| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Infiziert mit Trojan.RansomWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.09.2012, 16:00
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Infiziert mit Trojan.Ransom Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.09.2012, 09:27
| #17 |
 | Infiziert mit Trojan.RansomCode:
ATTFilter OTL logfile created on: 12.09.2012 09:56:27 - Run 2 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,91 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 60,25% Memory free 5,82 Gb Paging File | 4,48 Gb Available in Paging File | 77,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 297,22 Gb Free Space | 63,81% Space Free | Partition Type: NTFS Computer Name: *** | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.12 09:54:29 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.09.10 16:06:26 | 000,372,736 | ---- | M] (Secure Banking) -- C:\Programme\Secure Banking\SecureBanking.exe PRC - [2012.09.07 17:30:34 | 000,002,560 | ---- | M] () -- C:\Programme\Secure Banking\sbservice.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.05 13:49:45 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2012.08.09 20:47:05 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2012.07.25 10:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe PRC - [2012.06.22 00:09:52 | 000,483,024 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe PRC - [2012.05.02 01:43:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:56:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.02 00:37:30 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.02 00:35:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:12:35 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.02 15:08:16 | 000,018,656 | ---- | M] () -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.12.16 17:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe ========== Modules (No Company Name) ========== MOD - [2012.09.07 17:30:34 | 000,002,560 | ---- | M] () -- C:\Programme\Secure Banking\sbservice.exe MOD - [2012.09.07 17:30:22 | 000,016,384 | ---- | M] () -- C:\Programme\Secure Banking\SecureBanking.dll MOD - [2012.09.05 20:49:54 | 000,008,704 | ---- | M] () -- C:\Programme\Secure Banking\funcs.dll MOD - [2011.02.24 12:05:04 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll ========== Services (SafeList) ========== SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 11:48:12 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.05 14:31:06 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.06.22 00:09:52 | 000,483,024 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2012.05.02 01:43:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:56:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:37:30 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.02 00:35:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 23:44:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.01.25 19:09:48 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.02.02 15:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.01.25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.16 17:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\FscBapi.sys -- (FscBapi) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 17:34:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 17:34:05 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:21:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2011.05.18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2011.02.24 12:05:16 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010.12.15 14:17:14 | 000,010,880 | ---- | M] (Fujitsu Technology Solutions) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SysmonCharos.sys -- (SysmonCharos) DRV - [2010.12.15 14:16:26 | 000,011,008 | ---- | M] (Fujitsu Technology Solutions) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FscEfDmi.sys -- (FscEfDmi) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.10.17 19:13:58 | 000,078,648 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WibuKey.sys -- (WIBUKEY) DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.09 22:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009.08.20 08:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008.04.14 21:57:10 | 000,009,760 | ---- | M] () [Kernel | System | Running] -- C:\Programme\i-Menu\hugoio.sys -- (hugoio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 13 93 4F 8A D3 CC 01 [binary data] IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 3F A6 AB 59 5C CD 01 [binary data] IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.15 16:19:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 11:48:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.05 13:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.09.07 09:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\razzfai9.default\extensions [2012.09.07 09:05:56 | 000,527,931 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\razzfai9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.09.07 11:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.07 11:48:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.09.07 11:48:12 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000..\Run: [SyncHostps] C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe File not found O4 - HKU\S-1-5-21-1529088095-4209079008-1077400495-1001..\Run: [SecureBanking] C:\Programme\Secure Banking\SecureBanking.exe (Secure Banking) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-3HHJG.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secure Banking.lnk = C:\Programme\Secure Banking\SecureBanking.exe (Secure Banking) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28CCEBFA-63F1-4591-BBA1-4114DC5B7DC7}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.25 19:34:30 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Programme\Secunia\PSI\psi_tray.exe - (Secunia) MsConfig - StartUpReg: SpywareTerminatorShield - hkey= - key= - C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {02C8D987-4AAA-5F58-9092-78F2EB0E5B8C} - Microsoft Windows Media Player 12.0 ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1867A934-3976-E76C-0C9B-6BD38781E6EF} - Microsoft Windows Media Player 12.0 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6A13367F-7535-7A67-7FD9-52350883F659} - Microsoft Windows Media Player 12.0 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B5E9B599-90D9-7606-C8EF-5DACFAB4BBEA} - Microsoft Windows Media Player 12.0 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D3B08A86-EBF0-8FCB-BF9B-3D3F11A8AE86} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F8E62A07-BED1-4E1A-AC6E-A15CB7E2FAF8} - Browser Customizations ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.10 22:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking [2012.09.07 11:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.06 21:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.06 21:30:25 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.09.06 08:36:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.09.05 13:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2012.09.05 13:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012.09.05 13:32:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2012.09.05 13:32:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2012.09.05 13:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.05 11:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2012.09.05 10:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.05 10:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.09.05 10:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak [2012.09.04 16:02:50 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.08.30 09:30:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RealNetworks [2012.08.30 09:27:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\WindowsUpdate [2012.08.30 09:24:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Secunia PSI ========== Files - Modified Within 30 Days ========== [2012.09.12 09:22:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.12 09:08:10 | 000,015,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.12 09:08:10 | 000,015,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.12 09:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.12 09:04:00 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.12 09:04:00 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.12 09:04:00 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.12 09:04:00 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.12 08:58:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.12 08:57:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.12 08:57:07 | 2342,313,984 | -HS- | M] () -- C:\hiberfil.sys [2012.09.11 10:18:09 | 000,711,240 | ---- | M] () -- C:\Windows\is-3HHJG.exe [2012.09.11 10:18:09 | 000,012,842 | ---- | M] () -- C:\Windows\is-3HHJG.msg [2012.09.11 10:18:09 | 000,001,124 | ---- | M] () -- C:\Users\***\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.11 10:18:09 | 000,000,380 | ---- | M] () -- C:\Windows\is-3HHJG.lst [2012.09.10 22:39:35 | 000,001,089 | ---- | M] () -- C:\Users\***\Desktop\Secure Banking.lnk [2012.09.10 15:06:21 | 000,512,399 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner2.001.exe [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.06 21:30:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.09.05 13:50:12 | 000,001,381 | ---- | M] () -- C:\Users\***\Desktop\RealPlayer.lnk [2012.09.05 13:49:48 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2012.09.05 11:06:10 | 000,001,121 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.09.05 10:53:44 | 000,001,145 | ---- | M] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk [2012.08.30 12:03:07 | 000,007,596 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.08.30 11:28:58 | 000,482,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.28 13:44:01 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable ========== Files Created - No Company Name ========== [2012.09.11 10:18:09 | 000,711,240 | ---- | C] () -- C:\Windows\is-3HHJG.exe [2012.09.11 10:18:09 | 000,012,842 | ---- | C] () -- C:\Windows\is-3HHJG.msg [2012.09.11 10:18:09 | 000,000,380 | ---- | C] () -- C:\Windows\is-3HHJG.lst [2012.09.10 22:39:35 | 000,001,089 | ---- | C] () -- C:\Users\***\Desktop\Secure Banking.lnk [2012.09.10 15:06:17 | 000,512,399 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner2.001.exe [2012.09.05 13:50:12 | 000,001,381 | ---- | C] () -- C:\Users\***\Desktop\RealPlayer.lnk [2012.09.05 11:06:10 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.09.05 11:06:10 | 000,001,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.09.05 10:53:44 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.05 10:53:44 | 000,001,145 | ---- | C] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk [2012.08.30 12:03:07 | 000,007,596 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.08.30 09:31:07 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.28 13:44:01 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.10 14:15:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.07.10 08:04:12 | 000,000,063 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan [2012.06.26 16:07:56 | 000,000,019 | ---- | C] () -- C:\Windows\licdat64.ini [2012.03.19 23:26:06 | 000,963,912 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2012.03.19 23:26:06 | 000,261,208 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012.03.19 22:11:22 | 000,009,216 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.03.19 22:09:28 | 000,000,264 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.02.17 14:24:14 | 000,000,055 | ---- | C] () -- C:\Windows\System32\BRDH2240D.DAT [2012.01.25 19:10:17 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.01.15 16:32:49 | 000,239,285 | ---- | C] () -- C:\Windows\hpwins26.dat.temp [2012.01.15 16:32:49 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp [2012.01.15 16:07:59 | 000,238,303 | ---- | C] () -- C:\Windows\hpwins26.dat [2012.01.15 15:20:44 | 000,057,552 | ---- | C] () -- C:\Windows\System32\WkDos.exe [2012.01.14 20:05:33 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.02.24 12:05:06 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [2011.02.24 12:05:04 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll ========== LOP Check ========== [2012.07.10 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator [2012.02.29 20:51:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk [2012.06.18 20:28:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2012.01.22 11:55:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.01.22 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.23 12:46:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2012.02.03 23:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient [2012.01.22 11:58:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jens Lorek [2012.02.21 15:13:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SKAT [2012.07.20 11:41:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.07.10 07:56:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012.06.19 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2012.06.17 12:34:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2012.07.07 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.07.09 22:48:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.07.10 18:56:47 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2012.09.05 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2012.09.05 13:29:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real [2012.08.30 09:30:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RealNetworks [2012.07.10 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator [2012.07.07 18:00:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2012.09.05 13:35:58 | 000,654,488 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\RealPlayer\setup\AU_setup20120730.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2011.01.26 12:50:34 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\ProgramData\Fujitsu\DeskUpdate\1057070\iaStor.sys [2011.01.26 12:50:34 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Users\All Users\Fujitsu\DeskUpdate\1057070\iaStor.sys [2011.01.26 12:50:34 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys [2011.01.26 12:50:34 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1d4bb208009ee37\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
12.09.2012, 14:08
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infiziert mit Trojan.Ransom Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-1529088095-4209079008-1077400495-1000..\Run: [SyncHostps] C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.25 19:34:30 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.09.11 10:18:09 | 000,711,240 | ---- | C] () -- C:\Windows\is-3HHJG.exe
[2012.09.11 10:18:09 | 000,012,842 | ---- | C] () -- C:\Windows\is-3HHJG.msg
[2012.09.11 10:18:09 | 000,000,380 | ---- | C] () -- C:\Windows\is-3HHJG.lst
:Files
C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
19.09.2012, 08:15
| #19 |
| | Infiziert mit Trojan.Ransom Hallo, hat leider ein wenig gedauert - unsere Internetleitung war defekt - jetzt bin ich wieder online. Habe den Text in OTL kopiert, dann lief der Fix, danach musst ich einen neustart machen, hier der log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1529088095-4209079008-1077400495-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SyncHostps deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
C:\autoexec.bat moved successfully.
C:\Windows\is-3HHJG.exe moved successfully.
C:\Windows\is-3HHJG.msg moved successfully.
C:\Windows\is-3HHJG.lst moved successfully.
========== FILES ==========
C:\Users\***\AppData\Local\Microsoft\Windows\4870 folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: ***
->Temp folder emptied: 152692779 bytes
->Temporary Internet Files folder emptied: 77225441 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75288726 bytes
->Flash cache emptied: 745 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: ***
->Temp folder emptied: 311553046 bytes
->Temporary Internet Files folder emptied: 55130975 bytes
->Java cache emptied: 3795764 bytes
->FireFox cache emptied: 514610114 bytes
->Flash cache emptied: 2078 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13075079 bytes
RecycleBin emptied: 1107 bytes
Total Files Cleaned = 1.148,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.3 log created on 09122012_154341
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
19.09.2012, 15:49
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infiziert mit Trojan.Ransom Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2012, 16:07
| #21 |
| | Infiziert mit Trojan.Ransom was heißt "normaler Windows Modus": - Windows ganz normal starten, oder - unterschied administrator, eingeschränkter benutzer ? |
|
19.09.2012, 19:33
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infiziert mit Trojan.Ransom Mit normalem Modus meine ich das Gegenteil des abgesicherten Modus - also Windows ganz normal starten Dass du Adminrechte für unsere Tools brauchst versteht sich ja von selbst
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2012, 20:09
| #23 |
| | Infiziert mit Trojan.RansomCode:
ATTFilter 21:02:54.0574 0248 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:02:54.0574 0248 ============================================================
21:02:54.0574 0248 Current date / time: 2012/09/19 21:02:54.0574
21:02:54.0574 0248 SystemInfo:
21:02:54.0574 0248
21:02:54.0574 0248 OS Version: 6.1.7601 ServicePack: 1.0
21:02:54.0574 0248 Product type: Workstation
21:02:54.0574 0248 ComputerName: ***-PC-TOWER
21:02:54.0574 0248 UserName: ***
21:02:54.0574 0248 Windows directory: C:\Windows
21:02:54.0574 0248 System windows directory: C:\Windows
21:02:54.0574 0248 Processor architecture: Intel x86
21:02:54.0574 0248 Number of processors: 4
21:02:54.0574 0248 Page size: 0x1000
21:02:54.0574 0248 Boot type: Normal boot
21:02:54.0574 0248 ============================================================
21:02:55.0182 0248 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:02:55.0198 0248 ============================================================
21:02:55.0198 0248 \Device\Harddisk0\DR0:
21:02:55.0198 0248 MBR partitions:
21:02:55.0198 0248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
21:02:55.0198 0248 ============================================================
21:02:55.0260 0248 C: <-> \Device\Harddisk0\DR0\Partition1
21:02:55.0260 0248 ============================================================
21:02:55.0260 0248 Initialize success
21:02:55.0260 0248 ============================================================
21:03:20.0454 3968 ============================================================
21:03:20.0454 3968 Scan started
21:03:20.0454 3968 Mode: Manual; SigCheck; TDLFS;
21:03:20.0454 3968 ============================================================
21:03:20.0766 3968 ================ Scan system memory ========================
21:03:20.0766 3968 System memory - ok
21:03:20.0766 3968 ================ Scan services =============================
21:03:20.0907 3968 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:03:21.0000 3968 1394ohci - ok
21:03:21.0031 3968 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:03:21.0047 3968 ACPI - ok
21:03:21.0078 3968 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:03:21.0156 3968 AcpiPmi - ok
21:03:21.0234 3968 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:03:21.0250 3968 AdobeARMservice - ok
21:03:21.0297 3968 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:03:21.0312 3968 AdobeFlashPlayerUpdateSvc - ok
21:03:21.0359 3968 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:03:21.0375 3968 adp94xx - ok
21:03:21.0390 3968 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:03:21.0406 3968 adpahci - ok
21:03:21.0421 3968 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:03:21.0421 3968 adpu320 - ok
21:03:21.0437 3968 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:03:21.0468 3968 AeLookupSvc - ok
21:03:21.0499 3968 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:03:21.0531 3968 AFD - ok
21:03:21.0546 3968 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:03:21.0562 3968 agp440 - ok
21:03:21.0593 3968 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:03:21.0624 3968 aic78xx - ok
21:03:21.0640 3968 [ 45F65F2F7AE28E5E56AB64E3AC61BD52 ] aksfridge C:\Windows\system32\drivers\aksfridge.sys
21:03:21.0702 3968 aksfridge - ok
21:03:21.0749 3968 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:03:21.0796 3968 ALG - ok
21:03:21.0843 3968 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:03:21.0858 3968 aliide - ok
21:03:21.0874 3968 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:03:21.0889 3968 amdagp - ok
21:03:21.0889 3968 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:03:21.0921 3968 amdide - ok
21:03:21.0936 3968 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:03:21.0983 3968 AmdK8 - ok
21:03:21.0999 3968 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:03:22.0014 3968 AmdPPM - ok
21:03:22.0030 3968 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:03:22.0045 3968 amdsata - ok
21:03:22.0061 3968 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:03:22.0061 3968 amdsbs - ok
21:03:22.0077 3968 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:03:22.0092 3968 amdxata - ok
21:03:22.0170 3968 [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
21:03:22.0186 3968 AntiVirMailService - ok
21:03:22.0201 3968 [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:03:22.0217 3968 AntiVirSchedulerService - ok
21:03:22.0217 3968 [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:03:22.0233 3968 AntiVirService - ok
21:03:22.0248 3968 [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:03:22.0264 3968 AntiVirWebService - ok
21:03:22.0295 3968 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:03:22.0357 3968 AppID - ok
21:03:22.0373 3968 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:03:22.0420 3968 AppIDSvc - ok
21:03:22.0451 3968 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:03:22.0498 3968 Appinfo - ok
21:03:22.0513 3968 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:03:22.0529 3968 arc - ok
21:03:22.0545 3968 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:03:22.0560 3968 arcsas - ok
21:03:22.0654 3968 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:03:22.0685 3968 aspnet_state - ok
21:03:22.0685 3968 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:03:22.0763 3968 AsyncMac - ok
21:03:22.0794 3968 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:03:22.0810 3968 atapi - ok
21:03:22.0841 3968 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:03:22.0888 3968 AudioEndpointBuilder - ok
21:03:22.0888 3968 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:03:22.0919 3968 Audiosrv - ok
21:03:22.0981 3968 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
21:03:23.0013 3968 Autodesk Content Service - ok
21:03:23.0028 3968 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:03:23.0044 3968 avgntflt - ok
21:03:23.0075 3968 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:03:23.0091 3968 avipbb - ok
21:03:23.0106 3968 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:03:23.0137 3968 avkmgr - ok
21:03:23.0184 3968 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:03:23.0262 3968 AxInstSV - ok
21:03:23.0293 3968 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:03:23.0356 3968 b06bdrv - ok
21:03:23.0371 3968 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:03:23.0418 3968 b57nd60x - ok
21:03:23.0434 3968 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:03:23.0496 3968 BDESVC - ok
21:03:23.0512 3968 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:03:23.0574 3968 Beep - ok
21:03:23.0605 3968 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:03:23.0637 3968 BFE - ok
21:03:23.0668 3968 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:03:23.0715 3968 BITS - ok
21:03:23.0715 3968 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:03:23.0730 3968 blbdrive - ok
21:03:23.0746 3968 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:03:23.0761 3968 bowser - ok
21:03:23.0777 3968 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:03:23.0839 3968 BrFiltLo - ok
21:03:23.0855 3968 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:03:23.0886 3968 BrFiltUp - ok
21:03:23.0917 3968 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:03:23.0949 3968 Browser - ok
21:03:23.0964 3968 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:03:24.0011 3968 Brserid - ok
21:03:24.0011 3968 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:03:24.0042 3968 BrSerWdm - ok
21:03:24.0058 3968 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:03:24.0105 3968 BrUsbMdm - ok
21:03:24.0120 3968 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:03:24.0151 3968 BrUsbSer - ok
21:03:24.0214 3968 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
21:03:24.0229 3968 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
21:03:24.0229 3968 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
21:03:24.0245 3968 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:03:24.0261 3968 BTHMODEM - ok
21:03:24.0292 3968 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:03:24.0354 3968 bthserv - ok
21:03:24.0417 3968 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:03:24.0479 3968 cdfs - ok
21:03:24.0495 3968 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:03:24.0541 3968 cdrom - ok
21:03:24.0573 3968 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:03:24.0619 3968 CertPropSvc - ok
21:03:24.0651 3968 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:03:24.0682 3968 circlass - ok
21:03:24.0713 3968 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:03:24.0744 3968 CLFS - ok
21:03:24.0869 3968 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:03:24.0885 3968 clr_optimization_v2.0.50727_32 - ok
21:03:24.0916 3968 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:03:24.0931 3968 clr_optimization_v4.0.30319_32 - ok
21:03:24.0947 3968 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:03:24.0963 3968 CmBatt - ok
21:03:24.0978 3968 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:03:24.0994 3968 cmdide - ok
21:03:25.0025 3968 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:03:25.0056 3968 CNG - ok
21:03:25.0072 3968 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:03:25.0072 3968 Compbatt - ok
21:03:25.0119 3968 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:03:25.0150 3968 CompositeBus - ok
21:03:25.0165 3968 COMSysApp - ok
21:03:25.0212 3968 [ 085D4E5714BC641286C43239E8CB267F ] cphs C:\Windows\system32\IntelCpHeciSvc.exe
21:03:25.0228 3968 cphs - ok
21:03:25.0259 3968 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:03:25.0275 3968 crcdisk - ok
21:03:25.0306 3968 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:03:25.0353 3968 CryptSvc - ok
21:03:25.0399 3968 [ 7CAAF4AF453EF3582FEF65DD72CAA0AA ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:03:25.0431 3968 dc3d - ok
21:03:25.0462 3968 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:03:25.0509 3968 DcomLaunch - ok
21:03:25.0524 3968 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:03:25.0571 3968 defragsvc - ok
21:03:25.0602 3968 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:03:25.0633 3968 DfsC - ok
21:03:25.0665 3968 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:03:25.0711 3968 Dhcp - ok
21:03:25.0727 3968 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:03:25.0758 3968 discache - ok
21:03:25.0789 3968 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:03:25.0789 3968 Disk - ok
21:03:25.0821 3968 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:03:25.0836 3968 Dnscache - ok
21:03:25.0867 3968 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:03:25.0899 3968 dot3svc - ok
21:03:25.0930 3968 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:03:25.0961 3968 Dot4 - ok
21:03:25.0992 3968 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
21:03:26.0023 3968 Dot4Print - ok
21:03:26.0039 3968 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:03:26.0086 3968 dot4usb - ok
21:03:26.0101 3968 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:03:26.0133 3968 DPS - ok
21:03:26.0164 3968 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:03:26.0195 3968 drmkaud - ok
21:03:26.0226 3968 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:03:26.0257 3968 DXGKrnl - ok
21:03:26.0273 3968 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:03:26.0320 3968 EapHost - ok
21:03:26.0413 3968 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:03:26.0507 3968 ebdrv - ok
21:03:26.0523 3968 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:03:26.0554 3968 EFS - ok
21:03:26.0601 3968 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:03:26.0647 3968 ehRecvr - ok
21:03:26.0663 3968 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:03:26.0710 3968 ehSched - ok
21:03:26.0741 3968 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
21:03:26.0757 3968 ElbyCDIO - ok
21:03:26.0803 3968 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:03:26.0835 3968 elxstor - ok
21:03:26.0850 3968 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:03:26.0866 3968 ErrDev - ok
21:03:26.0913 3968 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:03:26.0959 3968 EventSystem - ok
21:03:26.0991 3968 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:03:27.0037 3968 exfat - ok
21:03:27.0069 3968 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:03:27.0115 3968 fastfat - ok
21:03:27.0147 3968 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:03:27.0193 3968 Fax - ok
21:03:27.0209 3968 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:03:27.0240 3968 fdc - ok
21:03:27.0256 3968 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:03:27.0287 3968 fdPHost - ok
21:03:27.0303 3968 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:03:27.0334 3968 FDResPub - ok
21:03:27.0349 3968 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:03:27.0365 3968 FileInfo - ok
21:03:27.0365 3968 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:03:27.0412 3968 Filetrace - ok
21:03:27.0459 3968 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:03:27.0490 3968 FLEXnet Licensing Service - ok
21:03:27.0521 3968 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:03:27.0552 3968 flpydisk - ok
21:03:27.0583 3968 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:03:27.0599 3968 FltMgr - ok
21:03:27.0630 3968 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:03:27.0661 3968 FontCache - ok
21:03:27.0708 3968 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:03:27.0724 3968 FontCache3.0.0.0 - ok
21:03:27.0739 3968 FscBapi - ok
21:03:27.0755 3968 [ 578CB7252D3C807E145D5B1E18423A2E ] FscEfDmi C:\Windows\system32\DRIVERS\FscEfDmi.sys
21:03:27.0802 3968 FscEfDmi - ok
21:03:27.0817 3968 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:03:27.0833 3968 FsDepends - ok
21:03:27.0849 3968 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:03:27.0880 3968 Fs_Rec - ok
21:03:27.0911 3968 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:03:27.0927 3968 fvevol - ok
21:03:27.0958 3968 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:03:27.0973 3968 gagp30kx - ok
21:03:28.0005 3968 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:03:28.0051 3968 gpsvc - ok
21:03:28.0114 3968 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:03:28.0129 3968 gupdate - ok
21:03:28.0129 3968 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:03:28.0145 3968 gupdatem - ok
21:03:28.0176 3968 [ 995178A443B07FA9EEAEA041D7B4B5CA ] hardlock C:\Windows\system32\drivers\hardlock.sys
21:03:28.0239 3968 hardlock - ok
21:03:28.0239 3968 hasplms - ok
21:03:28.0254 3968 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:03:28.0301 3968 hcw85cir - ok
21:03:28.0332 3968 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:03:28.0363 3968 HdAudAddService - ok
21:03:28.0379 3968 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:03:28.0410 3968 HDAudBus - ok
21:03:28.0441 3968 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:03:28.0473 3968 HidBatt - ok
21:03:28.0488 3968 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:03:28.0519 3968 HidBth - ok
21:03:28.0535 3968 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:03:28.0566 3968 HidIr - ok
21:03:28.0582 3968 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:03:28.0644 3968 hidserv - ok
21:03:28.0675 3968 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:03:28.0707 3968 HidUsb - ok
21:03:28.0722 3968 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:03:28.0769 3968 hkmsvc - ok
21:03:28.0785 3968 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:03:28.0816 3968 HomeGroupListener - ok
21:03:28.0847 3968 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:03:28.0863 3968 HomeGroupProvider - ok
21:03:29.0019 3968 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:03:29.0050 3968 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:03:29.0050 3968 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:03:29.0081 3968 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:03:29.0097 3968 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:03:29.0097 3968 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:03:29.0143 3968 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:03:29.0159 3968 HpSAMD - ok
21:03:29.0190 3968 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:03:29.0206 3968 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:03:29.0206 3968 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:03:29.0253 3968 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:03:29.0284 3968 HTTP - ok
21:03:29.0315 3968 [ 7DECCB2612255F4B538976AD25DA0D29 ] hugoio C:\Program Files\i-Menu\hugoio.sys
21:03:29.0331 3968 hugoio - ok
21:03:29.0331 3968 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:03:29.0331 3968 hwpolicy - ok
21:03:29.0362 3968 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:03:29.0393 3968 i8042prt - ok
21:03:29.0440 3968 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:03:29.0455 3968 iaStor - ok
21:03:29.0502 3968 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:03:29.0518 3968 iaStorV - ok
21:03:29.0580 3968 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:03:29.0611 3968 idsvc - ok
21:03:29.0799 3968 [ 0FEB90F92A8AB77A7E5E6BA052138351 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:03:30.0064 3968 igfx - ok
21:03:30.0111 3968 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:03:30.0126 3968 iirsp - ok
21:03:30.0157 3968 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:03:30.0189 3968 IKEEXT - ok
21:03:30.0282 3968 [ B44C0357D1FC7C9E4C0B0983A9E96FF9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:03:30.0360 3968 IntcAzAudAddService - ok
21:03:30.0376 3968 [ 5576AD2F0039D2BCCCA3567FC0BF981C ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:03:30.0407 3968 IntcDAud - ok
21:03:30.0423 3968 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:03:30.0438 3968 intelide - ok
21:03:30.0485 3968 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:03:30.0501 3968 intelppm - ok
21:03:30.0516 3968 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:03:30.0579 3968 IPBusEnum - ok
21:03:30.0594 3968 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:03:30.0641 3968 IpFilterDriver - ok
21:03:30.0688 3968 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:03:30.0735 3968 iphlpsvc - ok
21:03:30.0766 3968 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:03:30.0766 3968 IPMIDRV - ok
21:03:30.0781 3968 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:03:30.0828 3968 IPNAT - ok
21:03:30.0859 3968 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:03:30.0891 3968 IRENUM - ok
21:03:30.0937 3968 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:03:30.0937 3968 isapnp - ok
21:03:30.0969 3968 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:03:30.0969 3968 iScsiPrt - ok
21:03:31.0000 3968 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:03:31.0015 3968 kbdclass - ok
21:03:31.0031 3968 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:03:31.0047 3968 kbdhid - ok
21:03:31.0062 3968 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:03:31.0078 3968 KeyIso - ok
21:03:31.0093 3968 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:03:31.0109 3968 KSecDD - ok
21:03:31.0125 3968 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:03:31.0140 3968 KSecPkg - ok
21:03:31.0156 3968 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:03:31.0187 3968 KtmRm - ok
21:03:31.0203 3968 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:03:31.0218 3968 LanmanServer - ok
21:03:31.0218 3968 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:03:31.0249 3968 LanmanWorkstation - ok
21:03:31.0281 3968 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:03:31.0327 3968 lltdio - ok
21:03:31.0359 3968 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:03:31.0390 3968 lltdsvc - ok
21:03:31.0405 3968 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:03:31.0437 3968 lmhosts - ok
21:03:31.0452 3968 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:03:31.0468 3968 LSI_FC - ok
21:03:31.0483 3968 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:03:31.0499 3968 LSI_SAS - ok
21:03:31.0515 3968 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:03:31.0530 3968 LSI_SAS2 - ok
21:03:31.0546 3968 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:03:31.0561 3968 LSI_SCSI - ok
21:03:31.0577 3968 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:03:31.0608 3968 luafv - ok
21:03:31.0639 3968 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:03:31.0655 3968 MBAMProtector - ok
21:03:31.0717 3968 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:03:31.0733 3968 MBAMScheduler - ok
21:03:31.0764 3968 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:03:31.0795 3968 MBAMService - ok
21:03:31.0811 3968 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:03:31.0858 3968 Mcx2Svc - ok
21:03:31.0889 3968 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:03:31.0905 3968 megasas - ok
21:03:31.0936 3968 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:03:31.0951 3968 MegaSR - ok
21:03:31.0967 3968 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:03:32.0014 3968 MMCSS - ok
21:03:32.0014 3968 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:03:32.0045 3968 Modem - ok
21:03:32.0076 3968 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:03:32.0092 3968 monitor - ok
21:03:32.0107 3968 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:03:32.0123 3968 mouclass - ok
21:03:32.0139 3968 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:03:32.0170 3968 mouhid - ok
21:03:32.0185 3968 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:03:32.0201 3968 mountmgr - ok
21:03:32.0248 3968 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:03:32.0263 3968 MozillaMaintenance - ok
21:03:32.0279 3968 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:03:32.0310 3968 mpio - ok
21:03:32.0326 3968 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:03:32.0388 3968 mpsdrv - ok
21:03:32.0419 3968 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:03:32.0466 3968 MpsSvc - ok
21:03:32.0482 3968 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:03:32.0497 3968 MRxDAV - ok
21:03:32.0529 3968 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:03:32.0560 3968 mrxsmb - ok
21:03:32.0591 3968 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:03:32.0607 3968 mrxsmb10 - ok
21:03:32.0622 3968 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:03:32.0653 3968 mrxsmb20 - ok
21:03:32.0669 3968 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:03:32.0685 3968 msahci - ok
21:03:32.0716 3968 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:03:32.0747 3968 msdsm - ok
21:03:32.0763 3968 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:03:32.0794 3968 MSDTC - ok
21:03:32.0841 3968 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:03:32.0872 3968 Msfs - ok
21:03:32.0887 3968 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:03:32.0934 3968 mshidkmdf - ok
21:03:32.0950 3968 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:03:32.0965 3968 msisadrv - ok
21:03:32.0981 3968 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:03:33.0028 3968 MSiSCSI - ok
21:03:33.0028 3968 msiserver - ok
21:03:33.0043 3968 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:03:33.0075 3968 MSKSSRV - ok
21:03:33.0075 3968 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:03:33.0106 3968 MSPCLOCK - ok
21:03:33.0106 3968 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:03:33.0137 3968 MSPQM - ok
21:03:33.0153 3968 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:03:33.0153 3968 MsRPC - ok
21:03:33.0168 3968 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:03:33.0184 3968 mssmbios - ok
21:03:33.0199 3968 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:03:33.0215 3968 MSTEE - ok
21:03:33.0231 3968 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:03:33.0262 3968 MTConfig - ok
21:03:33.0277 3968 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:03:33.0293 3968 Mup - ok
21:03:33.0309 3968 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:03:33.0340 3968 napagent - ok
21:03:33.0371 3968 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:03:33.0387 3968 NativeWifiP - ok
21:03:33.0433 3968 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
21:03:33.0449 3968 NAUpdate - ok
21:03:33.0496 3968 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:03:33.0511 3968 NDIS - ok
21:03:33.0527 3968 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:03:33.0558 3968 NdisCap - ok
21:03:33.0574 3968 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:03:33.0605 3968 NdisTapi - ok
21:03:33.0636 3968 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:03:33.0667 3968 Ndisuio - ok
21:03:33.0699 3968 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:03:33.0730 3968 NdisWan - ok
21:03:33.0745 3968 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:03:33.0777 3968 NDProxy - ok
21:03:33.0808 3968 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:03:33.0808 3968 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:03:33.0808 3968 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:03:33.0839 3968 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:03:33.0886 3968 NetBIOS - ok
21:03:33.0901 3968 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:03:33.0964 3968 NetBT - ok
21:03:33.0979 3968 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:03:33.0979 3968 Netlogon - ok
21:03:34.0011 3968 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:03:34.0042 3968 Netman - ok
21:03:34.0073 3968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:34.0089 3968 NetMsmqActivator - ok
21:03:34.0104 3968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:34.0120 3968 NetPipeActivator - ok
21:03:34.0135 3968 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:03:34.0182 3968 netprofm - ok
21:03:34.0182 3968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:34.0198 3968 NetTcpActivator - ok
21:03:34.0198 3968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:34.0213 3968 NetTcpPortSharing - ok
21:03:34.0229 3968 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:03:34.0245 3968 nfrd960 - ok
21:03:34.0260 3968 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:03:34.0291 3968 NlaSvc - ok
21:03:34.0291 3968 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:03:34.0338 3968 Npfs - ok
21:03:34.0338 3968 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:03:34.0369 3968 nsi - ok
21:03:34.0401 3968 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:03:34.0432 3968 nsiproxy - ok
21:03:34.0479 3968 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:03:34.0525 3968 Ntfs - ok
21:03:34.0541 3968 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:03:34.0588 3968 Null - ok
21:03:34.0619 3968 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:03:34.0635 3968 nvraid - ok
21:03:34.0650 3968 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:03:34.0666 3968 nvstor - ok
21:03:34.0713 3968 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:03:34.0728 3968 nv_agp - ok
21:03:34.0775 3968 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:03:34.0822 3968 ohci1394 - ok
21:03:34.0869 3968 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:03:34.0884 3968 ose - ok
21:03:34.0993 3968 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:03:35.0056 3968 osppsvc - ok
21:03:35.0071 3968 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:03:35.0118 3968 p2pimsvc - ok
21:03:35.0149 3968 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:03:35.0181 3968 p2psvc - ok
21:03:35.0212 3968 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:03:35.0243 3968 Parport - ok
21:03:35.0259 3968 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:03:35.0274 3968 partmgr - ok
21:03:35.0290 3968 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:03:35.0305 3968 Parvdm - ok
21:03:35.0321 3968 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:03:35.0352 3968 PcaSvc - ok
21:03:35.0368 3968 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:03:35.0383 3968 pci - ok
21:03:35.0399 3968 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:03:35.0399 3968 pciide - ok
21:03:35.0430 3968 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:03:35.0446 3968 pcmcia - ok
21:03:35.0461 3968 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:03:35.0477 3968 pcw - ok
21:03:35.0493 3968 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:03:35.0524 3968 PEAUTH - ok
21:03:35.0571 3968 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:03:35.0633 3968 pla - ok
21:03:35.0680 3968 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:03:35.0695 3968 PlugPlay - ok
21:03:35.0742 3968 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:03:35.0758 3968 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:03:35.0758 3968 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:03:35.0789 3968 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:03:35.0836 3968 PNRPAutoReg - ok
21:03:35.0851 3968 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:03:35.0867 3968 PNRPsvc - ok
21:03:35.0898 3968 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:03:35.0929 3968 PolicyAgent - ok
21:03:35.0945 3968 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:03:35.0961 3968 Power - ok
21:03:35.0976 3968 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:03:36.0023 3968 PptpMiniport - ok
21:03:36.0039 3968 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:03:36.0054 3968 Processor - ok
21:03:36.0070 3968 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:03:36.0101 3968 ProfSvc - ok
21:03:36.0117 3968 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:03:36.0132 3968 ProtectedStorage - ok
21:03:36.0148 3968 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:03:36.0179 3968 Psched - ok
21:03:36.0210 3968 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
21:03:36.0226 3968 PSI - ok
21:03:36.0273 3968 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:03:36.0319 3968 ql2300 - ok
21:03:36.0335 3968 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:03:36.0335 3968 ql40xx - ok
21:03:36.0366 3968 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:03:36.0382 3968 QWAVE - ok
21:03:36.0382 3968 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:03:36.0429 3968 QWAVEdrv - ok
21:03:36.0444 3968 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:03:36.0507 3968 RasAcd - ok
21:03:36.0538 3968 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:03:36.0569 3968 RasAgileVpn - ok
21:03:36.0585 3968 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:03:36.0600 3968 RasAuto - ok
21:03:36.0631 3968 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:03:36.0663 3968 Rasl2tp - ok
21:03:36.0678 3968 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:03:36.0725 3968 RasMan - ok
21:03:36.0741 3968 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:03:36.0772 3968 RasPppoe - ok
21:03:36.0772 3968 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:03:36.0803 3968 RasSstp - ok
21:03:36.0834 3968 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:03:36.0850 3968 rdbss - ok
21:03:36.0865 3968 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:03:36.0881 3968 rdpbus - ok
21:03:36.0897 3968 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:03:36.0928 3968 RDPCDD - ok
21:03:36.0928 3968 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:03:36.0959 3968 RDPENCDD - ok
21:03:36.0975 3968 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:03:37.0006 3968 RDPREFMP - ok
21:03:37.0053 3968 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:03:37.0084 3968 RDPWD - ok
21:03:37.0099 3968 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:03:37.0131 3968 rdyboost - ok
21:03:37.0162 3968 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:03:37.0193 3968 RemoteAccess - ok
21:03:37.0209 3968 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:03:37.0240 3968 RemoteRegistry - ok
21:03:37.0255 3968 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:03:37.0302 3968 RpcEptMapper - ok
21:03:37.0318 3968 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:03:37.0349 3968 RpcLocator - ok
21:03:37.0365 3968 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:03:37.0411 3968 RpcSs - ok
21:03:37.0427 3968 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:03:37.0458 3968 rspndr - ok
21:03:37.0489 3968 [ F83FEAF4C5A3A559A6CC98E112B62744 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
21:03:37.0505 3968 RTL8167 - ok
21:03:37.0521 3968 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:03:37.0536 3968 SamSs - ok
21:03:37.0567 3968 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:03:37.0583 3968 sbp2port - ok
21:03:37.0630 3968 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:03:37.0677 3968 SCardSvr - ok
21:03:37.0708 3968 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:03:37.0739 3968 scfilter - ok
21:03:37.0770 3968 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:03:37.0801 3968 Schedule - ok
21:03:37.0817 3968 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:03:37.0833 3968 SCPolicySvc - ok
21:03:37.0864 3968 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:03:37.0895 3968 SDRSVC - ok
21:03:37.0926 3968 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:03:37.0973 3968 secdrv - ok
21:03:37.0973 3968 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:03:38.0004 3968 seclogon - ok
21:03:38.0082 3968 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
21:03:38.0129 3968 Secunia PSI Agent - ok
21:03:38.0145 3968 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
21:03:38.0160 3968 Secunia Update Agent - ok
21:03:38.0160 3968 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:03:38.0191 3968 SENS - ok
21:03:38.0207 3968 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:03:38.0223 3968 SensrSvc - ok
21:03:38.0238 3968 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:03:38.0285 3968 Serenum - ok
21:03:38.0285 3968 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:03:38.0332 3968 Serial - ok
21:03:38.0363 3968 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:03:38.0379 3968 sermouse - ok
21:03:38.0410 3968 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:03:38.0441 3968 SessionEnv - ok
21:03:38.0472 3968 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:03:38.0503 3968 sffdisk - ok
21:03:38.0519 3968 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:03:38.0550 3968 sffp_mmc - ok
21:03:38.0550 3968 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:03:38.0581 3968 sffp_sd - ok
21:03:38.0597 3968 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:03:38.0628 3968 sfloppy - ok
21:03:38.0659 3968 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:03:38.0706 3968 SharedAccess - ok
21:03:38.0722 3968 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:03:38.0769 3968 ShellHWDetection - ok
21:03:38.0815 3968 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:03:38.0815 3968 sisagp - ok
21:03:38.0831 3968 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:03:38.0847 3968 SiSRaid2 - ok
21:03:38.0862 3968 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:03:38.0878 3968 SiSRaid4 - ok
21:03:38.0909 3968 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:03:38.0940 3968 Smb - ok
21:03:38.0971 3968 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:03:38.0971 3968 SNMPTRAP - ok
21:03:38.0987 3968 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:03:38.0987 3968 spldr - ok
21:03:39.0018 3968 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:03:39.0065 3968 Spooler - ok
21:03:39.0127 3968 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:03:39.0174 3968 sppsvc - ok
21:03:39.0190 3968 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:03:39.0205 3968 sppuinotify - ok
21:03:39.0237 3968 [ 7B426B8E809EDF081D771EF429345528 ] sp_rsdrv2 C:\Windows\system32\drivers\sp_rsdrv2.sys
21:03:39.0252 3968 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
21:03:39.0252 3968 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
21:03:39.0299 3968 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:03:39.0315 3968 srv - ok
21:03:39.0346 3968 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:03:39.0361 3968 srv2 - ok
21:03:39.0377 3968 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:03:39.0408 3968 srvnet - ok
21:03:39.0439 3968 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:03:39.0486 3968 SSDPSRV - ok
21:03:39.0502 3968 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:03:39.0517 3968 ssmdrv - ok
21:03:39.0533 3968 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:03:39.0564 3968 SstpSvc - ok
21:03:39.0611 3968 [ B2A463132872D42B5637262215046926 ] ST2012_Svc C:\Program Files\Spyware Terminator\st_rsser.exe
21:03:39.0611 3968 ST2012_Svc - ok
21:03:39.0642 3968 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:03:39.0658 3968 stexstor - ok
21:03:39.0689 3968 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:03:39.0736 3968 StiSvc - ok
21:03:39.0751 3968 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:03:39.0767 3968 swenum - ok
21:03:39.0798 3968 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:03:39.0829 3968 swprv - ok
21:03:39.0876 3968 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:03:39.0939 3968 SysMain - ok
21:03:39.0954 3968 [ F354CD3EFDA0FEBADEA8C56FCA346364 ] SysmonCharos C:\Windows\system32\DRIVERS\SysmonCharos.sys
21:03:39.0970 3968 SysmonCharos - ok
21:03:40.0001 3968 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:03:40.0032 3968 TabletInputService - ok
21:03:40.0063 3968 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:03:40.0095 3968 TapiSrv - ok
21:03:40.0110 3968 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:03:40.0141 3968 TBS - ok
21:03:40.0204 3968 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:03:40.0251 3968 Tcpip - ok
21:03:40.0297 3968 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:03:40.0313 3968 TCPIP6 - ok
21:03:40.0329 3968 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:03:40.0375 3968 tcpipreg - ok
21:03:40.0391 3968 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:03:40.0438 3968 TDPIPE - ok
21:03:40.0438 3968 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:03:40.0485 3968 TDTCP - ok
21:03:40.0500 3968 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:03:40.0531 3968 tdx - ok
21:03:40.0547 3968 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:03:40.0563 3968 TermDD - ok
21:03:40.0578 3968 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:03:40.0625 3968 TermService - ok
21:03:40.0641 3968 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:03:40.0656 3968 Themes - ok
21:03:40.0672 3968 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:03:40.0687 3968 THREADORDER - ok
21:03:40.0719 3968 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:03:40.0734 3968 TrkWks - ok
21:03:40.0781 3968 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:03:40.0812 3968 TrustedInstaller - ok
21:03:40.0828 3968 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:03:40.0875 3968 tssecsrv - ok
21:03:40.0906 3968 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:03:40.0921 3968 TsUsbFlt - ok
21:03:40.0953 3968 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:03:40.0999 3968 tunnel - ok
21:03:41.0015 3968 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:03:41.0031 3968 uagp35 - ok
21:03:41.0046 3968 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:03:41.0077 3968 udfs - ok
21:03:41.0093 3968 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:03:41.0124 3968 UI0Detect - ok
21:03:41.0124 3968 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:03:41.0140 3968 uliagpkx - ok
21:03:41.0155 3968 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:03:41.0155 3968 umbus - ok
21:03:41.0187 3968 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:03:41.0187 3968 UmPass - ok
21:03:41.0202 3968 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:03:41.0218 3968 upnphost - ok
21:03:41.0249 3968 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:03:41.0265 3968 usbccgp - ok
21:03:41.0296 3968 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:03:41.0311 3968 usbcir - ok
21:03:41.0327 3968 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:03:41.0343 3968 usbehci - ok
21:03:41.0374 3968 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:03:41.0389 3968 usbhub - ok
21:03:41.0405 3968 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:03:41.0421 3968 usbohci - ok
21:03:41.0436 3968 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:03:41.0452 3968 usbprint - ok
21:03:41.0467 3968 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:03:41.0483 3968 usbscan - ok
21:03:41.0499 3968 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:03:41.0530 3968 USBSTOR - ok
21:03:41.0545 3968 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:03:41.0577 3968 usbuhci - ok
21:03:41.0592 3968 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:03:41.0639 3968 UxSms - ok
21:03:41.0670 3968 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:03:41.0686 3968 VaultSvc - ok
21:03:41.0701 3968 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
21:03:41.0717 3968 VClone - ok
21:03:41.0733 3968 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:03:41.0748 3968 vdrvroot - ok
21:03:41.0779 3968 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:03:41.0826 3968 vds - ok
21:03:41.0857 3968 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:03:41.0873 3968 vga - ok
21:03:41.0889 3968 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:03:41.0920 3968 VgaSave - ok
21:03:41.0967 3968 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:03:41.0982 3968 vhdmp - ok
21:03:41.0998 3968 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:03:42.0013 3968 viaagp - ok
21:03:42.0029 3968 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:03:42.0045 3968 ViaC7 - ok
21:03:42.0060 3968 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:03:42.0091 3968 viaide - ok
21:03:42.0091 3968 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:03:42.0107 3968 volmgr - ok
21:03:42.0123 3968 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:03:42.0138 3968 volmgrx - ok
21:03:42.0154 3968 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:03:42.0154 3968 volsnap - ok
21:03:42.0185 3968 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:03:42.0185 3968 vsmraid - ok
21:03:42.0216 3968 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:03:42.0247 3968 VSS - ok
21:03:42.0247 3968 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:03:42.0279 3968 vwifibus - ok
21:03:42.0294 3968 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:03:42.0325 3968 W32Time - ok
21:03:42.0357 3968 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:03:42.0372 3968 WacomPen - ok
21:03:42.0388 3968 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:03:42.0419 3968 WANARP - ok
21:03:42.0419 3968 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:03:42.0435 3968 Wanarpv6 - ok
21:03:42.0481 3968 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:03:42.0559 3968 wbengine - ok
21:03:42.0575 3968 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:03:42.0606 3968 WbioSrvc - ok
21:03:42.0622 3968 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:03:42.0637 3968 wcncsvc - ok
21:03:42.0653 3968 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:03:42.0700 3968 WcsPlugInService - ok
21:03:42.0715 3968 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:03:42.0731 3968 Wd - ok
21:03:42.0762 3968 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:03:42.0778 3968 Wdf01000 - ok
21:03:42.0793 3968 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:03:42.0856 3968 WdiServiceHost - ok
21:03:42.0856 3968 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:03:42.0887 3968 WdiSystemHost - ok
21:03:42.0903 3968 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:03:42.0918 3968 WebClient - ok
21:03:42.0949 3968 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:03:42.0981 3968 Wecsvc - ok
21:03:43.0012 3968 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:03:43.0043 3968 wercplsupport - ok
21:03:43.0059 3968 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:03:43.0090 3968 WerSvc - ok
21:03:43.0090 3968 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:03:43.0121 3968 WfpLwf - ok
21:03:43.0137 3968 [ 4D7602B0B5CA33720CBE08CBC4A9D8E3 ] WIBUKEY C:\Windows\system32\DRIVERS\WibuKey.sys
21:03:43.0152 3968 WIBUKEY - ok
21:03:43.0168 3968 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:03:43.0183 3968 WIMMount - ok
21:03:43.0215 3968 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:03:43.0230 3968 WinDefend - ok
21:03:43.0230 3968 WinHttpAutoProxySvc - ok
21:03:43.0277 3968 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:03:43.0324 3968 Winmgmt - ok
21:03:43.0355 3968 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:03:43.0402 3968 WinRM - ok
21:03:43.0433 3968 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:03:43.0449 3968 WinUsb - ok
21:03:43.0480 3968 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:03:43.0511 3968 Wlansvc - ok
21:03:43.0527 3968 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:03:43.0542 3968 WmiAcpi - ok
21:03:43.0558 3968 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:03:43.0573 3968 wmiApSrv - ok
21:03:43.0636 3968 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:03:43.0683 3968 WMPNetworkSvc - ok
21:03:43.0714 3968 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:03:43.0745 3968 WPCSvc - ok
21:03:43.0761 3968 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:03:43.0792 3968 WPDBusEnum - ok
21:03:43.0807 3968 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:03:43.0854 3968 ws2ifsl - ok
21:03:43.0870 3968 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:03:43.0917 3968 wscsvc - ok
21:03:43.0917 3968 WSearch - ok
21:03:43.0963 3968 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:03:44.0041 3968 wuauserv - ok
21:03:44.0041 3968 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:03:44.0073 3968 WudfPf - ok
21:03:44.0104 3968 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:03:44.0135 3968 WUDFRd - ok
21:03:44.0151 3968 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:03:44.0182 3968 wudfsvc - ok
21:03:44.0213 3968 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:03:44.0244 3968 WwanSvc - ok
21:03:44.0260 3968 ================ Scan global ===============================
21:03:44.0275 3968 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:03:44.0291 3968 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:03:44.0307 3968 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:03:44.0322 3968 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:03:44.0338 3968 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:03:44.0353 3968 [Global] - ok
21:03:44.0353 3968 ================ Scan MBR ==================================
21:03:44.0353 3968 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:03:44.0759 3968 \Device\Harddisk0\DR0 - ok
21:03:44.0759 3968 ================ Scan VBR ==================================
21:03:44.0759 3968 [ FA4F1FDC3D8B868E67A81228CBFBD665 ] \Device\Harddisk0\DR0\Partition1
21:03:44.0759 3968 \Device\Harddisk0\DR0\Partition1 - ok
21:03:44.0759 3968 ============================================================
21:03:44.0759 3968 Scan finished
21:03:44.0759 3968 ============================================================
21:03:44.0775 6044 Detected object count: 7
21:03:44.0775 6044 Actual detected object count: 7
21:04:59.0171 6044 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0171 6044 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:59.0171 6044 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0171 6044 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:59.0171 6044 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0171 6044 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:59.0171 6044 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0171 6044 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:59.0187 6044 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0187 6044 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:59.0187 6044 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0187 6044 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:59.0187 6044 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:59.0187 6044 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
20.09.2012, 11:21
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infiziert mit Trojan.Ransom Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.09.2012, 19:33
| #25 |
| | Infiziert mit Trojan.RansomCode:
ATTFilter ComboFix 12-09-20.02 - Admin 20.09.2012 20:21:27.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2978.2010 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-20 bis 2012-09-20 ))))))))))))))))))))))))))))))
.
.
2012-09-20 18:26 . 2012-09-20 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 19:28 . 2012-09-19 19:28 -------- d-----w- c:\users\***
2012-09-19 19:01 . 2012-09-19 19:01 -------- d-----w- c:\users\***\AppData\Local\ElevatedDiagnostics
2012-09-12 14:05 . 2012-09-12 14:05 -------- d-----w- c:\users\***\AppData\Local\Diagnostics
2012-09-12 13:43 . 2012-09-12 13:43 -------- d-----w- C:\_OTL
2012-09-12 06:51 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 06:51 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 06:51 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 06:51 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 06:51 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 06:51 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-06 19:31 . 2012-09-06 19:31 -------- d-----w- c:\program files\ESET
2012-09-06 06:36 . 2012-09-06 06:36 -------- d-----w- c:\users\***\AppData\Local\Macromedia
2012-09-05 12:31 . 2012-09-05 12:31 -------- d-----w- c:\users\***\AppData\Local\Macromedia
2012-09-05 11:50 . 2012-09-05 11:50 -------- d-----w- c:\program files\Common Files\xing shared
2012-09-05 11:32 . 2012-09-05 11:32 -------- d-----w- c:\users\***\AppData\Local\Mozilla
2012-09-05 11:26 . 2012-09-05 11:26 -------- d-----w- c:\program files\Common Files\Java
2012-09-05 11:25 . 2012-09-05 11:25 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-05 09:06 . 2012-09-05 09:06 -------- d-----w- c:\program files\Secunia
2012-09-05 08:53 . 2012-09-05 08:53 -------- d-----w- c:\users\***\AppData\Local\Mozilla
2012-09-05 08:53 . 2012-09-07 17:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-30 09:20 . 2012-08-30 09:20 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-08-30 07:42 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-30 07:42 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-30 07:40 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-30 07:30 . 2012-08-30 07:30 -------- d-----w- c:\users\***\AppData\Roaming\RealNetworks
2012-08-30 07:27 . 2012-08-30 07:27 -------- d-----w- c:\users\***\AppData\Local\WindowsUpdate
2012-08-30 07:24 . 2012-08-30 07:24 -------- d-----w- c:\users\***\AppData\Local\Secunia PSI
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2012-07-09 20:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-05 12:31 . 2012-07-13 11:06 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 12:31 . 2012-01-15 13:06 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 11:49 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-05 11:49 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-05 11:25 . 2012-01-22 15:57 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 17:47 . 2012-08-14 20:06 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-14 20:06 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-14 20:06 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16 . 2012-08-15 16:12 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-15 16:12 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-15 16:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 16:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 16:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-09-07 09:48 . 2012-09-07 09:48 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecureBanking"="c:\program files\Secure Banking\SecureBanking.exe" [2012-09-10 372736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 187672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-09-05 296096]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Secure Banking.lnk - c:\program files\Secure Banking\SecureBanking.exe [2012-9-10 372736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
2012-06-21 22:09 2786512 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-05 11:49 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\system32\IntelCpHeciSvc.exe [x]
R3 FscBapi;FscBapi;c:\windows\system32\DRIVERS\FscBapi.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 hugoio;hugoio;c:\program files\i-Menu\hugoio.sys [x]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 FscEfDmi;FscEfDmi;c:\windows\system32\DRIVERS\FscEfDmi.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SysmonCharos;SysmonCharos;c:\windows\system32\DRIVERS\SysmonCharos.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 12:31]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-28 15:05]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-28 15:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\razzfai9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-20 20:27:44
ComboFix-quarantined-files.txt 2012-09-20 18:27
.
Vor Suchlauf: 11 Verzeichnis(se), 320.150.065.152 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 320.048.041.984 Bytes frei
.
- - End Of File - - A5677F3CE9461251647BC32F9D2C60C9
|
|
21.09.2012, 11:44
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infiziert mit Trojan.Ransom Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.09.2012, 18:31
| #27 |
| | Infiziert mit Trojan.Ransom Bei aswMBR kam die beschriebene Fehlermeldung, der Scan wurde dann mit "none" durchgeführt. Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-21 18:05:10
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500DM0 rev.KC44
Running: 0e3f691p.exe; Driver: C:\Users\***\AppData\Local\Temp\afriiuoc.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8F8FE444]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8F8FDC8A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8F8FD958]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8F8FF520]
SSDT 90ECE4B6 ZwCreateSymbolicLinkObject
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8F8FDA68]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8F8FDB5A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8F8FE780]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8F8FDF9C]
SSDT 90ECE4B1 ZwOpenSection
SSDT 90ECE4E8 ZwRequestWaitReplyPort
SSDT 90ECE4E3 ZwSetContextThread
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8F8FE0D2]
SSDT 90ECE4ED ZwSetSecurityObject
SSDT 90ECE4C0 ZwSetSystemInformation
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8F8FD77E]
SSDT 90ECE4F2 ZwSystemDebugControl
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x8F8FE6C8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8F8FE2BC]
SSDT 90ECE47A ZwWriteVirtualMemory
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x82E4AFE7]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82E4AFE7] ZwOpenKey [0x82E4AFE7]
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 82E4AFFB
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E883C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC1D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82EC8E24 4 Bytes [44, E4, 8F, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82EC8E64 4 Bytes [8A, DC, 8F, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82EC8E74 4 Bytes [58, D9, 8F, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EC8EAC 4 Bytes [20, F5, 8F, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82EC8EB4 4 Bytes [B6, E4, EC, 90] {MOV DH, 0xe4; IN AL, DX ; NOP }
.text ...
.text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0x9A421000, 0x49379, 0xE0000020]
.init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0x9A477224]
.init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0x9A477000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9A47B400, 0x6EB98, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9A505C20] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9A505C20]
.protectÿÿÿÿhardlockunknown last code section [0x9A505A00, 0x50CA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9A505A00, 0x50CA, 0xE0000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2308] kernel32.dll!SetUnhandledExceptionFilter 7726F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744724CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7445562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744556EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74472546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744685AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74464D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74465105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744651DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74466707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74468301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74468850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744690B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7446E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74464C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:13:02 on 21.09.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl "styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL "Nero BurnRights 10" - "Nero AG" - C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "afriiuoc" (afriiuoc) - ? - C:\Users\***\AppData\Local\Temp\afriiuoc.sys (Hidden registry entry, rootkit activity | File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "FscBapi" (FscBapi) - ? - C:\Windows\System32\DRIVERS\FscBapi.sys (File not found) "hugoio" (hugoio) - ? - C:\Program Files\i-Menu\hugoio.sys (File found, but it contains no detailed information) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys "Spyware Terminator 2012 Realtime Shield Driver" (sp_rsdrv2) - ? - C:\Windows\system32\drivers\sp_rsdrv2.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "WIBU-KEY Kernel Driver" (WIBUKEY) - "WIBU-SYSTEMS AG" - C:\Windows\System32\DRIVERS\WibuKey.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {9F2C5BFD-3CB1-419F-9F5F-90B32ADD5BA8} "AdpShellExt Class" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Shell\AdpWShellExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {00020000-0000-1011-8004-0000C06B5161} "WIBU-SYSTEMS Shell Extension" - "WIBU-SYSTEMS AG" - C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {4B392032-A759-43ED-9469-377C80A4472D} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll {5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL {F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {F32C83B9-DF1D-42AD-9741-C52909703957} "STShellHandler" - "Crawler.com" - C:\Program Files\Spyware Terminator\STShell.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {00020000-0000-1011-8004-0000C06B5161} "WIBU-SYSTEMS Shell Extension" - "WIBU-SYSTEMS AG" - C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_265.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files\Secunia\PSI\psi_tray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SecureBanking" - ? - C:\Program Files\Secure Banking\SecureBanking.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BrStsMon00" - "Brother Industries, Ltd." - C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Autodesk Content Service" (Autodesk Content Service) - ? - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "BrYNSvc" (BrYNSvc) - "Brother Industries, Ltd." - C:\Program Files\Browny02\BrYNSvc.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Flexera Software, Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files\Secunia\PSI\PSIA.exe "Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files\Secunia\PSI\sua.exe "Spyware Terminator 2012 Realtime Shield Service" (ST2012_Svc) - "Crawler.com" - C:\Program Files\Spyware Terminator\st_rsser.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 19:20:30
-----------------------------
19:20:30.047 OS Version: Windows 6.1.7601 Service Pack 1
19:20:30.047 Number of processors: 4 586 0x2A07
19:20:30.048 ComputerName: *** UserName: ***
19:20:33.236 Initialize success
19:20:37.751 AVAST engine defs: 12092100
19:20:48.660 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:20:48.661 Disk 0 Vendor: ST500DM0 KC44 Size: 476940MB BusType: 3
19:20:48.832 Disk 0 MBR read successfully
19:20:48.833 Disk 0 MBR scan
19:20:48.836 Disk 0 Windows 7 default MBR code
19:20:48.867 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
19:20:48.991 Disk 0 scanning sectors +976768065
19:20:49.343 Disk 0 scanning C:\Windows\system32\drivers
19:21:56.476 Service scanning
19:22:17.965 Modules scanning
19:23:30.427 Disk 0 trace - called modules:
19:23:30.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
19:23:30.470 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x879731f8]
19:23:30.474 3 CLASSPNP.SYS[8b78559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85e19028]
19:23:30.477 Scan finished successfully
19:24:01.666 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
19:24:01.670 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
|
|
21.09.2012, 21:29
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infiziert mit Trojan.Ransom Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.09.2012, 17:27
| #29 |
| | Infiziert mit Trojan.RansomCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/23/2012 at 06:11 PM
Application Version : 5.5.1016
Core Rules Database Version : 9275
Trace Rules Database Version: 7087
Scan type : Complete Scan
Total Scan Time : 01:49:23
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 742
Memory threats detected : 0
Registry items scanned : 38898
Registry threats detected : 1
File items scanned : 207754
File threats detected : 244
Adware.IEPlugin
HKCR\Remove
Adware.Tracking Cookie
C:\Users***\AppData\Roaming\Microsoft\Windows\Cookies\QKYVCDKR.txt [ /2o7.net ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\6O6V65MX.txt [ Cookie:***@traffictrack.de/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\N5QNP0LZ.txt [ Cookie:***@quartermedia.de/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\Q9W62YJ0.txt [ Cookie:***@tradedoubler.com/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\GFL2BDQV.txt [ Cookie:***@de.sitestat.com/sport1/sport1-de/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\O7P2XZYV.txt [ Cookie:***@de.sitestat.com/sport1/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\ZEYDABMS.txt [ Cookie:***@ad.zanox.com/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\8UX07KGP.txt [ Cookie:***@zanox.com/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\P27930QS.txt [ Cookie:***@tracking.quisma.com/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\4DG9XDS9.txt [ Cookie:***@invitemedia.com/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\ZALC7H0W.txt [ Cookie:***@zanox-affiliate.de/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\E7TVFQAP.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\XRWHGVKU.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\Low\0SXXME30.txt [ Cookie:***@zieltrack.com/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\Low\FOAQCE1T.txt [ Cookie:***@doubleclick.net/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\Low\LQ3RSQSM.txt [ Cookie:***@ad.zanox.com/ ]
C:\USERS***\AppData\Roaming\Microsoft\Windows\Cookies\Low\IVB7VQKJ.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS***\Cookies\6O6V65MX.txt [ Cookie:***@traffictrack.de/ ]
C:\USERS***\Cookies\N5QNP0LZ.txt [ Cookie:***@quartermedia.de/ ]
C:\USERS***\Cookies\Q9W62YJ0.txt [ Cookie:***@tradedoubler.com/ ]
C:\USERS***\Cookies\GFL2BDQV.txt [ Cookie:***@de.sitestat.com/sport1/sport1-de/ ]
C:\USERS***\Cookies\O7P2XZYV.txt [ Cookie:***@de.sitestat.com/sport1/ ]
C:\USERS***\Cookies\ZEYDABMS.txt [ Cookie:***@ad.zanox.com/ ]
C:\USERS***\Cookies\8UX07KGP.txt [ Cookie:***@zanox.com/ ]
C:\USERS***\Cookies\P27930QS.txt [ Cookie:***@tracking.quisma.com/ ]
C:\USERS***\Cookies\4DG9XDS9.txt [ Cookie:***@invitemedia.com/ ]
C:\USERS***\Cookies\ZALC7H0W.txt [ Cookie:***@zanox-affiliate.de/ ]
C:\USERS***\Cookies\E7TVFQAP.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS***\Cookies\XRWHGVKU.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]
.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RAZZFAI9.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.tradetracker.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTSFKT01.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.ad2.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.ad4.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.de.sitestat.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.de.sitestat.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.ad1.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.ad.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.ad.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
server.lon.liveperson.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.tradetracker.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.office-discount.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.office-discount.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.office-discount.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjloejdzmdp.stats.esomniture.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wdk4goazefo.stats.esomniture.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
count.asnetworks.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.ingfinder.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.ingfinder.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.netgear.122.2o7.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TAOGVTI.DEFAULT\COOKIES.SQLITE ]
Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.23.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: ***PC-TOWER [Administrator] Schutz: Deaktiviert 23.09.2012 12:28:50 mbam-log-2012-09-23 (12-28-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 467249 Laufzeit: 2 Stunde(n), 6 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
23.09.2012, 19:00
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infiziert mit Trojan.Ransom Sieht ok aus, da wurden nur Cookies und ein Überrest gefunden, kann alles weg. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Infiziert mit Trojan.Ransom |
| angehängt, datei, dateien, entferne, entfernen, folge, folgendes, gefunde, infiziert, kontrolle, log, log datei, malwarebytes, mbam, quarantäne, scan, suchlauf, tojan.ransom, troja, trojan.ransom, weiterer |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
