signing 2010 CA; VeriSign Class 3 Public Primary Certification Authority - G5
description..............: Gbieh Module
Portable Executable structural information
Compilation timedatestamp.....: 2012-04-27 22:36:26
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00300BD7
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 1187984 0 0.00 d41d8cd98f00b204e9800998ecf8427e
CODE 1196032 125924 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 1323008 301660 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 1626112 81224 0 0.00 d41d8cd98f00b204e9800998ecf8427e
DATA 1708032 5232 0 0.00 d41d8cd98f00b204e9800998ecf8427e
BSS 1716224 2421 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.tls 1720320 2 512 0.00 bf619eac0cdf3f68d496ea9344137e8b
.vmp0 1724416 519480 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.vmp1 2244608 1295147 1295360 7.95 18c2fb3971b81fb417cf1b87997b52fa
.reloc 3543040 244 512 2.78 5b5904154dd9af512bd40aa6a02af142
.rsrc 3547136 39850 8704 4.84 a777e70b9974f74d2797edd655077ca3
PE Imports....................:
[[ADVAPI32.dll]]
CryptGetHashParam
[[KERNEL32.dll]]
GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess
[[ole32.dll]]
CoCreateInstance
[[USER32.dll]]
GetCursorPos
[[OLEAUT32.dll]]
PE Exports....................:
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, SpecialFunction
First seen by VirusTotal
2012-05-16 08:03:41 UTC ( 2 Monate, 2 Wochen ago )
Last seen by VirusTotal
2012-08-03 15:04:21 UTC ( 3 Minuten ago )
File names (max. 25)
1. gbieh.dll
2. Gbieh.dll
3. Gbieh(1).dll
4. FBC2ACA048500C0C0CDB149807234A00A7FBCBAA.dll
5. Gbieh
6. file-3978820_dll HTML-Code: All processes killed ========== OTL ========== ADS C:\Windows\System32\drivers:GbpKmAp.lst deleted successfully. ADS C:\Windows\System32:EF87F1B4_Bb.gbp deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval" | dword:0x01 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User User: Gabi ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 119014 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 32227176 bytes ->Flash cache emptied: 120779 bytes User: Juergen ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: TimTobias ->Temp folder emptied: 171775359 bytes ->Temporary Internet Files folder emptied: 63187195 bytes ->Java cache emptied: 535796 bytes ->FireFox cache emptied: 116403246 bytes ->Flash cache emptied: 144695 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1840228 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 368,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 08022012_175545 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Dann habe wir hier den GMER-Bericht. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-03 18:16:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 WDC_WD5000BEVT-22ZAT0 rev.01.01A01
Running: vyww7tu9.exe; Driver: C:\Users\Gabi\AppData\Local\Temp\uxtciaog.sys
---- System - GMER 1.0.15 ----
SSDT 8CF63DBE ZwCreateSection
SSDT 8CF63DC3 ZwSetContextThread
SSDT 8CF63D5F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 828AF8D8 4 Bytes [BE, 3D, F6, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 828AFC30 4 Bytes [C3, 3D, F6, 8C]
.text ntkrnlpa.exe!KeSetEvent + 621 828AFCE4 4 Bytes [5F, 3D, F6, 8C]
.text C:\Windows\system32\drivers\ACEDRV07.sys section is writeable [0x91D6A000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0x91DAE000]
.relo2 C:\Windows\system32\drivers\ACEDRV07.sys unknown last section [0x91DCA000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\ACEDRV09.sys section is writeable [0x81001000, 0x3326E, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV09.sys entry point in ".pklstb" section [0x81046000]
.relo2 C:\Windows\system32\drivers\ACEDRV09.sys unknown last section [0x81062000, 0x8E, 0x42000040]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xB0709300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xB074C300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\services.exe[592] kernel32.dll!FreeLibrary 773B3FA4 5 Bytes JMP 3B09A607 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)
.text C:\Windows\system32\services.exe[592] kernel32.dll!FreeLibraryAndExitThread 773B485E 5 Bytes JMP 3B09A57F C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1200] ntdll.dll!LdrLoadDll 77479378 5 Bytes JMP 013813F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [4088] 0x038D0000
---- Files - GMER 1.0.15 ----
File C:\Users\TimTobias\AppData\Local\Mozilla\Firefox\Profiles\yopvhr2r.default\Cache\F9D211E4d01 0 bytes
File C:\Users\TimTobias\AppData\Local\Mozilla\Firefox\Profiles\yopvhr2r.default\Cache\4856EEC6d01 0 bytes
File C:\Users\TimTobias\AppData\Local\Mozilla\Firefox\Profiles\yopvhr2r.default\Cache\B3318661d01 0 bytes
---- EOF - GMER 1.0.15 ----[/HTML]
Und zu guter letzt der Kaspersky TDSSKiller- Bericht HTML-Code: 18:19:05.0199 0280 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 18:19:05.0384 0280 ============================================================ 18:19:05.0384 0280 Current date / time: 2012/08/03 18:19:05.0384 18:19:05.0384 0280 SystemInfo: 18:19:05.0384 0280 18:19:05.0384 0280 OS Version: 6.0.6002 ServicePack: 2.0 18:19:05.0384 0280 Product type: Workstation 18:19:05.0384 0280 ComputerName: DERCOMPUTER 18:19:05.0384 0280 UserName: Gabi 18:19:05.0384 0280 Windows directory: C:\Windows 18:19:05.0384 0280 System windows directory: C:\Windows 18:19:05.0384 0280 Processor architecture: Intel x86 18:19:05.0384 0280 Number of processors: 2 18:19:05.0384 0280 Page size: 0x1000 18:19:05.0384 0280 Boot type: Normal boot 18:19:05.0384 0280 ============================================================ 18:19:07.0011 0280 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 18:19:07.0013 0280 ============================================================ 18:19:07.0013 0280 \Device\Harddisk0\DR0: 18:19:07.0013 0280 MBR partitions: 18:19:07.0013 0280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1200800, BlocksNum 0x25FAD800 18:19:07.0013 0280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x271AE000, BlocksNum 0x131D7800 18:19:07.0013 0280 ============================================================ 18:19:07.0086 0280 C: <-> \Device\Harddisk0\DR0\Partition0 18:19:07.0181 0280 D: <-> \Device\Harddisk0\DR0\Partition1 18:19:07.0181 0280 ============================================================ 18:19:07.0181 0280 Initialize success 18:19:07.0181 0280 ============================================================ 18:19:18.0623 3260 ============================================================ 18:19:18.0623 3260 Scan started 18:19:18.0623 3260 Mode: Manual; SigCheck; TDLFS; 18:19:18.0623 3260 ============================================================ 18:19:19.0634 3260 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 18:19:19.0750 3260 !SASCORE - ok 18:19:19.0940 3260 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\ACEDRV07.sys 18:19:19.0967 3260 ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning 18:19:19.0967 3260 ACEDRV07 - detected UnsignedFile.Multi.Generic (1) 18:19:20.0008 3260 ACEDRV09 (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys 18:19:20.0027 3260 ACEDRV09 - ok 18:19:20.0091 3260 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 18:19:20.0111 3260 ACPI - ok 18:19:20.0227 3260 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 18:19:20.0255 3260 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning 18:19:20.0255 3260 Adobe LM Service - detected UnsignedFile.Multi.Generic (1) 18:19:20.0361 3260 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 18:19:20.0376 3260 AdobeFlashPlayerUpdateSvc - ok 18:19:20.0440 3260 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 18:19:20.0463 3260 adp94xx - ok 18:19:20.0513 3260 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 18:19:20.0530 3260 adpahci - ok 18:19:20.0553 3260 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 18:19:20.0567 3260 adpu160m - ok 18:19:20.0595 3260 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 18:19:20.0609 3260 adpu320 - ok 18:19:20.0643 3260 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 18:19:20.0740 3260 AeLookupSvc - ok 18:19:20.0808 3260 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 18:19:20.0866 3260 AFD - ok 18:19:20.0897 3260 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 18:19:20.0910 3260 agp440 - ok 18:19:20.0942 3260 ahcix86s (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys 18:19:20.0955 3260 ahcix86s - ok 18:19:20.0974 3260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 18:19:20.0986 3260 aic78xx - ok 18:19:21.0018 3260 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 18:19:21.0138 3260 ALG - ok 18:19:21.0159 3260 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 18:19:21.0172 3260 aliide - ok 18:19:21.0188 3260 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 18:19:21.0201 3260 amdagp - ok 18:19:21.0211 3260 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 18:19:21.0223 3260 amdide - ok 18:19:21.0246 3260 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 18:19:21.0302 3260 AmdK7 - ok 18:19:21.0325 3260 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 18:19:21.0370 3260 AmdK8 - ok 18:19:21.0488 3260 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe 18:19:21.0499 3260 AntiVirSchedulerService - ok 18:19:21.0565 3260 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 18:19:21.0577 3260 AntiVirService - ok 18:19:21.0606 3260 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 18:19:21.0638 3260 Appinfo - ok 18:19:21.0679 3260 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 18:19:21.0692 3260 arc - ok 18:19:21.0710 3260 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 18:19:21.0723 3260 arcsas - ok 18:19:21.0880 3260 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 18:19:21.0892 3260 aspnet_state - ok 18:19:21.0915 3260 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 18:19:21.0973 3260 AsyncMac - ok 18:19:22.0009 3260 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 18:19:22.0022 3260 atapi - ok 18:19:22.0089 3260 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys 18:19:22.0118 3260 atksgt ( UnsignedFile.Multi.Generic ) - warning 18:19:22.0118 3260 atksgt - detected UnsignedFile.Multi.Generic (1) 18:19:22.0213 3260 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 18:19:22.0256 3260 AudioEndpointBuilder - ok 18:19:22.0261 3260 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 18:19:22.0285 3260 Audiosrv - ok 18:19:22.0315 3260 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 18:19:22.0325 3260 avgntflt - ok 18:19:22.0380 3260 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 18:19:22.0392 3260 avipbb - ok 18:19:22.0421 3260 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 18:19:22.0468 3260 Beep - ok 18:19:22.0534 3260 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 18:19:22.0595 3260 BFE - ok 18:19:22.0739 3260 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 18:19:22.0808 3260 BITS - ok 18:19:23.0073 3260 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 18:19:23.0133 3260 blbdrive - ok 18:19:23.0181 3260 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 18:19:23.0231 3260 bowser - ok 18:19:23.0259 3260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 18:19:23.0298 3260 BrFiltLo - ok 18:19:23.0326 3260 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 18:19:23.0367 3260 BrFiltUp - ok 18:19:23.0418 3260 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 18:19:23.0468 3260 Browser - ok 18:19:23.0497 3260 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 18:19:23.0676 3260 Brserid - ok 18:19:23.0700 3260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 18:19:23.0760 3260 BrSerWdm - ok 18:19:23.0789 3260 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 18:19:23.0868 3260 BrUsbMdm - ok 18:19:23.0873 3260 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 18:19:23.0920 3260 BrUsbSer - ok 18:19:23.0951 3260 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 18:19:24.0027 3260 BTHMODEM - ok 18:19:24.0060 3260 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 18:19:24.0143 3260 cdfs - ok 18:19:24.0185 3260 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 18:19:24.0226 3260 cdrom - ok 18:19:24.0243 3260 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 18:19:24.0283 3260 CertPropSvc - ok 18:19:24.0315 3260 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 18:19:24.0361 3260 circlass - ok 18:19:24.0402 3260 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 18:19:24.0418 3260 CLFS - ok 18:19:24.0500 3260 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:19:24.0512 3260 clr_optimization_v2.0.50727_32 - ok 18:19:24.0604 3260 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:19:24.0617 3260 clr_optimization_v4.0.30319_32 - ok 18:19:24.0633 3260 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 18:19:24.0680 3260 CmBatt - ok 18:19:24.0706 3260 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 18:19:24.0718 3260 cmdide - ok 18:19:24.0732 3260 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 18:19:24.0744 3260 Compbatt - ok 18:19:24.0749 3260 COMSysApp - ok 18:19:24.0765 3260 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 18:19:24.0778 3260 crcdisk - ok 18:19:24.0796 3260 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 18:19:24.0844 3260 Crusoe - ok 18:19:24.0906 3260 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll 18:19:24.0966 3260 CryptSvc - ok 18:19:25.0058 3260 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 18:19:25.0127 3260 DcomLaunch - ok 18:19:25.0212 3260 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 18:19:25.0272 3260 DfsC - ok 18:19:25.0506 3260 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 18:19:25.0692 3260 DFSR - ok 18:19:25.0814 3260 dgderdrv - ok 18:19:25.0893 3260 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 18:19:25.0942 3260 Dhcp - ok 18:19:26.0012 3260 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 18:19:26.0025 3260 disk - ok 18:19:26.0074 3260 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 18:19:26.0127 3260 Dnscache - ok 18:19:26.0181 3260 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 18:19:26.0280 3260 dot3svc - ok 18:19:26.0330 3260 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 18:19:26.0375 3260 DPS - ok 18:19:26.0399 3260 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 18:19:26.0453 3260 drmkaud - ok 18:19:26.0505 3260 dtsoftbus01 (b672b993207dd5e2f73fcda8c0427b0f) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 18:19:26.0517 3260 dtsoftbus01 - ok 18:19:26.0616 3260 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 18:19:26.0643 3260 DXGKrnl - ok 18:19:26.0670 3260 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 18:19:26.0713 3260 E1G60 - ok 18:19:26.0752 3260 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 18:19:26.0797 3260 EapHost - ok 18:19:26.0855 3260 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 18:19:26.0869 3260 Ecache - ok 18:19:26.0940 3260 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 18:19:26.0957 3260 ehRecvr - ok 18:19:26.0979 3260 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 18:19:27.0008 3260 ehSched - ok 18:19:27.0028 3260 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 18:19:27.0065 3260 ehstart - ok 18:19:27.0148 3260 eLoggerSvc6 (2a2f1fa78751c9932098529ee1edeb1a) C:\Program Files\Norman\Npm\Bin\Elogsvc.exe 18:19:27.0158 3260 eLoggerSvc6 ( UnsignedFile.Multi.Generic ) - warning 18:19:27.0158 3260 eLoggerSvc6 - detected UnsignedFile.Multi.Generic (1) 18:19:27.0216 3260 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 18:19:27.0236 3260 elxstor - ok 18:19:27.0369 3260 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 18:19:27.0446 3260 EMDMgmt - ok 18:19:27.0461 3260 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 18:19:27.0506 3260 ErrDev - ok 18:19:27.0597 3260 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 18:19:27.0641 3260 EventSystem - ok 18:19:27.0672 3260 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 18:19:27.0711 3260 exfat - ok 18:19:27.0764 3260 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 18:19:27.0803 3260 fastfat - ok 18:19:27.0843 3260 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 18:19:27.0895 3260 fdc - ok 18:19:27.0918 3260 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 18:19:27.0944 3260 fdPHost - ok 18:19:27.0952 3260 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 18:19:27.0995 3260 FDResPub - ok 18:19:28.0016 3260 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 18:19:28.0029 3260 FileInfo - ok 18:19:28.0052 3260 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 18:19:28.0093 3260 Filetrace - ok 18:19:28.0162 3260 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 18:19:28.0224 3260 flpydisk - ok 18:19:28.0336 3260 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 18:19:28.0351 3260 FltMgr - ok 18:19:28.0469 3260 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 18:19:28.0519 3260 FontCache - ok 18:19:28.0617 3260 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 18:19:28.0629 3260 FontCache3.0.0.0 - ok 18:19:28.0717 3260 FSCLBaseUpdaterService (6a4125edbe6d5907d4b1e4514f1f5675) C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe 18:19:28.0740 3260 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - warning 18:19:28.0740 3260 FSCLBaseUpdaterService - detected UnsignedFile.Multi.Generic (1) 18:19:28.0783 3260 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS 18:19:28.0804 3260 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 18:19:28.0804 3260 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 18:19:28.0847 3260 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 18:19:28.0892 3260 Fs_Rec - ok 18:19:28.0935 3260 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 18:19:28.0947 3260 gagp30kx - ok 18:19:29.0007 3260 GbpKm (738a994af1a7cbd40327986fa3254450) C:\Windows\system32\drivers\gbpkm.sys 18:19:29.0018 3260 GbpKm - ok 18:19:29.0078 3260 GbpSv (831dcb0d2e1e1e7a7e1d9a22f2cde330) C:\PROGRA~1\GbPlugin\GbpSv.exe 18:19:29.0090 3260 GbpSv - ok 18:19:29.0187 3260 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 18:19:29.0248 3260 gpsvc - ok 18:19:29.0329 3260 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 18:19:29.0341 3260 gupdate - ok 18:19:29.0345 3260 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 18:19:29.0358 3260 gupdatem - ok 18:19:29.0403 3260 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 18:19:29.0417 3260 gusvc - ok 18:19:29.0455 3260 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys 18:19:29.0465 3260 hamachi - ok 18:19:29.0670 3260 Hamachi2Svc (f31d7f8a7699575dbb3b3a3ab4aa6216) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe 18:19:29.0757 3260 Hamachi2Svc - ok 18:19:29.0941 3260 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 18:19:30.0002 3260 HdAudAddService - ok 18:19:30.0081 3260 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 18:19:30.0173 3260 HDAudBus - ok 18:19:30.0202 3260 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 18:19:30.0265 3260 HidBth - ok 18:19:30.0293 3260 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 18:19:30.0356 3260 HidIr - ok 18:19:30.0441 3260 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 18:19:30.0471 3260 hidserv - ok 18:19:30.0505 3260 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 18:19:30.0548 3260 HidUsb - ok 18:19:30.0590 3260 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 18:19:30.0634 3260 hkmsvc - ok 18:19:30.0679 3260 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 18:19:30.0693 3260 HpCISSs - ok 18:19:30.0763 3260 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 18:19:30.0834 3260 HTTP - ok 18:19:30.0849 3260 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 18:19:30.0862 3260 i2omp - ok 18:19:30.0875 3260 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 18:19:30.0920 3260 i8042prt - ok 18:19:30.0977 3260 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys 18:19:30.0991 3260 iaStor - ok 18:19:31.0023 3260 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 18:19:31.0039 3260 iaStorV - ok 18:19:31.0175 3260 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 18:19:31.0180 3260 IDriverT ( UnsignedFile.Multi.Generic ) - warning 18:19:31.0180 3260 IDriverT - detected UnsignedFile.Multi.Generic (1) 18:19:31.0351 3260 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:19:31.0441 3260 idsvc - ok 18:19:31.0728 3260 igfx (0627fc0c422cd6e0f23e1b0d1d9f0899) C:\Windows\system32\DRIVERS\igdkmd32.sys 18:19:31.0813 3260 igfx - ok 18:19:31.0950 3260 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 18:19:31.0962 3260 iirsp - ok 18:19:32.0044 3260 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 18:19:32.0107 3260 IKEEXT - ok 18:19:32.0352 3260 IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys 18:19:32.0437 3260 IntcAzAudAddService - ok 18:19:32.0602 3260 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 18:19:32.0615 3260 intelide - ok 18:19:32.0628 3260 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 18:19:32.0669 3260 intelppm - ok 18:19:32.0711 3260 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 18:19:32.0757 3260 IPBusEnum - ok 18:19:32.0781 3260 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:19:32.0828 3260 IpFilterDriver - ok 18:19:32.0889 3260 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 18:19:32.0940 3260 iphlpsvc - ok 18:19:32.0944 3260 IpInIp - ok 18:19:32.0968 3260 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 18:19:33.0017 3260 IPMIDRV - ok 18:19:33.0047 3260 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 18:19:33.0072 3260 IPNAT - ok 18:19:33.0089 3260 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 18:19:33.0115 3260 IRENUM - ok 18:19:33.0137 3260 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 18:19:33.0149 3260 isapnp - ok 18:19:33.0219 3260 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 18:19:33.0235 3260 iScsiPrt - ok 18:19:33.0250 3260 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 18:19:33.0262 3260 iteatapi - ok 18:19:33.0272 3260 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 18:19:33.0284 3260 iteraid - ok 18:19:33.0322 3260 JRAID (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys 18:19:33.0438 3260 JRAID - ok 18:19:33.0466 3260 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 18:19:33.0480 3260 kbdclass - ok 18:19:33.0493 3260 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 18:19:33.0536 3260 kbdhid - ok 18:19:33.0590 3260 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 18:19:33.0635 3260 KeyIso - ok 18:19:33.0717 3260 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys 18:19:33.0738 3260 KSecDD - ok 18:19:33.0803 3260 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 18:19:33.0871 3260 KtmRm - ok 18:19:33.0918 3260 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 18:19:33.0960 3260 LanmanServer - ok 18:19:34.0018 3260 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 18:19:34.0057 3260 LanmanWorkstation - ok 18:19:34.0098 3260 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys 18:19:34.0124 3260 lirsgt ( UnsignedFile.Multi.Generic ) - warning 18:19:34.0124 3260 lirsgt - detected UnsignedFile.Multi.Generic (1) 18:19:34.0163 3260 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 18:19:34.0206 3260 lltdio - ok 18:19:34.0261 3260 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 18:19:34.0307 3260 lltdsvc - ok 18:19:34.0337 3260 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 18:19:34.0380 3260 lmhosts - ok 18:19:34.0414 3260 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 18:19:34.0427 3260 LSI_FC - ok 18:19:34.0450 3260 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 18:19:34.0465 3260 LSI_SAS - ok 18:19:34.0482 3260 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 18:19:34.0496 3260 LSI_SCSI - ok 18:19:34.0512 3260 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 18:19:34.0555 3260 luafv - ok 18:19:34.0587 3260 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 18:19:34.0625 3260 Mcx2Svc - ok 18:19:34.0646 3260 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 18:19:34.0661 3260 megasas - ok 18:19:34.0712 3260 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 18:19:34.0734 3260 MegaSR - ok 18:19:34.0770 3260 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 18:19:34.0817 3260 MMCSS - ok 18:19:34.0849 3260 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 18:19:34.0895 3260 Modem - ok 18:19:34.0925 3260 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 18:19:34.0950 3260 monitor - ok 18:19:34.0969 3260 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 18:19:34.0982 3260 mouclass - ok 18:19:34.0996 3260 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 18:19:35.0046 3260 mouhid - ok 18:19:35.0071 3260 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 18:19:35.0084 3260 MountMgr - ok 18:19:35.0112 3260 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 18:19:35.0125 3260 mpio - ok 18:19:35.0150 3260 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 18:19:35.0195 3260 mpsdrv - ok 18:19:35.0271 3260 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 18:19:35.0336 3260 MpsSvc - ok 18:19:35.0368 3260 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 18:19:35.0379 3260 Mraid35x - ok 18:19:35.0415 3260 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 18:19:35.0442 3260 MRxDAV - ok 18:19:35.0485 3260 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:19:35.0550 3260 mrxsmb - ok 18:19:35.0606 3260 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:19:35.0646 3260 mrxsmb10 - ok 18:19:35.0678 3260 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:19:35.0724 3260 mrxsmb20 - ok 18:19:35.0765 3260 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 18:19:35.0779 3260 msahci - ok 18:19:35.0822 3260 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 18:19:35.0835 3260 msdsm - ok 18:19:35.0873 3260 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 18:19:35.0923 3260 MSDTC - ok 18:19:35.0937 3260 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 18:19:35.0969 3260 Msfs - ok 18:19:36.0000 3260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 18:19:36.0011 3260 msisadrv - ok 18:19:36.0048 3260 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 18:19:36.0102 3260 MSiSCSI - ok 18:19:36.0106 3260 msiserver - ok 18:19:36.0126 3260 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 18:19:36.0173 3260 MSKSSRV - ok 18:19:36.0178 3260 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 18:19:36.0215 3260 MSPCLOCK - ok 18:19:36.0220 3260 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 18:19:36.0246 3260 MSPQM - ok 18:19:36.0297 3260 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 18:19:36.0333 3260 MsRPC - ok 18:19:36.0358 3260 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 18:19:36.0370 3260 mssmbios - ok 18:19:36.0375 3260 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 18:19:36.0403 3260 MSTEE - ok 18:19:36.0420 3260 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 18:19:36.0435 3260 Mup - ok 18:19:36.0506 3260 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 18:19:36.0554 3260 napagent - ok 18:19:36.0603 3260 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 18:19:36.0618 3260 NativeWifiP - ok 18:19:36.0715 3260 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 18:19:36.0737 3260 NDIS - ok 18:19:36.0771 3260 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 18:19:36.0808 3260 NdisTapi - ok 18:19:36.0830 3260 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 18:19:36.0856 3260 Ndisuio - ok 18:19:36.0877 3260 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 18:19:36.0915 3260 NdisWan - ok 18:19:36.0939 3260 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 18:19:36.0959 3260 NDProxy - ok 18:19:37.0140 3260 Nero BackItUp Scheduler 3 (b044bb341e164da6750a9b8e6a5ff6a1) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 18:19:37.0192 3260 Nero BackItUp Scheduler 3 - ok 18:19:37.0213 3260 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 18:19:37.0253 3260 NetBIOS - ok 18:19:37.0307 3260 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 18:19:37.0347 3260 netbt - ok 18:19:37.0412 3260 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 18:19:37.0427 3260 Netlogon - ok 18:19:37.0493 3260 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 18:19:37.0539 3260 Netman - ok 18:19:37.0653 3260 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:19:37.0666 3260 NetMsmqActivator - ok 18:19:37.0670 3260 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:19:37.0687 3260 NetPipeActivator - ok 18:19:37.0740 3260 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 18:19:37.0783 3260 netprofm - ok 18:19:37.0787 3260 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:19:37.0800 3260 NetTcpActivator - ok 18:19:37.0807 3260 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:19:37.0820 3260 NetTcpPortSharing - ok 18:19:37.0857 3260 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 18:19:37.0869 3260 nfrd960 - ok 18:19:37.0894 3260 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 18:19:37.0928 3260 NlaSvc - ok 18:19:38.0065 3260 NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 18:19:38.0087 3260 NMIndexingService - ok 18:19:38.0167 3260 Norman ZANDA (d59585f50e86160408db33ba3096d405) C:\Program Files\Norman\Npm\Bin\Zanda.exe 18:19:38.0207 3260 Norman ZANDA ( UnsignedFile.Multi.Generic ) - warning 18:19:38.0208 3260 Norman ZANDA - detected UnsignedFile.Multi.Generic (1) 18:19:38.0242 3260 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 18:19:38.0281 3260 Npfs - ok 18:19:38.0429 3260 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 18:19:38.0479 3260 nsi - ok 18:19:38.0547 3260 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 18:19:38.0591 3260 nsiproxy - ok 18:19:38.0738 3260 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 18:19:38.0802 3260 Ntfs - ok 18:19:38.0822 3260 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 18:19:38.0865 3260 ntrigdigi - ok 18:19:38.0875 3260 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 18:19:38.0925 3260 Null - ok 18:19:39.0011 3260 NVOY (1e60fbb015999c1929e46847a3448e24) C:\Program Files\Norman\npm\bin\nvoy.exe 18:19:39.0019 3260 NVOY ( UnsignedFile.Multi.Generic ) - warning 18:19:39.0019 3260 NVOY - detected UnsignedFile.Multi.Generic (1) 18:19:39.0056 3260 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 18:19:39.0070 3260 nvraid - ok 18:19:39.0090 3260 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 18:19:39.0102 3260 nvstor - ok 18:19:39.0125 3260 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 18:19:39.0139 3260 nv_agp - ok 18:19:39.0143 3260 NwlnkFlt - ok 18:19:39.0153 3260 NwlnkFwd - ok 18:19:39.0256 3260 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:19:39.0277 3260 odserv - ok 18:19:39.0317 3260 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 18:19:39.0358 3260 ohci1394 - ok 18:19:39.0418 3260 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:19:39.0442 3260 ose - ok 18:19:39.0547 3260 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 18:19:39.0608 3260 p2pimsvc - ok 18:19:39.0618 3260 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 18:19:39.0665 3260 p2psvc - ok 18:19:39.0710 3260 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 18:19:39.0752 3260 Parport - ok 18:19:39.0814 3260 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 18:19:39.0827 3260 partmgr - ok 18:19:39.0851 3260 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 18:19:39.0912 3260 Parvdm - ok 18:19:39.0955 3260 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 18:19:39.0995 3260 PcaSvc - ok 18:19:40.0000 3260 pccsmcfd - ok 18:19:40.0061 3260 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 18:19:40.0076 3260 pci - ok 18:19:40.0085 3260 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 18:19:40.0098 3260 pciide - ok 18:19:40.0122 3260 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 18:19:40.0136 3260 pcmcia - ok 18:19:40.0251 3260 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 18:19:40.0339 3260 PEAUTH - ok 18:19:40.0520 3260 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 18:19:40.0627 3260 pla - ok 18:19:40.0771 3260 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe 18:19:40.0792 3260 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning 18:19:40.0792 3260 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1) 18:19:40.0846 3260 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 18:19:40.0894 3260 PlugPlay - ok 18:19:40.0973 3260 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe 18:19:40.0985 3260 PnkBstrA - ok 18:19:41.0102 3260 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 18:19:41.0127 3260 PNRPAutoReg - ok 18:19:41.0136 3260 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 18:19:41.0162 3260 PNRPsvc - ok 18:19:41.0237 3260 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 18:19:41.0294 3260 PolicyAgent - ok 18:19:41.0373 3260 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 18:19:41.0418 3260 PptpMiniport - ok 18:19:41.0447 3260 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 18:19:41.0494 3260 Processor - ok 18:19:41.0544 3260 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 18:19:41.0567 3260 ProfSvc - ok 18:19:41.0612 3260 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 18:19:41.0626 3260 ProtectedStorage - ok 18:19:41.0673 3260 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 18:19:41.0694 3260 PSched - ok 18:19:41.0725 3260 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 18:19:41.0735 3260 PxHelp20 - ok 18:19:41.0858 3260 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 18:19:41.0943 3260 ql2300 - ok 18:19:41.0976 3260 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 18:19:41.0990 3260 ql40xx - ok 18:19:42.0039 3260 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 18:19:42.0077 3260 QWAVE - ok 18:19:42.0116 3260 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 18:19:42.0130 3260 QWAVEdrv - ok 18:19:42.0148 3260 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 18:19:42.0198 3260 RasAcd - ok 18:19:42.0237 3260 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 18:19:42.0284 3260 RasAuto - ok 18:19:42.0316 3260 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:19:42.0356 3260 Rasl2tp - ok 18:19:42.0415 3260 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 18:19:42.0459 3260 RasMan - ok 18:19:42.0492 3260 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 18:19:42.0528 3260 RasPppoe - ok 18:19:42.0559 3260 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 18:19:42.0575 3260 RasSstp - ok 18:19:42.0641 3260 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 18:19:42.0684 3260 rdbss - ok 18:19:42.0720 3260 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:19:42.0761 3260 RDPCDD - ok 18:19:42.0807 3260 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 18:19:42.0834 3260 rdpdr - ok 18:19:42.0840 3260 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 18:19:42.0866 3260 RDPENCDD - ok 18:19:42.0915 3260 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys 18:19:42.0950 3260 RDPWD - ok 18:19:42.0993 3260 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 18:19:43.0019 3260 RemoteAccess - ok 18:19:43.0068 3260 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 18:19:43.0090 3260 RemoteRegistry - ok 18:19:43.0114 3260 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 18:19:43.0149 3260 RpcLocator - ok 18:19:43.0235 3260 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 18:19:43.0264 3260 RpcSs - ok 18:19:43.0307 3260 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 18:19:43.0355 3260 rspndr - ok 18:19:43.0406 3260 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys 18:19:43.0483 3260 RTL8169 - ok 18:19:43.0530 3260 RTL8187B (c279a9a9f946359548e5665c0e8bab15) C:\Windows\system32\DRIVERS\RTL8187B.sys 18:19:43.0573 3260 RTL8187B - ok 18:19:43.0709 3260 RTSTOR (5717e47c952382e7166448517f030787) C:\Windows\system32\drivers\RTSTOR.SYS 18:19:43.0785 3260 RTSTOR - ok 18:19:43.0823 3260 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 18:19:43.0837 3260 SamSs - ok 18:19:43.0914 3260 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 18:19:43.0924 3260 SASDIFSV - ok 18:19:43.0947 3260 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 18:19:43.0958 3260 SASKUTIL - ok 18:19:43.0982 3260 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 18:19:43.0994 3260 sbp2port - ok 18:19:44.0055 3260 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 18:19:44.0077 3260 SCardSvr - ok 18:19:44.0170 3260 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 18:19:44.0238 3260 Schedule - ok 18:19:44.0285 3260 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 18:19:44.0305 3260 SCPolicySvc - ok 18:19:44.0336 3260 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 18:19:44.0376 3260 SDRSVC - ok 18:19:44.0414 3260 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 18:19:44.0482 3260 secdrv - ok 18:19:44.0537 3260 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 18:19:44.0565 3260 seclogon - ok 18:19:44.0584 3260 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 18:19:44.0629 3260 SENS - ok 18:19:44.0659 3260 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 18:19:44.0701 3260 Serenum - ok 18:19:44.0724 3260 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 18:19:44.0782 3260 Serial - ok 18:19:44.0811 3260 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 18:19:44.0836 3260 sermouse - ok 18:19:44.0865 3260 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 18:19:44.0893 3260 SessionEnv - ok 18:19:44.0911 3260 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 18:19:44.0931 3260 sffdisk - ok 18:19:44.0943 3260 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 18:19:44.0991 3260 sffp_mmc - ok 18:19:44.0997 3260 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 18:19:45.0029 3260 sffp_sd - ok 18:19:45.0036 3260 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 18:19:45.0090 3260 sfloppy - ok 18:19:45.0174 3260 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 18:19:45.0225 3260 SharedAccess - ok 18:19:45.0311 3260 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 18:19:45.0329 3260 ShellHWDetection - ok 18:19:45.0343 3260 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 18:19:45.0357 3260 sisagp - ok 18:19:45.0379 3260 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 18:19:45.0392 3260 SiSRaid2 - ok 18:19:45.0417 3260 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 18:19:45.0431 3260 SiSRaid4 - ok 18:19:45.0797 3260 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 18:19:45.0958 3260 Skype C2C Service - ok 18:19:46.0066 3260 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 18:19:46.0077 3260 SkypeUpdate - ok 18:19:46.0567 3260 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 18:19:46.0777 3260 slsvc - ok 18:19:46.0934 3260 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 18:19:46.0973 3260 SLUINotify - ok 18:19:47.0024 3260 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 18:19:47.0063 3260 Smb - ok 18:19:47.0106 3260 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 18:19:47.0121 3260 SNMPTRAP - ok 18:19:47.0144 3260 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 18:19:47.0158 3260 spldr - ok 18:19:47.0208 3260 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 18:19:47.0240 3260 Spooler - ok 18:19:47.0309 3260 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 18:19:47.0335 3260 srv - ok 18:19:47.0393 3260 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 18:19:47.0446 3260 srv2 - ok 18:19:47.0501 3260 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 18:19:47.0537 3260 srvnet - ok 18:19:47.0583 3260 sscebus (b2063ce662af3ab20045121a5b716df6) C:\Windows\system32\DRIVERS\sscebus.sys 18:19:47.0609 3260 sscebus - ok 18:19:47.0619 3260 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\Windows\system32\DRIVERS\sscemdfl.sys 18:19:47.0629 3260 sscemdfl - ok 18:19:47.0659 3260 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\Windows\system32\DRIVERS\sscemdm.sys 18:19:47.0680 3260 sscemdm - ok 18:19:47.0742 3260 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 18:19:47.0799 3260 SSDPSRV - ok 18:19:47.0838 3260 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 18:19:47.0847 3260 ssmdrv - ok 18:19:47.0876 3260 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 18:19:47.0892 3260 SstpSvc - ok 18:19:47.0948 3260 Steam Client Service - ok 18:19:48.0025 3260 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 18:19:48.0088 3260 stisvc - ok 18:19:48.0121 3260 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 18:19:48.0134 3260 swenum - ok 18:19:48.0206 3260 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 18:19:48.0257 3260 swprv - ok 18:19:48.0296 3260 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 18:19:48.0308 3260 Symc8xx - ok 18:19:48.0330 3260 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 18:19:48.0342 3260 Sym_hi - ok 18:19:48.0358 3260 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 18:19:48.0370 3260 Sym_u3 - ok 18:19:48.0438 3260 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 18:19:48.0501 3260 SysMain - ok 18:19:48.0539 3260 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 18:19:48.0557 3260 TabletInputService - ok 18:19:48.0622 3260 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 18:19:48.0668 3260 TapiSrv - ok 18:19:48.0697 3260 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 18:19:48.0748 3260 TBS - ok 18:19:48.0925 3260 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys 18:19:48.0976 3260 Tcpip - ok 18:19:48.0991 3260 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys 18:19:49.0116 3260 Tcpip6 - ok 18:19:49.0174 3260 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 18:19:49.0188 3260 tcpipreg - ok 18:19:49.0226 3260 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 18:19:49.0266 3260 TDPIPE - ok 18:19:49.0302 3260 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 18:19:49.0327 3260 TDTCP - ok 18:19:49.0358 3260 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 18:19:49.0391 3260 tdx - ok 18:19:49.0782 3260 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe 18:19:49.0927 3260 TeamViewer7 - ok 18:19:50.0130 3260 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 18:19:50.0144 3260 TermDD - ok 18:19:50.0231 3260 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 18:19:50.0301 3260 TermService - ok 18:19:50.0436 3260 TestHandler (250b9120c7c103afdc0c6643f9691055) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe 18:19:50.0461 3260 TestHandler ( UnsignedFile.Multi.Generic ) - warning 18:19:50.0461 3260 TestHandler - detected UnsignedFile.Multi.Generic (1) 18:19:50.0521 3260 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 18:19:50.0539 3260 Themes - ok 18:19:50.0569 3260 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 18:19:50.0595 3260 THREADORDER - ok 18:19:50.0624 3260 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 18:19:50.0653 3260 TrkWks - ok 18:19:50.0721 3260 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 18:19:50.0742 3260 TrustedInstaller - ok 18:19:50.0779 3260 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:19:50.0821 3260 tssecsrv - ok 18:19:50.0846 3260 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 18:19:50.0877 3260 tunmp - ok 18:19:50.0914 3260 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 18:19:50.0928 3260 tunnel - ok 18:19:50.0953 3260 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 18:19:50.0967 3260 uagp35 - ok 18:19:51.0029 3260 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 18:19:51.0065 3260 udfs - ok 18:19:51.0110 3260 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 18:19:51.0164 3260 UI0Detect - ok 18:19:51.0196 3260 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 18:19:51.0209 3260 uliagpkx - ok 18:19:51.0244 3260 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 18:19:51.0269 3260 uliahci - ok 18:19:51.0297 3260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 18:19:51.0309 3260 UlSata - ok 18:19:51.0336 3260 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 18:19:51.0361 3260 ulsata2 - ok 18:19:51.0383 3260 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 18:19:51.0430 3260 umbus - ok 18:19:51.0483 3260 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 18:19:51.0532 3260 upnphost - ok 18:19:51.0554 3260 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 18:19:51.0589 3260 usbccgp - ok 18:19:51.0615 3260 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 18:19:51.0659 3260 usbcir - ok 18:19:51.0701 3260 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 18:19:51.0721 3260 usbehci - ok 18:19:51.0785 3260 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 18:19:51.0831 3260 usbhub - ok 18:19:51.0853 3260 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 18:19:51.0896 3260 usbohci - ok 18:19:51.0934 3260 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 18:19:51.0977 3260 usbprint - ok 18:19:52.0006 3260 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:19:52.0044 3260 USBSTOR - ok 18:19:52.0071 3260 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 18:19:52.0092 3260 usbuhci - ok 18:19:52.0129 3260 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 18:19:52.0173 3260 usbvideo - ok 18:19:52.0208 3260 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 18:19:52.0254 3260 UxSms - ok 18:19:52.0326 3260 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 18:19:52.0392 3260 vds - ok 18:19:52.0418 3260 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 18:19:52.0459 3260 vga - ok 18:19:52.0484 3260 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 18:19:52.0527 3260 VgaSave - ok 18:19:52.0566 3260 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 18:19:52.0580 3260 viaagp - ok 18:19:52.0596 3260 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 18:19:52.0621 3260 ViaC7 - ok 18:19:52.0635 3260 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 18:19:52.0649 3260 viaide - ok 18:19:52.0675 3260 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 18:19:52.0688 3260 volmgr - ok 18:19:52.0757 3260 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 18:19:52.0774 3260 volmgrx - ok 18:19:52.0834 3260 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 18:19:52.0850 3260 volsnap - ok 18:19:52.0878 3260 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 18:19:52.0903 3260 vsmraid - ok 18:19:53.0057 3260 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 18:19:53.0164 3260 VSS - ok 18:19:53.0249 3260 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 18:19:53.0276 3260 W32Time - ok 18:19:53.0323 3260 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 18:19:53.0365 3260 WacomPen - ok 18:19:53.0380 3260 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 18:19:53.0426 3260 Wanarp - ok 18:19:53.0430 3260 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 18:19:53.0453 3260 Wanarpv6 - ok 18:19:53.0529 3260 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 18:19:53.0553 3260 wcncsvc - ok 18:19:53.0586 3260 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 18:19:53.0610 3260 WcsPlugInService - ok 18:19:53.0617 3260 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 18:19:53.0630 3260 Wd - ok 18:19:53.0694 3260 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 18:19:53.0730 3260 Wdf01000 - ok 18:19:53.0789 3260 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 18:19:53.0855 3260 WdiServiceHost - ok 18:19:53.0859 3260 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 18:19:53.0888 3260 WdiSystemHost - ok 18:19:53.0997 3260 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 18:19:54.0044 3260 WebClient - ok 18:19:54.0097 3260 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 18:19:54.0137 3260 Wecsvc - ok 18:19:54.0170 3260 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 18:19:54.0215 3260 wercplsupport - ok 18:19:54.0306 3260 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 18:19:54.0329 3260 WerSvc - ok 18:19:54.0403 3260 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 18:19:54.0420 3260 WinDefend - ok 18:19:54.0437 3260 WinHttpAutoProxySvc - ok 18:19:54.0524 3260 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 18:19:54.0545 3260 Winmgmt - ok 18:19:54.0701 3260 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 18:19:54.0798 3260 WinRM - ok 18:19:54.0901 3260 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 18:19:54.0926 3260 Wlansvc - ok 18:19:55.0186 3260 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:19:55.0261 3260 wlidsvc - ok 18:19:55.0408 3260 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 18:19:55.0450 3260 WmiAcpi - ok 18:19:55.0547 3260 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 18:19:55.0581 3260 wmiApSrv - ok 18:19:55.0747 3260 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 18:19:55.0788 3260 WMPNetworkSvc - ok 18:19:55.0850 3260 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 18:19:55.0879 3260 WPCSvc - ok 18:19:55.0925 3260 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 18:19:55.0964 3260 WPDBusEnum - ok 18:19:56.0036 3260 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 18:19:56.0075 3260 WpdUsb - ok 18:19:56.0280 3260 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 18:19:56.0311 3260 WPFFontCache_v0400 - ok 18:19:56.0338 3260 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 18:19:56.0386 3260 ws2ifsl - ok 18:19:56.0439 3260 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 18:19:56.0481 3260 wscsvc - ok 18:19:56.0489 3260 WSearch - ok 18:19:56.0710 3260 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 18:19:56.0803 3260 wuauserv - ok 18:19:56.0934 3260 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:19:56.0959 3260 WUDFRd - ok 18:19:56.0989 3260 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 18:19:57.0029 3260 wudfsvc - ok 18:19:57.0063 3260 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 18:19:57.0566 3260 \Device\Harddisk0\DR0 - ok 18:19:57.0570 3260 Boot (0x1200) (99facc3fea4ad7366d9755f936ef2d3b) \Device\Harddisk0\DR0\Partition0 18:19:57.0574 3260 \Device\Harddisk0\DR0\Partition0 - ok 18:19:57.0596 3260 Boot (0x1200) (67abae8f8fb273417c4436ab0248a925) \Device\Harddisk0\DR0\Partition1 18:19:57.0598 3260 \Device\Harddisk0\DR0\Partition1 - ok 18:19:57.0598 3260 ============================================================ 18:19:57.0598 3260 Scan finished 18:19:57.0598 3260 ============================================================ 18:19:57.0612 4072 Detected object count: 12 18:19:57.0612 4072 Actual detected object count: 12 18:20:09.0454 4072 ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0454 4072 ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:09.0459 4072 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0459 4072 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:09.0461 4072 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0461 4072 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:09.0464 4072 eLoggerSvc6 ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0464 4072 eLoggerSvc6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:09.0466 4072 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0466 4072 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:09.0469 4072 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0469 4072 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:09.0472 4072 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0472 4072 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:09.0475 4072 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0475 4072 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:09.0478 4072 Norman ZANDA ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0478 4072 Norman ZANDA ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:09.0481 4072 NVOY ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0481 4072 NVOY ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:09.0484 4072 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0484 4072 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:09.0486 4072 TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user 18:20:09.0486 4072 TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip Achja der QuickTest von MAM fehlt noch hier isser: HTML-Code: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.10.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 TimTobias :: DERCOMPUTER [limited] 03.08.2012 18:24:31 mbam-log-2012-08-03 (18-29-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 166038 Time elapsed: 4 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files\PermissionResearch (Spyware.PermissionResearch) -> Delete on reboot. Files Detected: 4 C:\Program Files\PermissionResearch\prls.dll (Spyware.PermissionResearch) -> Delete on reboot. C:\Program Files\PermissionResearch\prls64.dll (Spyware.PermissionResearch) -> Delete on reboot. C:\Program Files\PermissionResearch\prmrsr64.exe (Spyware.PermissionResearch) -> Delete on reboot. C:\Program Files\PermissionResearch\prservice.exe (Spyware.PermissionResearch) -> Delete on reboot. (end) |
|
03.08.2012, 20:48
| #4 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Hi, eine neue Variante (oder Reste), keiner erkennt ihn bis auf GMER: Library c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [4088] Das wird jetzt spannend... OSAM Prüft Programme/Treiber die gestartet werden online. Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread. Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Rechner in den abgesicherten Modus (F8 beim Booten) hochfahren. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... Erstelle und poste auch ein neues OTL-Log... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
04.08.2012, 14:24
| #5 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund So ertmal die Osam text datei: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:57:43 on 03.08.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job" - "Facebook Inc." - C:\Users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job" - "Facebook Inc." - C:\Users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "DriverEasy Scheduled Scan.job" - "Easeware" - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys "ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV09.sys "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys (File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "Gbp KernelMode" (GbpKm) - "GAS Tecnologia" - C:\Windows\System32\drivers\gbpkm.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfd.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {E37CB5F0-51F5-4395-A808-5FA49E399F83} "GbPluginObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {98C11555-BC81-40aa-A053-DAADC5630000} "GbExplorerPersistObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll {E37CB5F0-51F5-4395-A808-5FA49E399F83} "GbPluginObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {C41A1C0E-EA6C-11D4-B1B8-444553540000} "GbIehObj Class" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe "Gbp Service" (GbpSv) - " " - C:\PROGRA~1\GbPlugin\GbpSv.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Norman ZANDA" (Norman ZANDA) - "Norman ASA" - C:\Program Files\Norman\Npm\Bin\Zanda.exe "Norman's Very Own supplY of resources" (NVOY) - "Norman ASA" - C:\Program Files\Norman\npm\bin\nvoy.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE "Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- " GbPluginBb" - "Banco do Brasil" - C:\Program Files\GbPlugin\gbieh.dll "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== Das ist der Combo Fix Suchlauf Combofix Logfile: Code:
ATTFilter ComboFix 12-08-04.02 - Gabi 04.08.2012 14:59:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2936.1789 [GMT 0:00]
ausgeführt von:: c:\users\TimTobias\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\PermissionResearch
c:\program files\PermissionResearch\prls.dll
c:\program files\PermissionResearch\prls64.dll
c:\program files\PermissionResearch\prmrsr64.exe
c:\program files\PermissionResearch\prservice.exe
c:\users\Gabi\AppData\Roaming\Uninstal.exe
c:\users\Juergen\AppData\Roaming\kikin
c:\users\Juergen\AppData\Roaming\kikin\ff_kkes.xml
c:\users\Juergen\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Juergen\AppData\Roaming\kikin\ie_kkes.xml
c:\users\Juergen\AppData\Roaming\kikin\ie_settings.xml
c:\users\Juergen\AppData\Roaming\Uninstal.exe
c:\users\TimTobias\AppData\Roaming\kikin
c:\users\TimTobias\AppData\Roaming\kikin\ie_configuration.xml
c:\users\TimTobias\AppData\Roaming\kikin\ie_kkes.xml
c:\users\TimTobias\AppData\Roaming\kikin\ie_settings.xml
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-04 bis 2012-08-04 ))))))))))))))))))))))))))))))
.
.
2012-08-04 14:55 . 2012-08-04 14:55 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-08-04 01:57 . 2012-08-04 01:57 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F22D769-1B1D-4EE2-BBED-75EF8CF93924}\offreg.dll
2012-08-03 09:34 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F22D769-1B1D-4EE2-BBED-75EF8CF93924}\mpengine.dll
2012-08-02 12:59 . 2012-08-02 12:59 -------- d-----w- c:\users\Gabi\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 21:41 . 2012-07-28 21:41 -------- d-----w- c:\program files\THQ
2012-07-22 19:20 . 2012-08-03 18:38 -------- d-----w- c:\program files\Steam
2012-07-18 23:48 . 2012-07-18 23:48 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-07-18 23:47 . 2012-07-18 23:47 -------- d-----w- c:\users\Gabi\AppData\Local\PunkBuster
2012-07-18 22:53 . 2012-07-18 23:48 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-18 22:53 . 2012-07-18 22:53 138056 ----a-w- c:\users\Gabi\AppData\Roaming\PnkBstrK.sys
2012-07-18 22:52 . 2012-07-18 23:48 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-18 22:52 . 2012-07-18 22:52 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-18 22:52 . 2012-07-18 22:52 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-07-18 22:03 . 2012-07-18 22:03 -------- d-----w- c:\program files\EA Games
2012-07-12 09:38 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 19:09 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 19:09 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 19:09 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 19:08 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 19:08 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 19:08 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 20:16 . 2012-07-10 20:16 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-07-08 23:47 . 2012-07-12 23:59 -------- d-----w- c:\users\TimTobias\riotsGamesLogs
2012-07-05 18:45 . 2012-07-05 18:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 16:56 . 2012-06-06 16:56 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-06 16:56 . 2010-12-28 19:41 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-24 13:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 13:00 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 12:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 12:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 13:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-24 13:00 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-24 12:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 15:19 . 2012-06-24 12:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 15:12 . 2012-06-24 12:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 12:25 . 2010-09-12 01:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-05-09 09:01 1313864 ----a-w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 22:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSC OSD Utility]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-06-18 12:25 268096 ----a-w- c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-12 08:59 170520 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Manager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 12:29 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
2007-12-17 12:37 273520 ----a-w- c:\program files\Norman\Npm\Bin\Zlh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-07-02 17:41 3093624 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-12 09:00 145944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-02-26 01:23 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-16 17:01 6253088 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 08:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:01]
.
2011-11-28 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2011-11-12 12:38]
.
2012-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\1glfvulm.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\/\KiesTrayAgent.exe
MSConfigStartUp-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe
AddRemove-Minecraft 1.2.0_02 - c:\users\Gabi\AppData\Roaming\Uninstal.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-04 15:07
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-796801859-272985792-655912762-1005\Software\SecuROM\License information*]
"datasecu"=hex:79,dc,a6,16,b4,73,e6,d5,25,ee,79,5e,a1,1f,b2,15,60,ce,9f,fd,f8,
5b,87,23,e1,69,7a,63,53,11,00,ab,f9,56,cb,03,09,03,ac,11,da,cd,9a,96,fc,8b,\
"rkeysecu"=hex:51,57,33,cb,ac,7d,61,a1,4b,7f,00,15,3d,00,b6,83
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(228)
c:\windows\system32\n
.
Zeit der Fertigstellung: 2012-08-04 15:09:54
ComboFix-quarantined-files.txt 2012-08-04 15:09
.
Vor Suchlauf: 6.341.738.496 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 65.036.894.208 Bytes frei
.
- - End Of File - - 693E43DDE12049DBEE14C875B5C24821
Nebenbei gesagt hatt sich das Antivir lange nicht mehr wegen dem ATRAPS.gen gemeldet. Gruß Tim Tschuldigung für den Doppelpost aber der "ATRAPS.gen" und "ATRAPS.gen2" Trojaner wird immer noch gefunden und zudem öffnet sich jetzt oft immer eine Anzeige die sacht "Hostprozesse für Windows-DInste funktionieren nicht mehr". |
|
04.08.2012, 18:32
| #6 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Hi, nachmal die Frage noch Homebanking-SW, hast Du da was auf dem Rechner? Ich würde gerne den Treiber der "Banco de Brasil" entfernen... Auch Combofix findet das Rootkit nicht, ein Versuch noch mit Hitmann... Wie lautet genau die Anzeige von Avira? Hitman Lade Dir die passende Version von Hitman runter (32/64Bit), laufen lassen und Log posten. ACHTUNG: Firewall muss für Hitman geöffnet sein (Zugriff unbedingt erlauben!) Downloads - SurfRight Für die Beseitigung kann eine temp. Lizenz (30 Tage) georderter werden (gibt dazu einen Reiter ;o)... . Nach den 30 Tagen deinstallieren, dann entfernt er nichts mehr (außer Ihr erwerbt eine Lizenz)... chris
__________________ --> "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund |
|
04.08.2012, 19:31
| #7 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Kann gerne gelöscht werden, dass muss wohl ein Freund von mir damals durch die nutzung der Bank Installiert haben. Und den HitmanPro hab ich durchlaufen lassen allerdings kein Log bekommen. :/ In Quarantäne hatt er die ComboFix.exe gesteckt und entfernt hatt er eine Datei unter AppData\Local\"...." names N. ALlerdings bekomme ich immer noch die Meldungen von Avira. :/ |
|
05.08.2012, 19:39
| #8 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Hi, poste mal die (genaue) Meldung von Avira. Die Datei die Hitman gefunden hat sollte die hier sein: c:\windows\system32\n OTL:
Code:
ATTFilter :OTL
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Combofix neu runterlanden [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url und wie folgt vorgehen: ComboFix-Script Die nachfolgenden Zeilen (ohne Zitat!) abkopieren und in den Windows-Editor(start->Programme->zubehör->edior) kopieren und auf dem Desktop unter dem Namen "CFScript.txt" speichern (ohne Anführungszeichen!). Code:
ATTFilter
Folder::
c:\windows\system32\n
(Maustaste loslassen, nennt man "Drag-and-Drop";o). Jetzt sollte combofix starten und das script ausführen, poste das combofix-Log! chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
20.08.2012, 07:39
| #9 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund So da binich wieder. Entschuldige das es so lange gedauert hatt ich hätte villeicht sagen sollen das ich in den Urlaub gehe. Ich habe jetzt seit sehr langem keine Meldung mehr bekommen. Hier aber erstmal die Logs: OTL HTML-Code: All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\ deleted successfully.
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb\ deleted successfully.
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83}\ .
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
User: Default User
User: Gabi
->Temp folder emptied: 26192765 bytes
->Temporary Internet Files folder emptied: 9831521 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 343 bytes
User: Juergen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: TimTobias
->Temp folder emptied: 5063808 bytes
->Temporary Internet Files folder emptied: 38511378 bytes
->Java cache emptied: 2450390 bytes
->FireFox cache emptied: 120115216 bytes
->Flash cache emptied: 84165 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1310728193 bytes
RecycleBin emptied: 2064248 bytes
Total Files Cleaned = 1.445,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 08202012_005649
Files\Folders moved on Reboot...
File move failed. C:\Programme\GbPlugin\gbieh.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot... Combofix Logfile: Code:
ATTFilter ComboFix 12-08-18.03 - Gabi 20.08.2012 1:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2936.1887 [GMT 0:00]
ausgeführt von:: c:\users\TimTobias\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\TimTobias\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-20 bis 2012-08-20 ))))))))))))))))))))))))))))))
.
.
2012-08-20 01:36 . 2012-08-20 01:37 -------- d-----w- c:\users\Gabi\AppData\Local\temp
2012-08-20 01:36 . 2012-08-20 01:36 -------- d-----w- c:\users\TimTobias\AppData\Local\temp
2012-08-20 01:36 . 2012-08-20 01:36 -------- d-----w- c:\users\Juergen\AppData\Local\temp
2012-08-20 01:36 . 2012-08-20 01:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 15:02 . 2012-08-18 15:02 -------- d-----w- c:\users\TimTobias\AppData\Roaming\MAGIX
2012-08-18 15:01 . 2012-08-18 15:01 -------- d-----w- c:\users\Gabi\AppData\Roaming\MAGIX
2012-08-18 14:55 . 2012-08-18 16:44 -------- d-----w- c:\programdata\MAGIX
2012-08-18 14:54 . 2012-08-18 14:54 -------- d-----w- c:\program files\MSXML 4.0
2012-08-18 14:30 . 2012-08-18 14:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-08-18 14:23 . 2012-08-18 14:23 -------- d-----w- c:\users\TimTobias\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-17 12:04 . 2012-08-18 13:27 -------- d-----w- c:\programdata\ScreenVCR
2012-08-17 12:04 . 2012-08-17 12:04 -------- d-----w- c:\program files\TotalScreenRecorder_Gold
2012-08-17 12:04 . 2003-08-27 15:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-17 12:04 . 2003-03-19 13:19 1060864 ----a-w- c:\windows\system32\MFC71.dll
2012-08-17 12:04 . 2003-02-21 20:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-08-17 11:50 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BFCD025-3CDF-441C-95DB-ED17A7E4D126}\mpengine.dll
2012-08-15 12:30 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-04 20:52 . 2012-08-04 20:52 -------- d-----w- c:\programdata\RoboForm
2012-08-04 20:21 . 2012-08-04 20:21 -------- d-----w- c:\program files\HitmanPro
2012-08-04 20:14 . 2012-08-04 20:14 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-08-04 20:06 . 2012-08-04 20:12 -------- d-----w- c:\programdata\HitmanPro
2012-08-04 14:55 . 2012-08-20 01:21 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-08-02 12:59 . 2012-08-02 12:59 -------- d-----w- c:\users\Gabi\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 21:41 . 2012-07-28 21:41 -------- d-----w- c:\program files\THQ
2012-07-22 19:20 . 2012-08-20 01:00 -------- d-----w- c:\program files\Steam
2012-07-21 07:11 . 2012-07-21 07:11 65536 ----a-w- c:\windows\system32\frapsvid.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 23:48 . 2012-07-18 22:53 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-18 23:48 . 2012-07-18 23:48 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-07-18 23:48 . 2012-07-18 22:52 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-18 22:53 . 2012-07-18 22:53 138056 ----a-w- c:\users\Gabi\AppData\Roaming\PnkBstrK.sys
2012-07-18 22:52 . 2012-07-18 22:52 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-18 22:52 . 2012-07-18 22:52 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-06-06 20:59 . 2012-06-06 20:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 16:56 . 2012-06-06 16:56 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-06 16:56 . 2010-12-28 19:41 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 16:47 . 2012-07-11 19:09 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 19:09 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 19:08 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-24 13:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 13:00 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 12:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 12:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 13:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-24 13:00 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-24 12:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 15:19 . 2012-06-24 12:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 15:12 . 2012-06-24 12:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 19:08 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 19:08 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 12:25 . 2010-09-12 01:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-05-09 09:01 1313864 ----a-w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 22:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSC OSD Utility]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-06-18 12:25 268096 ----a-w- c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-12 08:59 170520 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Manager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 12:29 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
2007-12-17 12:37 273520 ----a-w- c:\program files\Norman\Npm\Bin\Zlh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-07-02 17:41 3093624 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-12 09:00 145944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-02-26 01:23 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-16 17:01 6253088 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 08:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:01]
.
2011-11-28 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2011-11-12 12:38]
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job
- c:\users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-23 23:26]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-02 21:03]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\1glfvulm.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-20 01:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-796801859-272985792-655912762-1005\Software\SecuROM\License information*]
"datasecu"=hex:79,dc,a6,16,b4,73,e6,d5,25,ee,79,5e,a1,1f,b2,15,60,ce,9f,fd,f8,
5b,87,23,e1,69,7a,63,53,11,00,ab,f9,56,cb,03,09,03,ac,11,da,cd,9a,96,fc,8b,\
"rkeysecu"=hex:51,57,33,cb,ac,7d,61,a1,4b,7f,00,15,3d,00,b6,83
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-08-20 01:42:35
ComboFix-quarantined-files.txt 2012-08-20 01:42
ComboFix2.txt 2012-08-04 15:09
.
Vor Suchlauf: 21 Verzeichnis(se), 32.421.163.008 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 48.373.886.976 Bytes frei
.
- - End Of File - - 9599920AF29709FBC0891EBB2DAF53B6
Zudem hab ich allerdings nu das Problem das ich meinen Desktop nicht mehr bearbeiten kann. Immer wenn ich ein Desktop-Item verschiebe und darauf hin den Desktop aktuallisiere, springt das Item zurück zum Linken Rand. Bei google konnte ich keine Passende Lösung finden und\oder sie hatt nichts genützt. Mit dem ausrichten und Desktop-Einstellungen hab ich auch schon rumprobiert. Nunja, nochmals entschuldigung das ich mich so lange nicht meldete. Ich hoffe du hast nicht vergebens auf mich gewartet. Hahaha  Gruß Tim |
|
20.08.2012, 08:05
| #10 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Hi, heute bin ich allerdings den letzten Tag hier, dann bin ich in Urlaub... Erstelle und poste ein neues OTL-log... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
20.08.2012, 12:21
| #11 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Hehe, tja dann muss ich wohl auch einmal warten.  Wohin gehts denn ? Naja hier ist der OTL-Log ersteinmal. OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.08.2012 13:04:18 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TimTobias\Desktop\Nette Progs Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 69,23% Memory free 5,96 Gb Paging File | 4,92 Gb Available in Paging File | 82,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,84 Gb Total Space | 26,89 Gb Free Space | 8,85% Space Free | Partition Type: NTFS Drive D: | 152,92 Gb Total Space | 148,62 Gb Free Space | 97,19% Space Free | Partition Type: NTFS Computer Name: DERCOMPUTER | User Name: Gabi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\GbPlugin\gbpsv.exe ( ) PRC - C:\Users\TimTobias\Desktop\Nette Progs\OTL.exe (OldTimer Tools) PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA) ========== Modules (No Company Name) ========== MOD - C:\Programme\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (GbpSv) -- C:\Programme\GbPlugin\gbpsv.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA) SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA) SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () ========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found DRV - (hitmanpro36) -- C:\Windows\System32\drivers\hitmanpro36.sys () DRV - (GbpKm) -- C:\Windows\system32\drivers\gbpkm.sys (GAS Tecnologia) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.145.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 19:45:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.06 16:56:36 | 000,000,000 | ---D | M] [2011.01.23 20:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Extensions [2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions [2011.01.23 20:09:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.07.18 22:02:49 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\battlefieldheroespatcher@ea.com [2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.18 21:59:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.12.28 19:41:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.06.06 16:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2010.11.12 12:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.12 12:45:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.11.12 12:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.12 12:45:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml ========== Chrome ========== O1 HOSTS File: ([2012.08.04 15:07:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0169DC82-20BB-43D7-9C30-B0DA25C3A568}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA7E0B6-A087-4954-92D6-2FA645EC1AF7}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0E9E3E0-3468-44F4-8735-70FF3931833B}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.08.20 01:42:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.08.20 01:42:44 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.08.20 01:42:44 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Local\temp [2012.08.18 15:01:48 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Roaming\MAGIX [2012.08.18 14:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2012.08.18 14:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012.08.18 14:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2012.08.17 12:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ScreenVCR [2012.08.17 12:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Screen Recorder Gold [2012.08.17 12:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\TotalScreenRecorder_Gold [2012.08.04 20:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm [2012.08.04 20:52:10 | 000,000,000 | ---D | C] -- C:\Users\Gabi\Documents\My RoboForm Data [2012.08.04 20:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012.08.04 20:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012.08.04 14:56:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.08.04 14:56:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.08.04 14:56:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.08.04 14:55:55 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS [2012.08.04 14:55:54 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.08.04 14:55:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.08.02 12:59:07 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Roaming\SUPERAntiSpyware.com [2012.07.28 21:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\THQ [2012.07.22 19:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.07.22 19:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2010.11.03 10:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Gabi\AppData\Roaming\MinecraftSP.exe ========== Files - Modified Within 30 Days ========== [2012.08.20 12:59:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.20 12:59:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.20 12:58:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.20 12:58:38 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.20 11:31:01 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job [2012.08.20 08:22:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.20 01:21:35 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS [2012.08.20 00:59:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.20 00:59:45 | 3079,262,208 | -HS- | M] () -- C:\hiberfil.sys [2012.08.19 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job [2012.08.19 21:38:45 | 000,436,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.17 12:04:25 | 000,001,743 | ---- | M] () -- C:\Users\Gabi\Desktop\Total Screen Recorder Gold.lnk [2012.08.15 00:13:34 | 000,001,822 | ---- | M] () -- C:\Users\Gabi\Desktop\Continue SweetIM Installation.lnk [2012.08.04 20:14:47 | 000,027,424 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys [2012.08.04 20:12:37 | 000,000,788 | ---- | M] () -- C:\Windows\System32\.crusader [2012.08.04 15:07:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.07.22 19:20:28 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk ========== Files Created - No Company Name ========== [2012.08.17 12:04:25 | 000,001,743 | ---- | C] () -- C:\Users\Gabi\Desktop\Total Screen Recorder Gold.lnk [2012.08.15 00:13:18 | 000,001,822 | ---- | C] () -- C:\Users\Gabi\Desktop\Continue SweetIM Installation.lnk [2012.08.04 20:14:47 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys [2012.08.04 20:12:37 | 000,000,788 | ---- | C] () -- C:\Windows\System32\.crusader [2012.08.04 14:56:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.08.04 14:56:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.08.04 14:56:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.08.04 14:56:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.08.04 14:56:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.22 19:20:28 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.07.18 22:53:05 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.07.18 22:53:04 | 000,138,056 | ---- | C] () -- C:\Users\Gabi\AppData\Roaming\PnkBstrK.sys [2012.07.18 22:52:49 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.07.18 22:52:45 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.11.13 21:48:09 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.11.13 21:47:37 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.10.27 22:01:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2011.09.26 21:53:01 | 000,000,639 | ---- | C] () -- C:\Windows\eReg.dat [2011.06.18 15:53:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.06.18 15:52:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.06 20:52:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011.01.24 13:25:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.01.24 12:57:10 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2011.01.24 12:57:10 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.10.31 07:20:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.09.17 18:51:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.13 18:53:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.13 18:53:41 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.11 10:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.09.11 08:51:24 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.10.20 13:37:54 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2008.10.20 13:37:53 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2008.10.20 13:37:52 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2008.10.20 13:37:52 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008.10.20 12:58:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.25 12:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.01.21 07:15:58 | 000,699,828 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 07:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 07:15:58 | 000,157,120 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 07:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 12:47:37 | 000,436,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 10:33:01 | 000,655,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 10:33:01 | 000,128,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.08.01 15:35:04 | 000,002,831 | ---- | C] () -- C:\Windows\wavemix.ini ========== LOP Check ========== [2011.12.15 18:55:55 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\.minecraft [2012.01.11 21:51:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\DAEMON Tools Lite [2011.11.12 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Easeware [2011.11.12 20:12:53 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\fltk.org [2011.09.29 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Leadertech [2012.07.03 10:21:30 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\LolClient [2012.08.18 15:01:48 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\MAGIX [2012.05.04 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Propellerhead Software [2012.06.17 15:13:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\uTorrent [2011.01.18 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\wxMozBrowserLib [2012.05.10 23:22:14 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\YoudaGames [2011.11.28 10:21:52 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\DriverEasy Scheduled Scan.job [2012.08.19 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job [2012.08.20 11:31:01 | 000,001,154 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job [2012.08.20 00:58:47 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst < End of report > |
|
22.08.2012, 11:53
| #12 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Ich habe grade auch wieder Virenmeldungen bekommen hier einmal ganz genau was mir AntiVir gibt: Meldung 1 HTML-Code: C:\Users\TimTobias\AppData\Local\{ea168947-5v96-9785-e72d-62407ddcd2a4}\U\80000000.@
Ist das Trojanische Pferd TR/ATRAPS.Gen Aktion: In Quarantäne verschieben HTML-Code: C:\Users\TimTobias\AppData\Local\{ea168947-5v96-9785-e72d-62407ddcd2a4}\U\800000cb.@
Ist das Trojanische Pferd TR/ATRAPS.Gen2 Aktion: In Quarantäne verschieben Ich hab den dann beim zweiten Hochfahren mit den Anti maleware und allem andren löschen können seit dem funktioniert mein Desktop wieder und seit dem meldet sich auch Antivirus wieder wegen den ATRAPS. |
|
06.09.2012, 16:03
| #13 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund So ich konnte jetzt echt nicht mehr warten. Ich hab mein Computer jetzt wieder neu aufgespielt "amilo recovery vorgang", so in der Art hieß das. Ich denke das war, dass beste was ich machen konnte. Zu letzt kahm noch ein Virus, wo ich doch wegen Kinderpornografie meinen Rechner für 100 € wieder freischalten könnte, da er vom BKA gesperrt sei.  Naja jetzt leuft alles glatt. Vielen Dank für die Hilfe, sollte jetzt troztdem noch was kommen melde ich mich wieder sofort. Vielen Dank !!!!!  |
|
11.09.2012, 14:45
| #14 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Hi, sorry, war im Urlaub... Hab zwar mal versucht per Palm Pre hier reinzukommen bin aber immer nach der Anmeldung wieder rausgeflogen ("Sie haben keine Berechtigung etc.")... Das war ein Rootkit das gerne in Verbindung mit "Liver Security" auftritt... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
12.09.2012, 21:31
| #15 |
| | "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Keine Benachrichtungen mehr und auch sonst nichts ungewöhnliches Macht nichts  |
|
| Themen zu "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund |
| 7-zip, antivir, avira, bho, desktop, error, excel, firefox, flash player, helper, hijack, hijackthis, home, install.exe, jdownloader, league of legends, logfile, norman, object, office 2007, plug-in, realtek, registry, scan, security, senden, software, spyware.permissionresearch, svchost.exe, trojaner, virus, vista, visual studio |
Linear-Darstellung
