| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.09.2012, 21:42
| #1 |
| |  Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe Hallo zusammen, seit vorgestern findet Secure Banking bei meinen IE Malware. Der könnte aber auch schon vorher verseucht sein, da ich mit dem Firefox immer surfe. Bei Opera und FF bekomme ich eine saubere Meldung. Code:
ATTFilter ========================================
[08.09.2012 - 20:08:17] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
InternetReadFile: JMP 0x695353C0
InternetQueryDataAvailable: JMP 0x69534D40
InternetCloseHandle: JMP 0x695352A0
========================================
========================================
[08.09.2012 - 20:09:18] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
InternetReadFile: JMP 0x695353C0
InternetQueryDataAvailable: JMP 0x69534D40
InternetCloseHandle: JMP 0x695352A0
========================================
========================================
[08.09.2012 - 20:10:07] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
InternetReadFile: JMP 0x694F53C0
InternetQueryDataAvailable: JMP 0x694F4D40
InternetCloseHandle: JMP 0x694F52A0
========================================
========================================
[08.09.2012 - 20:12:48] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
InternetReadFile: JMP 0x694F53C0
InternetQueryDataAvailable: JMP 0x694F4D40
InternetCloseHandle: JMP 0x694F52A0
========================================
========================================
[09.09.2012 - 07:49:50] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
InternetReadFile: JMP 0x686C53C0
InternetQueryDataAvailable: JMP 0x686C4D40
InternetCloseHandle: JMP 0x686C52A0
========================================
========================================
[09.09.2012 - 07:51:59] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
InternetReadFile: JMP 0x66A353C0
InternetQueryDataAvailable: JMP 0x66A34D40
InternetCloseHandle: JMP 0x66A352A0
========================================
========================================
[09.09.2012 - 07:52:19] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
InternetReadFile: JMP 0x66A353C0
InternetQueryDataAvailable: JMP 0x66A34D40
InternetCloseHandle: JMP 0x66A352A0
========================================
========================================
[09.09.2012 - 07:54:24] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
InternetReadFile: JMP 0x66A353C0
InternetQueryDataAvailable: JMP 0x66A34D40
InternetCloseHandle: JMP 0x66A352A0
========================================
========================================
[10.09.2012 - 17:57:39] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
InternetReadFile: JMP 0x67F053C0
InternetQueryDataAvailable: JMP 0x67F04D40
InternetCloseHandle: JMP 0x67F052A0
========================================
========================================
[10.09.2012 - 18:34:18] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
InternetReadFile: JMP 0x6A4E53C0
InternetQueryDataAvailable: JMP 0x6A4E4D40
InternetCloseHandle: JMP 0x6A4E52A0
========================================
========================================
[10.09.2012 - 22:15:07] Malware gefunden!
----------------------------------------
Malware: Unbekannt
----------------------------------------
Infizierter Prozess: iexplore.exe
----------------------------------------
Infizierte Funktionen:
InternetReadFile: JMP 0x6B0053C0
InternetQueryDataAvailable: JMP 0x6B004D40
InternetCloseHandle: JMP 0x6B0052A0
========================================
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 AtomicJunkie :: AJ-PC [Administrator] Schutz: Aktiviert 10.09.2012 19:34:28 mbam-log-2012-09-10 (19-34-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 595281 Laufzeit: 2 Stunde(n), 5 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 F:\Andreas_Feat._Julia_Lav--Retaliation-_SPR_013_-WEB-2012-WUS.rar.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\FileMates Download Manager.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Platte Games\Games\Game Tools\Guild Wars Visions\updater.exe (Trojan.Dropper.PGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Platte Games\Games\Game Tools\Guild Wars Visions\Visions.exe (Trojan.Dropper.PGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
11.09.2012, 10:20
| #2 | |
| /// Malware-holic   | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exeCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
11.09.2012, 16:49
| #3 |
| | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe Vielen Dank wieder vorab. Habe leider vergessen den Windows Defender zu deaktivieren.
__________________Code:
ATTFilter ComboFix 12-09-11.02 - AtomicJunkie 11.09.2012 17:10:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2523 [GMT 2:00]
ausgeführt von:: c:\users\AtomicJunkie\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\l_u0_0.pad
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\DownloadnSave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\Uninstall.lnk
c:\programdata\xml17D3.tmp
c:\programdata\xml196A.tmp
c:\programdata\xml1AB3.tmp
F:\setup.exe
G:\Autorun.inf
G:\Setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-11 bis 2012-09-11 ))))))))))))))))))))))))))))))
.
.
2012-09-11 14:57 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20570E8D-D474-4F31-B4C6-2B1D7EDD4E59}\mpengine.dll
2012-09-10 15:56 . 2012-09-10 15:56 -------- d-----w- c:\program files (x86)\Secure Banking
2012-09-07 18:12 . 2012-09-07 18:12 -------- d-----w- c:\users\AtomicJunkie\AppData\Roaming\Creative
2012-09-07 13:39 . 2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE
2012-09-07 13:39 . 2012-09-07 14:01 -------- d-----w- c:\program files\Creative
2012-09-07 13:39 . 2012-09-07 13:39 -------- d-----w- c:\program files (x86)\Common Files\Creative
2012-09-07 13:39 . 2012-09-07 14:01 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2012-09-07 13:38 . 2009-02-17 15:33 106496 ----a-w- c:\windows\SysWow64\cttele32.dll
2012-09-07 13:38 . 2009-02-17 15:33 113152 ----a-w- c:\windows\system32\cttele64.dll
2012-09-07 13:38 . 2008-12-02 03:41 57856 ----a-w- c:\windows\system32\ctppld.dll
2012-09-07 13:38 . 2008-12-02 03:41 568832 ----a-w- c:\windows\system32\CTAPO64.dll
2012-09-07 13:38 . 2008-12-02 03:40 497664 ----a-w- c:\windows\SysWow64\CTAPO32.dll
2012-09-07 13:38 . 2008-07-10 08:00 595188 ----a-w- c:\windows\SysWow64\APOIM64.exe
2012-09-07 13:38 . 2008-06-02 01:42 72704 ----a-w- c:\windows\system32\CTMLFX64.dll
2012-09-07 13:38 . 2007-07-11 02:34 782336 ----a-w- c:\windows\SysWow64\oalinst.exe
2012-09-07 13:38 . 2007-03-13 02:33 99064 ----a-w- c:\windows\system32\ctpxst64.exe
2012-09-07 13:38 . 2007-03-13 02:32 89336 ----a-w- c:\windows\SysWow64\ctpxst32.exe
2012-09-07 13:38 . 2006-12-05 06:52 48400 ----a-w- c:\windows\SysWow64\AddCat.exe
2012-09-07 13:24 . 2012-09-07 13:24 -------- d--h--w- c:\program files (x86)\Temp
2012-09-06 18:53 . 2007-09-13 16:05 2560 ----a-w- c:\windows\system32\CTXFIGER.DLL
2012-09-06 18:53 . 2007-09-13 02:05 2560 ----a-w- c:\windows\SysWow64\CTXFIGER.DLL
2012-09-06 18:51 . 2009-09-11 09:06 166912 ------w- c:\windows\SysWow64\CTOPT352.dll
2012-09-06 18:51 . 2009-09-11 09:06 183296 ------w- c:\windows\system32\CTOPT352.dll
2012-09-06 18:51 . 2008-12-22 18:13 61440 ------w- c:\windows\SysWow64\CTChkAud.dll
2012-09-06 18:51 . 2008-12-22 18:13 49664 ------w- c:\windows\system32\CTChkAud.dll
2012-09-06 18:51 . 2006-12-05 11:53 42496 ------w- c:\windows\system32\AddCat.exe
2012-09-06 18:51 . 2012-09-07 12:18 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2012-09-04 18:15 . 2012-09-04 18:15 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-09-04 18:15 . 2012-09-06 18:08 -------- d-----w- c:\program files (x86)\McAfee
2012-09-01 07:14 . 2012-09-01 07:14 -------- d-----w- c:\programdata\Premium
2012-09-01 07:14 . 2012-09-03 16:39 -------- d-----w- c:\programdata\InstallMate
2012-08-30 15:07 . 2012-08-30 15:07 -------- d-----w- c:\programdata\McAfee Security Scan
2012-08-30 15:07 . 2012-08-30 15:50 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-08-15 15:58 . 2012-08-17 12:59 -------- d-----w- c:\users\AtomicJunkie\AppData\Roaming\HLSW
2012-08-15 15:27 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 15:27 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 15:26 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 15:26 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 15:26 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 15:26 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 15:26 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 15:26 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 15:26 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 15:26 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 15:26 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 15:26 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 19:31 . 2010-12-29 23:25 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-10 19:31 . 2010-12-26 15:21 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-10 19:31 . 2010-12-26 15:21 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-30 15:07 . 2012-03-31 19:26 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 15:07 . 2011-05-14 06:45 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-04-26 20:19 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24 . 2011-02-03 17:10 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-15 20:15 . 2010-12-20 21:00 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 11:46 . 2012-07-02 18:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecureBanking"="c:\program files (x86)\Secure Banking\SecureBanking.exe" [2012-09-10 372736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"AsioThk32Reg"="CTASIO.DLL" [2009-07-13 51712]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-07-13 24576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2009-07-13 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 a4djavs_x64;a4djavs_x64;c:\windows\system32\Drivers\a4djavs_x64.sys [2009-10-08 44624]
R3 a4djusb_x64;a4djusb_x64;c:\windows\system32\Drivers\a4djusb_x64.sys [2009-10-08 300112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-08-25 35840]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-19 158808]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-19 158808]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-09-07 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-07-14 230424]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-19 706648]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-19 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-19 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-19 141912]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-07-14 1445912]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-07-14 95256]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-19 681048]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-19 681048]
R3 dpclat_driver;dpclat_driver;c:\windows\system32\drivers\dpclat_driver.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-16 5827072]
S3 a4djavs;Audio 4 DJ WDM Audio;c:\windows\system32\Drivers\a4djavs.sys [2012-02-22 358480]
S3 a4djusb_svc;Audio 4 DJ;c:\windows\system32\Drivers\a4djusb.sys [2012-02-22 97360]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-07-14 230424]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-07-14 1445912]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-07-14 95256]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-07-14 1613336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = socks=81.211.74.66:1080
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\AtomicJunkie\AppData\Roaming\Mozilla\Firefox\Profiles\6o5xh4ef.default\
FF - prefs.js: browser.search.selectedEngine - 4Shared
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&q=
FF - prefs.js: network.proxy.gopher - 189.44.232.22
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 111.252.67.203
FF - prefs.js: network.proxy.http_port - 8909
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-Native Instruments Audio 4 DJ - c:\programdata\{C6C9399D-32D3-433D-9F30-2B12D026FEDE}\Audio 4 DJ Setup PC.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-11 17:24:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-11 15:24
.
Vor Suchlauf: 13 Verzeichnis(se), 405.369.147.392 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 406.165.463.040 Bytes frei
.
- - End Of File - - 9BFE53A85EAAD27A6414507187F81241
|
|
11.09.2012, 18:17
| #4 |
| /// Malware-holic | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.09.2012, 19:28
| #5 |
| | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exeCode:
ATTFilter 20:22:49.0309 1360 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:22:49.0539 1360 ============================================================
20:22:49.0539 1360 Current date / time: 2012/09/11 20:22:49.0539
20:22:49.0539 1360 SystemInfo:
20:22:49.0539 1360
20:22:49.0539 1360 OS Version: 6.1.7601 ServicePack: 1.0
20:22:49.0539 1360 Product type: Workstation
20:22:49.0539 1360 ComputerName: AJ-PC
20:22:49.0539 1360 UserName: AtomicJunkie
20:22:49.0539 1360 Windows directory: C:\Windows
20:22:49.0539 1360 System windows directory: C:\Windows
20:22:49.0539 1360 Running under WOW64
20:22:49.0539 1360 Processor architecture: Intel x64
20:22:49.0539 1360 Number of processors: 4
20:22:49.0539 1360 Page size: 0x1000
20:22:49.0539 1360 Boot type: Normal boot
20:22:49.0539 1360 ============================================================
20:22:52.0193 1360 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:22:52.0208 1360 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:22:52.0286 1360 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x49079, SectorsPerTrack: 0x3E, TracksPerCylinder: 0x9E, Type 'W'
20:22:52.0302 1360 Drive \Device\Harddisk3\DR3 - Size: 0x78300000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:22:52.0318 1360 ============================================================
20:22:52.0318 1360 \Device\Harddisk0\DR0:
20:22:52.0318 1360 MBR partitions:
20:22:52.0318 1360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x57E1429
20:22:52.0318 1360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x57E1468, BlocksNum 0x179E3119
20:22:52.0318 1360 \Device\Harddisk1\DR1:
20:22:52.0333 1360 MBR partitions:
20:22:52.0333 1360 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:22:52.0333 1360 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:22:52.0333 1360 \Device\Harddisk2\DR2:
20:22:52.0333 1360 MBR partitions:
20:22:52.0333 1360 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
20:22:52.0333 1360 \Device\Harddisk3\DR3:
20:22:52.0333 1360 MBR partitions:
20:22:52.0333 1360 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0xFD, BlocksNum 0x3C1703
20:22:52.0333 1360 ============================================================
20:22:52.0349 1360 C: <-> \Device\Harddisk1\DR1\Partition2
20:22:52.0349 1360 G: <-> \Device\Harddisk2\DR2\Partition1
20:22:52.0364 1360 E: <-> \Device\Harddisk0\DR0\Partition1
20:22:52.0380 1360 F: <-> \Device\Harddisk0\DR0\Partition2
20:22:52.0380 1360 ============================================================
20:22:52.0380 1360 Initialize success
20:22:52.0380 1360 ============================================================
20:23:10.0960 2944 ============================================================
20:23:10.0960 2944 Scan started
20:23:10.0960 2944 Mode: Manual; SigCheck; TDLFS;
20:23:10.0960 2944 ============================================================
20:23:11.0693 2944 ================ Scan system memory ========================
20:23:11.0693 2944 System memory - ok
20:23:11.0693 2944 ================ Scan services =============================
20:23:11.0802 2944 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:23:11.0896 2944 1394ohci - ok
20:23:11.0927 2944 [ 16B11C9746FC26536151C51AFE994802 ] a4djavs C:\Windows\system32\Drivers\a4djavs.sys
20:23:11.0942 2944 a4djavs - ok
20:23:11.0974 2944 [ E4D890B1EDF97951F696B15E83B742E0 ] a4djavs_x64 C:\Windows\system32\Drivers\a4djavs_x64.sys
20:23:11.0974 2944 a4djavs_x64 - ok
20:23:12.0005 2944 [ 675DE307E02D58D70D19D55CCCEAB815 ] a4djusb_svc C:\Windows\system32\Drivers\a4djusb.sys
20:23:12.0020 2944 a4djusb_svc - ok
20:23:12.0036 2944 [ 526D6FCE756E0D1C266696211B1AF4BD ] a4djusb_x64 C:\Windows\system32\Drivers\a4djusb_x64.sys
20:23:12.0052 2944 a4djusb_x64 - ok
20:23:12.0067 2944 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:23:12.0083 2944 ACPI - ok
20:23:12.0114 2944 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:23:12.0130 2944 AcpiPmi - ok
20:23:12.0239 2944 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:23:12.0254 2944 AdobeARMservice - ok
20:23:12.0364 2944 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:23:12.0395 2944 AdobeFlashPlayerUpdateSvc - ok
20:23:12.0426 2944 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:23:12.0473 2944 adp94xx - ok
20:23:12.0488 2944 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:23:12.0504 2944 adpahci - ok
20:23:12.0520 2944 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:23:12.0535 2944 adpu320 - ok
20:23:12.0566 2944 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:23:12.0582 2944 AeLookupSvc - ok
20:23:12.0629 2944 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:23:12.0660 2944 AFD - ok
20:23:12.0691 2944 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:23:12.0691 2944 agp440 - ok
20:23:12.0707 2944 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:23:12.0722 2944 ALG - ok
20:23:12.0738 2944 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:23:12.0738 2944 aliide - ok
20:23:12.0769 2944 [ DCEEE24E57E8176115207312F827C130 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:23:12.0769 2944 AMD External Events Utility - ok
20:23:12.0832 2944 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
20:23:12.0863 2944 AMD Reservation Manager - ok
20:23:12.0878 2944 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:23:12.0910 2944 amdide - ok
20:23:12.0941 2944 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
20:23:12.0941 2944 amdiox64 - ok
20:23:12.0956 2944 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:23:12.0972 2944 AmdK8 - ok
20:23:13.0128 2944 [ F6640D83AF0FD74C50E23E68548EA9A0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:23:13.0190 2944 amdkmdag - ok
20:23:13.0222 2944 [ 20B63276A1920B41E1C56720B395049B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:23:13.0222 2944 amdkmdap - ok
20:23:13.0253 2944 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:23:13.0268 2944 AmdPPM - ok
20:23:13.0300 2944 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:23:13.0300 2944 amdsata - ok
20:23:13.0315 2944 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:23:13.0331 2944 amdsbs - ok
20:23:13.0346 2944 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:23:13.0346 2944 amdxata - ok
20:23:13.0409 2944 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:23:13.0440 2944 AntiVirSchedulerService - ok
20:23:13.0456 2944 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:23:13.0471 2944 AntiVirService - ok
20:23:13.0518 2944 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:23:13.0580 2944 AppID - ok
20:23:13.0612 2944 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:23:13.0643 2944 AppIDSvc - ok
20:23:13.0658 2944 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:23:13.0690 2944 Appinfo - ok
20:23:13.0736 2944 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:23:13.0768 2944 Apple Mobile Device - ok
20:23:13.0799 2944 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:23:13.0799 2944 arc - ok
20:23:13.0814 2944 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:23:13.0830 2944 arcsas - ok
20:23:13.0924 2944 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:23:13.0939 2944 aspnet_state - ok
20:23:13.0955 2944 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:23:13.0986 2944 AsyncMac - ok
20:23:14.0017 2944 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:23:14.0017 2944 atapi - ok
20:23:14.0064 2944 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:23:14.0080 2944 AtiHDAudioService - ok
20:23:14.0236 2944 [ F6640D83AF0FD74C50E23E68548EA9A0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:23:14.0298 2944 atikmdag - ok
20:23:14.0329 2944 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
20:23:14.0345 2944 AtiPcie - ok
20:23:14.0392 2944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:23:14.0438 2944 AudioEndpointBuilder - ok
20:23:14.0454 2944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:23:14.0470 2944 AudioSrv - ok
20:23:14.0485 2944 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:23:14.0501 2944 avgntflt - ok
20:23:14.0532 2944 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:23:14.0548 2944 avipbb - ok
20:23:14.0563 2944 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:23:14.0563 2944 avkmgr - ok
20:23:14.0594 2944 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:23:14.0641 2944 AxInstSV - ok
20:23:14.0657 2944 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:23:14.0688 2944 b06bdrv - ok
20:23:14.0688 2944 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:23:14.0704 2944 b57nd60a - ok
20:23:14.0719 2944 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:23:14.0735 2944 BDESVC - ok
20:23:14.0735 2944 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:23:14.0766 2944 Beep - ok
20:23:14.0813 2944 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:23:14.0860 2944 BFE - ok
20:23:14.0891 2944 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:23:14.0922 2944 BITS - ok
20:23:14.0938 2944 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:23:14.0938 2944 blbdrive - ok
20:23:15.0000 2944 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:23:15.0031 2944 Bonjour Service - ok
20:23:15.0047 2944 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:23:15.0062 2944 bowser - ok
20:23:15.0078 2944 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:23:15.0094 2944 BrFiltLo - ok
20:23:15.0094 2944 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:23:15.0109 2944 BrFiltUp - ok
20:23:15.0156 2944 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:23:15.0218 2944 BridgeMP - ok
20:23:15.0234 2944 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:23:15.0250 2944 Browser - ok
20:23:15.0265 2944 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:23:15.0281 2944 Brserid - ok
20:23:15.0281 2944 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:23:15.0296 2944 BrSerWdm - ok
20:23:15.0312 2944 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:23:15.0312 2944 BrUsbMdm - ok
20:23:15.0312 2944 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:23:15.0328 2944 BrUsbSer - ok
20:23:15.0343 2944 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:23:15.0343 2944 BTHMODEM - ok
20:23:15.0374 2944 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:23:15.0390 2944 bthserv - ok
20:23:15.0452 2944 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
20:23:15.0468 2944 BVRPMPR5a64 - ok
20:23:15.0499 2944 catchme - ok
20:23:15.0530 2944 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:23:15.0562 2944 cdfs - ok
20:23:15.0593 2944 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:23:15.0624 2944 cdrom - ok
20:23:15.0671 2944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:23:15.0718 2944 CertPropSvc - ok
20:23:15.0749 2944 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:23:15.0764 2944 circlass - ok
20:23:15.0780 2944 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:23:15.0796 2944 CLFS - ok
20:23:15.0842 2944 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:23:15.0874 2944 clr_optimization_v2.0.50727_32 - ok
20:23:15.0889 2944 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:23:15.0905 2944 clr_optimization_v2.0.50727_64 - ok
20:23:15.0952 2944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:23:15.0983 2944 clr_optimization_v4.0.30319_32 - ok
20:23:15.0983 2944 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:23:15.0998 2944 clr_optimization_v4.0.30319_64 - ok
20:23:16.0014 2944 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:23:16.0030 2944 CmBatt - ok
20:23:16.0045 2944 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:23:16.0061 2944 cmdide - ok
20:23:16.0092 2944 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:23:16.0108 2944 CNG - ok
20:23:16.0139 2944 [ F38ACFF40E9EDC2B3476EDD724CEA4A0 ] COMMONFX C:\Windows\system32\drivers\COMMONFX.SYS
20:23:16.0154 2944 COMMONFX - ok
20:23:16.0170 2944 [ F38ACFF40E9EDC2B3476EDD724CEA4A0 ] COMMONFX.SYS C:\Windows\System32\drivers\COMMONFX.SYS
20:23:16.0170 2944 COMMONFX.SYS - ok
20:23:16.0186 2944 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:23:16.0186 2944 Compbatt - ok
20:23:16.0217 2944 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:23:16.0248 2944 CompositeBus - ok
20:23:16.0264 2944 COMSysApp - ok
20:23:16.0264 2944 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:23:16.0279 2944 crcdisk - ok
20:23:16.0342 2944 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
20:23:16.0342 2944 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:23:16.0342 2944 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:23:16.0388 2944 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
20:23:16.0388 2944 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:23:16.0388 2944 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:23:16.0435 2944 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:23:16.0466 2944 CryptSvc - ok
20:23:16.0482 2944 [ E756EF26B1F90F5E01A158DBAA17633B ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
20:23:16.0498 2944 CT20XUT - ok
20:23:16.0513 2944 [ E756EF26B1F90F5E01A158DBAA17633B ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
20:23:16.0513 2944 CT20XUT.SYS - ok
20:23:16.0544 2944 [ 6A451CCA41B89B2A742C53765F838026 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
20:23:16.0560 2944 ctac32k - ok
20:23:16.0576 2944 [ 99F6F1C63C0371DC71CBFF91D0CA5788 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
20:23:16.0591 2944 ctaud2k - ok
20:23:16.0622 2944 [ 17979EE857E930CBFDF24A12E89D77A1 ] CTAUDFX C:\Windows\system32\drivers\CTAUDFX.SYS
20:23:16.0638 2944 CTAUDFX - ok
20:23:16.0654 2944 [ 17979EE857E930CBFDF24A12E89D77A1 ] CTAUDFX.SYS C:\Windows\System32\drivers\CTAUDFX.SYS
20:23:16.0654 2944 CTAUDFX.SYS - ok
20:23:16.0732 2944 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
20:23:16.0747 2944 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
20:23:16.0747 2944 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
20:23:16.0763 2944 [ FE3EAE37536C02D087E5C5D339663779 ] CTERFXFX C:\Windows\system32\drivers\CTERFXFX.SYS
20:23:16.0778 2944 CTERFXFX - ok
20:23:16.0778 2944 [ FE3EAE37536C02D087E5C5D339663779 ] CTERFXFX.SYS C:\Windows\System32\drivers\CTERFXFX.SYS
20:23:16.0794 2944 CTERFXFX.SYS - ok
20:23:16.0825 2944 [ 2B63B90CEA9398D992EF35111A9A2FD6 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
20:23:16.0856 2944 CTEXFIFX - ok
20:23:16.0872 2944 [ 2B63B90CEA9398D992EF35111A9A2FD6 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
20:23:16.0903 2944 CTEXFIFX.SYS - ok
20:23:16.0903 2944 [ E6A1CFC352F5DD1D9DD19A44E95D4E16 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
20:23:16.0919 2944 CTHWIUT - ok
20:23:16.0919 2944 [ E6A1CFC352F5DD1D9DD19A44E95D4E16 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
20:23:16.0919 2944 CTHWIUT.SYS - ok
20:23:16.0934 2944 [ 814DA956ECAC0449FB57EA077BC276D3 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
20:23:16.0934 2944 ctprxy2k - ok
20:23:16.0950 2944 [ 4A7DE2E30B2B9253933A157401EC76D5 ] CTSBLFX C:\Windows\system32\drivers\CTSBLFX.SYS
20:23:16.0966 2944 CTSBLFX - ok
20:23:16.0981 2944 [ 4A7DE2E30B2B9253933A157401EC76D5 ] CTSBLFX.SYS C:\Windows\System32\drivers\CTSBLFX.SYS
20:23:16.0981 2944 CTSBLFX.SYS - ok
20:23:16.0997 2944 [ 98D972106C1A12E8CFE6B029E11473AA ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
20:23:17.0012 2944 ctsfm2k - ok
20:23:17.0059 2944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:23:17.0106 2944 DcomLaunch - ok
20:23:17.0168 2944 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:23:17.0231 2944 defragsvc - ok
20:23:17.0262 2944 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:23:17.0278 2944 DfsC - ok
20:23:17.0293 2944 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:23:17.0324 2944 Dhcp - ok
20:23:17.0340 2944 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:23:17.0356 2944 discache - ok
20:23:17.0371 2944 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:23:17.0387 2944 Disk - ok
20:23:17.0418 2944 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:23:17.0418 2944 Dnscache - ok
20:23:17.0449 2944 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:23:17.0465 2944 dot3svc - ok
20:23:17.0496 2944 dpclat_driver - ok
20:23:17.0512 2944 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:23:17.0558 2944 DPS - ok
20:23:17.0590 2944 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:23:17.0605 2944 drmkaud - ok
20:23:17.0636 2944 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:23:17.0683 2944 DXGKrnl - ok
20:23:17.0699 2944 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:23:17.0730 2944 EapHost - ok
20:23:17.0777 2944 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:23:17.0808 2944 ebdrv - ok
20:23:17.0839 2944 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:23:17.0839 2944 EFS - ok
20:23:17.0886 2944 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:23:17.0933 2944 ehRecvr - ok
20:23:17.0948 2944 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:23:17.0980 2944 ehSched - ok
20:23:18.0011 2944 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:23:18.0026 2944 elxstor - ok
20:23:18.0058 2944 [ 659FB9DAF4E6ED15FFAA69E4B29EF092 ] emupia C:\Windows\system32\drivers\emupia2k.sys
20:23:18.0073 2944 emupia - ok
20:23:18.0104 2944 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
20:23:18.0120 2944 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
20:23:18.0120 2944 epmntdrv - detected UnsignedFile.Multi.Generic (1)
20:23:18.0151 2944 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:23:18.0182 2944 ErrDev - ok
20:23:18.0198 2944 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
20:23:18.0214 2944 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
20:23:18.0214 2944 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
20:23:18.0229 2944 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:23:18.0260 2944 EventSystem - ok
20:23:18.0276 2944 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:23:18.0292 2944 exfat - ok
20:23:18.0307 2944 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:23:18.0338 2944 fastfat - ok
20:23:18.0370 2944 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:23:18.0385 2944 Fax - ok
20:23:18.0401 2944 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:23:18.0401 2944 fdc - ok
20:23:18.0416 2944 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:23:18.0448 2944 fdPHost - ok
20:23:18.0448 2944 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:23:18.0479 2944 FDResPub - ok
20:23:18.0479 2944 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:23:18.0494 2944 FileInfo - ok
20:23:18.0510 2944 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:23:18.0526 2944 Filetrace - ok
20:23:18.0541 2944 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:23:18.0557 2944 flpydisk - ok
20:23:18.0588 2944 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:23:18.0588 2944 FltMgr - ok
20:23:18.0635 2944 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:23:18.0666 2944 FontCache - ok
20:23:18.0713 2944 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:23:18.0728 2944 FontCache3.0.0.0 - ok
20:23:18.0791 2944 [ 9513B437B7ADB1E6065B7F0D83D11ECF ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
20:23:18.0806 2944 FreeAgentGoNext Service - ok
20:23:18.0822 2944 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:23:18.0838 2944 FsDepends - ok
20:23:18.0869 2944 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:23:18.0884 2944 Fs_Rec - ok
20:23:18.0916 2944 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:23:18.0962 2944 fvevol - ok
20:23:18.0978 2944 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:23:18.0978 2944 gagp30kx - ok
20:23:19.0009 2944 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:23:19.0025 2944 GEARAspiWDM - ok
20:23:19.0056 2944 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:23:19.0072 2944 gpsvc - ok
20:23:19.0118 2944 [ 7CB466F6D66D0B2446E9366ED7F51627 ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
20:23:19.0150 2944 ha20x22k - ok
20:23:19.0165 2944 [ 99801E11163FEA2F3919DBE2386A61D6 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
20:23:19.0196 2944 ha20x2k - ok
20:23:19.0196 2944 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:23:19.0212 2944 hcw85cir - ok
20:23:19.0243 2944 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:23:19.0259 2944 HdAudAddService - ok
20:23:19.0290 2944 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:23:19.0290 2944 HDAudBus - ok
20:23:19.0306 2944 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:23:19.0321 2944 HidBatt - ok
20:23:19.0321 2944 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:23:19.0337 2944 HidBth - ok
20:23:19.0352 2944 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:23:19.0352 2944 HidIr - ok
20:23:19.0368 2944 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:23:19.0399 2944 hidserv - ok
20:23:19.0415 2944 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:23:19.0415 2944 HidUsb - ok
20:23:19.0446 2944 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:23:19.0462 2944 hkmsvc - ok
20:23:19.0493 2944 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:23:19.0508 2944 HomeGroupListener - ok
20:23:19.0524 2944 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:23:19.0540 2944 HomeGroupProvider - ok
20:23:19.0555 2944 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:23:19.0555 2944 HpSAMD - ok
20:23:19.0602 2944 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:23:19.0633 2944 HTTP - ok
20:23:19.0664 2944 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:23:19.0664 2944 hwpolicy - ok
20:23:19.0696 2944 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:23:19.0696 2944 i8042prt - ok
20:23:19.0727 2944 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:23:19.0727 2944 iaStorV - ok
20:23:19.0758 2944 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:23:19.0774 2944 idsvc - ok
20:23:19.0774 2944 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:23:19.0789 2944 iirsp - ok
20:23:19.0805 2944 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:23:19.0836 2944 IKEEXT - ok
20:23:19.0836 2944 IntcAzAudAddService - ok
20:23:19.0852 2944 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:23:19.0867 2944 intelide - ok
20:23:19.0883 2944 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:23:19.0883 2944 intelppm - ok
20:23:19.0914 2944 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:23:19.0930 2944 IPBusEnum - ok
20:23:19.0945 2944 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:23:19.0976 2944 IpFilterDriver - ok
20:23:20.0008 2944 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:23:20.0054 2944 iphlpsvc - ok
20:23:20.0070 2944 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:23:20.0086 2944 IPMIDRV - ok
20:23:20.0101 2944 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:23:20.0117 2944 IPNAT - ok
20:23:20.0195 2944 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:23:20.0226 2944 iPod Service - ok
20:23:20.0242 2944 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:23:20.0257 2944 IRENUM - ok
20:23:20.0273 2944 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:23:20.0273 2944 isapnp - ok
20:23:20.0304 2944 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:23:20.0320 2944 iScsiPrt - ok
20:23:20.0398 2944 [ 0D2DA1C6D8ED85F51E3758EAE22455F2 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe
20:23:20.0413 2944 JMB36X - ok
20:23:20.0444 2944 [ 50DE7DD7EDB1B512B13666588AEFBF6F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
20:23:20.0476 2944 JRAID - ok
20:23:20.0507 2944 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:23:20.0522 2944 kbdclass - ok
20:23:20.0538 2944 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:23:20.0554 2944 kbdhid - ok
20:23:20.0554 2944 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:23:20.0569 2944 KeyIso - ok
20:23:20.0585 2944 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:23:20.0616 2944 KSecDD - ok
20:23:20.0647 2944 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:23:20.0678 2944 KSecPkg - ok
20:23:20.0694 2944 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:23:20.0725 2944 ksthunk - ok
20:23:20.0756 2944 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:23:20.0772 2944 KtmRm - ok
20:23:20.0803 2944 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:23:20.0866 2944 LanmanServer - ok
20:23:20.0881 2944 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:23:20.0912 2944 LanmanWorkstation - ok
20:23:20.0975 2944 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:23:20.0990 2944 LBTServ - ok
20:23:21.0022 2944 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:23:21.0022 2944 LHidFilt - ok
20:23:21.0037 2944 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:23:21.0068 2944 lltdio - ok
20:23:21.0084 2944 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:23:21.0115 2944 lltdsvc - ok
20:23:21.0131 2944 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:23:21.0146 2944 lmhosts - ok
20:23:21.0162 2944 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:23:21.0178 2944 LMouFilt - ok
20:23:21.0193 2944 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:23:21.0224 2944 LSI_FC - ok
20:23:21.0240 2944 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:23:21.0256 2944 LSI_SAS - ok
20:23:21.0271 2944 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:23:21.0287 2944 LSI_SAS2 - ok
20:23:21.0287 2944 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:23:21.0302 2944 LSI_SCSI - ok
20:23:21.0334 2944 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:23:21.0365 2944 luafv - ok
20:23:21.0396 2944 [ B8BE35421B9E8DC1AB4B0CB7B9B0328B ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
20:23:21.0412 2944 LUsbFilt - ok
20:23:21.0458 2944 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:23:21.0490 2944 MBAMProtector - ok
20:23:21.0552 2944 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:23:21.0599 2944 MBAMService - ok
20:23:21.0630 2944 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
20:23:21.0646 2944 McAfee SiteAdvisor Service - ok
20:23:21.0708 2944 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
20:23:21.0739 2944 McComponentHostService - ok
20:23:21.0770 2944 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:23:21.0802 2944 Mcx2Svc - ok
20:23:21.0802 2944 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:23:21.0817 2944 megasas - ok
20:23:21.0833 2944 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:23:21.0848 2944 MegaSR - ok
20:23:21.0895 2944 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:23:21.0911 2944 Microsoft Office Groove Audit Service - ok
20:23:21.0942 2944 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:23:21.0973 2944 MMCSS - ok
20:23:22.0004 2944 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:23:22.0036 2944 Modem - ok
20:23:22.0067 2944 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:23:22.0067 2944 monitor - ok
20:23:22.0114 2944 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
20:23:22.0129 2944 mouclass - ok
20:23:22.0160 2944 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:23:22.0160 2944 mouhid - ok
20:23:22.0192 2944 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:23:22.0207 2944 mountmgr - ok
20:23:22.0254 2944 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:23:22.0285 2944 MozillaMaintenance - ok
20:23:22.0301 2944 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:23:22.0316 2944 mpio - ok
20:23:22.0332 2944 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:23:22.0348 2944 mpsdrv - ok
20:23:22.0379 2944 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:23:22.0426 2944 MpsSvc - ok
20:23:22.0441 2944 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:23:22.0457 2944 MRxDAV - ok
20:23:22.0488 2944 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:23:22.0488 2944 mrxsmb - ok
20:23:22.0519 2944 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:23:22.0550 2944 mrxsmb10 - ok
20:23:22.0550 2944 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:23:22.0566 2944 mrxsmb20 - ok
20:23:22.0582 2944 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:23:22.0582 2944 msahci - ok
20:23:22.0597 2944 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:23:22.0613 2944 msdsm - ok
20:23:22.0628 2944 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:23:22.0644 2944 MSDTC - ok
20:23:22.0660 2944 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:23:22.0691 2944 Msfs - ok
20:23:22.0706 2944 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:23:22.0722 2944 mshidkmdf - ok
20:23:22.0753 2944 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:23:22.0769 2944 msisadrv - ok
20:23:22.0784 2944 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:23:22.0847 2944 MSiSCSI - ok
20:23:22.0847 2944 msiserver - ok
20:23:22.0862 2944 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:23:22.0894 2944 MSKSSRV - ok
20:23:22.0894 2944 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:23:22.0925 2944 MSPCLOCK - ok
20:23:22.0925 2944 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:23:22.0940 2944 MSPQM - ok
20:23:22.0972 2944 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:23:22.0987 2944 MsRPC - ok
20:23:22.0987 2944 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:23:23.0003 2944 mssmbios - ok
20:23:23.0003 2944 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:23:23.0018 2944 MSTEE - ok
20:23:23.0034 2944 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:23:23.0034 2944 MTConfig - ok
20:23:23.0065 2944 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:23:23.0065 2944 Mup - ok
20:23:23.0096 2944 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:23:23.0128 2944 napagent - ok
20:23:23.0159 2944 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:23:23.0190 2944 NativeWifiP - ok
20:23:23.0221 2944 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:23:23.0252 2944 NDIS - ok
20:23:23.0252 2944 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:23:23.0284 2944 NdisCap - ok
20:23:23.0299 2944 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:23:23.0330 2944 NdisTapi - ok
20:23:23.0346 2944 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:23:23.0377 2944 Ndisuio - ok
20:23:23.0393 2944 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:23:23.0424 2944 NdisWan - ok
20:23:23.0455 2944 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:23:23.0502 2944 NDProxy - ok
20:23:23.0518 2944 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:23:23.0533 2944 NetBIOS - ok
20:23:23.0564 2944 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:23:23.0596 2944 NetBT - ok
20:23:23.0596 2944 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:23:23.0611 2944 Netlogon - ok
20:23:23.0627 2944 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:23:23.0642 2944 Netman - ok
20:23:23.0705 2944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:23:23.0736 2944 NetMsmqActivator - ok
20:23:23.0752 2944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:23:23.0752 2944 NetPipeActivator - ok
20:23:23.0767 2944 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:23:23.0814 2944 netprofm - ok
20:23:23.0830 2944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:23:23.0830 2944 NetTcpActivator - ok
20:23:23.0830 2944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:23:23.0845 2944 NetTcpPortSharing - ok
20:23:23.0861 2944 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:23:23.0861 2944 nfrd960 - ok
20:23:24.0032 2944 [ 40BEA22940D61ED46E0AF88B5C622534 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
20:23:24.0110 2944 NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
20:23:24.0110 2944 NIHardwareService - detected UnsignedFile.Multi.Generic (1)
20:23:24.0126 2944 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:23:24.0157 2944 NlaSvc - ok
20:23:24.0173 2944 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:23:24.0204 2944 Npfs - ok
20:23:24.0220 2944 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:23:24.0235 2944 nsi - ok
20:23:24.0266 2944 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:23:24.0282 2944 nsiproxy - ok
20:23:24.0329 2944 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:23:24.0344 2944 Ntfs - ok
20:23:24.0360 2944 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:23:24.0376 2944 Null - ok
20:23:24.0407 2944 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
20:23:24.0407 2944 nusb3hub - ok
20:23:24.0438 2944 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:23:24.0438 2944 nusb3xhc - ok
20:23:24.0485 2944 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:23:24.0500 2944 nvraid - ok
20:23:24.0516 2944 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:23:24.0532 2944 nvstor - ok
20:23:24.0532 2944 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:23:24.0547 2944 nv_agp - ok
20:23:24.0594 2944 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:23:24.0625 2944 odserv - ok
20:23:24.0641 2944 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:23:24.0641 2944 ohci1394 - ok
20:23:24.0672 2944 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:23:24.0703 2944 ose - ok
20:23:24.0719 2944 [ 547E7D8AEB9266160D61EB655FF970BA ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
20:23:24.0734 2944 ossrv - ok
20:23:24.0766 2944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:23:24.0781 2944 p2pimsvc - ok
20:23:24.0812 2944 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:23:24.0812 2944 p2psvc - ok
20:23:24.0844 2944 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:23:24.0859 2944 Parport - ok
20:23:24.0875 2944 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:23:24.0890 2944 partmgr - ok
20:23:24.0906 2944 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:23:24.0922 2944 PcaSvc - ok
20:23:24.0922 2944 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:23:24.0937 2944 pci - ok
20:23:24.0953 2944 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:23:24.0968 2944 pciide - ok
20:23:24.0968 2944 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:23:24.0984 2944 pcmcia - ok
20:23:25.0000 2944 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:23:25.0000 2944 pcw - ok
20:23:25.0015 2944 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:23:25.0031 2944 PEAUTH - ok
20:23:25.0078 2944 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:23:25.0109 2944 PerfHost - ok
20:23:25.0187 2944 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:23:25.0234 2944 pla - ok
20:23:25.0265 2944 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:23:25.0265 2944 PlugPlay - ok
20:23:25.0280 2944 PnkBstrA - ok
20:23:25.0312 2944 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:23:25.0327 2944 PNRPAutoReg - ok
20:23:25.0343 2944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:23:25.0358 2944 PNRPsvc - ok
20:23:25.0374 2944 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:23:25.0405 2944 PolicyAgent - ok
20:23:25.0421 2944 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:23:25.0452 2944 Power - ok
20:23:25.0483 2944 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:23:25.0499 2944 PptpMiniport - ok
20:23:25.0514 2944 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:23:25.0530 2944 Processor - ok
20:23:25.0546 2944 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:23:25.0561 2944 ProfSvc - ok
20:23:25.0561 2944 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:23:25.0577 2944 ProtectedStorage - ok
20:23:25.0608 2944 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:23:25.0624 2944 Psched - ok
20:23:25.0655 2944 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:23:25.0670 2944 ql2300 - ok
20:23:25.0686 2944 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:23:25.0702 2944 ql40xx - ok
20:23:25.0717 2944 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:23:25.0733 2944 QWAVE - ok
20:23:25.0748 2944 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:23:25.0748 2944 QWAVEdrv - ok
20:23:25.0764 2944 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:23:25.0780 2944 RasAcd - ok
20:23:25.0811 2944 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:23:25.0826 2944 RasAgileVpn - ok
20:23:25.0842 2944 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:23:25.0858 2944 RasAuto - ok
20:23:25.0889 2944 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:23:25.0904 2944 Rasl2tp - ok
20:23:25.0936 2944 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:23:25.0951 2944 RasMan - ok
20:23:25.0967 2944 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:23:25.0982 2944 RasPppoe - ok
20:23:25.0998 2944 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:23:26.0014 2944 RasSstp - ok
20:23:26.0045 2944 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:23:26.0076 2944 rdbss - ok
20:23:26.0076 2944 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:23:26.0092 2944 rdpbus - ok
20:23:26.0092 2944 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:23:26.0123 2944 RDPCDD - ok
20:23:26.0138 2944 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:23:26.0154 2944 RDPENCDD - ok
20:23:26.0154 2944 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:23:26.0185 2944 RDPREFMP - ok
20:23:26.0201 2944 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:23:26.0216 2944 RDPWD - ok
20:23:26.0232 2944 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:23:26.0248 2944 rdyboost - ok
20:23:26.0263 2944 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:23:26.0294 2944 RemoteAccess - ok
20:23:26.0310 2944 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:23:26.0326 2944 RemoteRegistry - ok
20:23:26.0357 2944 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:23:26.0372 2944 RpcEptMapper - ok
20:23:26.0388 2944 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:23:26.0388 2944 RpcLocator - ok
20:23:26.0419 2944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:23:26.0466 2944 RpcSs - ok
20:23:26.0497 2944 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:23:26.0513 2944 rspndr - ok
20:23:26.0560 2944 [ FCAF9C2C9EADF8F397C3350760EF500F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:23:26.0560 2944 RTL8167 - ok
20:23:26.0575 2944 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:23:26.0575 2944 SamSs - ok
20:23:26.0606 2944 SANDRA - ok
20:23:26.0622 2944 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:23:26.0638 2944 sbp2port - ok
20:23:26.0638 2944 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:23:26.0669 2944 SCardSvr - ok
20:23:26.0684 2944 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:23:26.0700 2944 scfilter - ok
20:23:26.0731 2944 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:23:26.0762 2944 Schedule - ok
20:23:26.0794 2944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:23:26.0809 2944 SCPolicySvc - ok
20:23:26.0840 2944 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:23:26.0872 2944 SDRSVC - ok
20:23:26.0887 2944 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:23:26.0918 2944 secdrv - ok
20:23:26.0934 2944 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:23:26.0965 2944 seclogon - ok
20:23:26.0981 2944 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:23:26.0996 2944 SENS - ok
20:23:27.0012 2944 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:23:27.0028 2944 SensrSvc - ok
20:23:27.0043 2944 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:23:27.0043 2944 Serenum - ok
20:23:27.0059 2944 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:23:27.0074 2944 Serial - ok
20:23:27.0090 2944 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:23:27.0106 2944 sermouse - ok
20:23:27.0121 2944 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:23:27.0152 2944 SessionEnv - ok
20:23:27.0168 2944 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:23:27.0168 2944 sffdisk - ok
20:23:27.0184 2944 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:23:27.0184 2944 sffp_mmc - ok
20:23:27.0199 2944 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:23:27.0199 2944 sffp_sd - ok
20:23:27.0215 2944 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:23:27.0215 2944 sfloppy - ok
20:23:27.0230 2944 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:23:27.0262 2944 SharedAccess - ok
20:23:27.0308 2944 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:23:27.0324 2944 ShellHWDetection - ok
20:23:27.0340 2944 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:23:27.0340 2944 SiSRaid2 - ok
20:23:27.0355 2944 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:23:27.0371 2944 SiSRaid4 - ok
20:23:27.0386 2944 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:23:27.0418 2944 Smb - ok
20:23:27.0449 2944 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:23:27.0480 2944 SNMPTRAP - ok
20:23:27.0496 2944 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:23:27.0511 2944 spldr - ok
20:23:27.0527 2944 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:23:27.0542 2944 Spooler - ok
20:23:27.0620 2944 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:23:27.0683 2944 sppsvc - ok
20:23:27.0683 2944 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:23:27.0714 2944 sppuinotify - ok
20:23:27.0745 2944 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:23:27.0745 2944 srv - ok
20:23:27.0776 2944 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:23:27.0776 2944 srv2 - ok
20:23:27.0792 2944 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:23:27.0808 2944 srvnet - ok
20:23:27.0839 2944 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:23:27.0854 2944 SSDPSRV - ok
20:23:27.0870 2944 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:23:27.0886 2944 SstpSvc - ok
20:23:27.0917 2944 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:23:27.0917 2944 stexstor - ok
20:23:27.0948 2944 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:23:27.0995 2944 stisvc - ok
20:23:28.0026 2944 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:23:28.0026 2944 swenum - ok
20:23:28.0042 2944 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:23:28.0073 2944 swprv - ok
20:23:28.0104 2944 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:23:28.0135 2944 SysMain - ok
20:23:28.0166 2944 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:23:28.0166 2944 TabletInputService - ok
20:23:28.0182 2944 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:23:28.0213 2944 TapiSrv - ok
20:23:28.0229 2944 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:23:28.0244 2944 TBS - ok
20:23:28.0307 2944 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:23:28.0354 2944 Tcpip - ok
20:23:28.0369 2944 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:23:28.0400 2944 TCPIP6 - ok
20:23:28.0416 2944 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:23:28.0447 2944 tcpipreg - ok
20:23:28.0447 2944 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:23:28.0463 2944 TDPIPE - ok
20:23:28.0478 2944 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:23:28.0494 2944 TDTCP - ok
20:23:28.0510 2944 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:23:28.0541 2944 tdx - ok
20:23:28.0556 2944 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:23:28.0556 2944 TermDD - ok
20:23:28.0603 2944 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:23:28.0619 2944 TermService - ok
20:23:28.0634 2944 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:23:28.0634 2944 Themes - ok
20:23:28.0666 2944 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:23:28.0681 2944 THREADORDER - ok
20:23:28.0712 2944 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:23:28.0744 2944 TrkWks - ok
20:23:28.0790 2944 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:23:28.0837 2944 TrustedInstaller - ok
20:23:28.0868 2944 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:23:28.0884 2944 tssecsrv - ok
20:23:28.0915 2944 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:23:28.0915 2944 TsUsbFlt - ok
20:23:28.0946 2944 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:23:28.0978 2944 tunnel - ok
20:23:28.0978 2944 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:23:28.0993 2944 uagp35 - ok
20:23:29.0009 2944 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:23:29.0040 2944 udfs - ok
20:23:29.0056 2944 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:23:29.0056 2944 UI0Detect - ok
20:23:29.0071 2944 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:23:29.0087 2944 uliagpkx - ok
20:23:29.0087 2944 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:23:29.0102 2944 umbus - ok
20:23:29.0118 2944 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:23:29.0134 2944 UmPass - ok
20:23:29.0149 2944 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:23:29.0165 2944 upnphost - ok
20:23:29.0196 2944 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:23:29.0227 2944 USBAAPL64 - ok
20:23:29.0258 2944 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:23:29.0305 2944 usbaudio - ok
20:23:29.0336 2944 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:23:29.0352 2944 usbccgp - ok
20:23:29.0383 2944 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:23:29.0399 2944 usbcir - ok
20:23:29.0414 2944 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:23:29.0430 2944 usbehci - ok
20:23:29.0446 2944 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:23:29.0461 2944 usbfilter - ok
20:23:29.0492 2944 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:23:29.0524 2944 usbhub - ok
20:23:29.0539 2944 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:23:29.0570 2944 usbohci - ok
20:23:29.0586 2944 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:23:29.0602 2944 usbprint - ok
20:23:29.0602 2944 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:23:29.0617 2944 USBSTOR - ok
20:23:29.0633 2944 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:23:29.0633 2944 usbuhci - ok
20:23:29.0648 2944 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:23:29.0680 2944 UxSms - ok
20:23:29.0680 2944 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:23:29.0695 2944 VaultSvc - ok
20:23:29.0711 2944 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:23:29.0726 2944 vdrvroot - ok
20:23:29.0742 2944 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:23:29.0773 2944 vds - ok
20:23:29.0789 2944 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:23:29.0804 2944 vga - ok
20:23:29.0820 2944 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:23:29.0836 2944 VgaSave - ok
20:23:29.0851 2944 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:23:29.0851 2944 vhdmp - ok
20:23:29.0867 2944 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:23:29.0882 2944 viaide - ok
20:23:29.0882 2944 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:23:29.0898 2944 volmgr - ok
20:23:29.0929 2944 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:23:29.0929 2944 volmgrx - ok
20:23:29.0960 2944 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:23:29.0992 2944 volsnap - ok
20:23:30.0007 2944 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:23:30.0023 2944 vsmraid - ok
20:23:30.0070 2944 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:23:30.0116 2944 VSS - ok
20:23:30.0116 2944 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:23:30.0132 2944 vwifibus - ok
20:23:30.0148 2944 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:23:30.0179 2944 W32Time - ok
20:23:30.0179 2944 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:23:30.0179 2944 WacomPen - ok
20:23:30.0210 2944 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:23:30.0226 2944 WANARP - ok
20:23:30.0241 2944 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:23:30.0257 2944 Wanarpv6 - ok
20:23:30.0319 2944 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:23:30.0350 2944 WatAdminSvc - ok
20:23:30.0382 2944 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:23:30.0397 2944 wbengine - ok
20:23:30.0413 2944 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:23:30.0428 2944 WbioSrvc - ok
20:23:30.0460 2944 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:23:30.0475 2944 wcncsvc - ok
20:23:30.0491 2944 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:23:30.0491 2944 WcsPlugInService - ok
20:23:30.0506 2944 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:23:30.0506 2944 Wd - ok
20:23:30.0522 2944 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:23:30.0538 2944 Wdf01000 - ok
20:23:30.0553 2944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:23:30.0553 2944 WdiServiceHost - ok
20:23:30.0569 2944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:23:30.0569 2944 WdiSystemHost - ok
20:23:30.0600 2944 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:23:30.0616 2944 WebClient - ok
20:23:30.0631 2944 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:23:30.0647 2944 Wecsvc - ok
20:23:30.0662 2944 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:23:30.0678 2944 wercplsupport - ok
20:23:30.0709 2944 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:23:30.0725 2944 WerSvc - ok
20:23:30.0740 2944 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:23:30.0772 2944 WfpLwf - ok
20:23:30.0772 2944 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:23:30.0787 2944 WIMMount - ok
20:23:30.0803 2944 WinDefend - ok
20:23:30.0803 2944 WinHttpAutoProxySvc - ok
20:23:30.0834 2944 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:23:30.0865 2944 Winmgmt - ok
20:23:30.0912 2944 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:23:30.0943 2944 WinRM - ok
20:23:30.0974 2944 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:23:30.0990 2944 Wlansvc - ok
20:23:31.0021 2944 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:23:31.0037 2944 WmiAcpi - ok
20:23:31.0052 2944 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:23:31.0052 2944 wmiApSrv - ok
20:23:31.0068 2944 WMPNetworkSvc - ok
20:23:31.0068 2944 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:23:31.0084 2944 WPCSvc - ok
20:23:31.0099 2944 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:23:31.0115 2944 WPDBusEnum - ok
20:23:31.0130 2944 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:23:31.0146 2944 ws2ifsl - ok
20:23:31.0162 2944 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:23:31.0162 2944 wscsvc - ok
20:23:31.0162 2944 WSearch - ok
20:23:31.0240 2944 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:23:31.0286 2944 wuauserv - ok
20:23:31.0302 2944 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:23:31.0333 2944 WudfPf - ok
20:23:31.0364 2944 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:23:31.0380 2944 WUDFRd - ok
20:23:31.0396 2944 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:23:31.0427 2944 wudfsvc - ok
20:23:31.0442 2944 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:23:31.0458 2944 WwanSvc - ok
20:23:31.0458 2944 ================ Scan global ===============================
20:23:31.0489 2944 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:23:31.0520 2944 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:23:31.0536 2944 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:23:31.0552 2944 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:23:31.0567 2944 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:23:31.0583 2944 [Global] - ok
20:23:31.0583 2944 ================ Scan MBR ==================================
20:23:31.0598 2944 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:23:31.0708 2944 \Device\Harddisk0\DR0 - ok
20:23:31.0708 2944 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:23:31.0895 2944 \Device\Harddisk1\DR1 - ok
20:23:31.0895 2944 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
20:23:31.0988 2944 \Device\Harddisk2\DR2 - ok
20:23:32.0004 2944 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
20:23:32.0269 2944 \Device\Harddisk3\DR3 - ok
20:23:32.0269 2944 ================ Scan VBR ==================================
20:23:32.0285 2944 [ F0E3A8738D4E7E8D5088F20938705B77 ] \Device\Harddisk0\DR0\Partition1
20:23:32.0285 2944 \Device\Harddisk0\DR0\Partition1 - ok
20:23:32.0300 2944 [ 2D552B152B387A8857F20787B51D329A ] \Device\Harddisk0\DR0\Partition2
20:23:32.0300 2944 \Device\Harddisk0\DR0\Partition2 - ok
20:23:32.0316 2944 [ 65C6EA33784A30BA2C8FE3F5DFFD6AB4 ] \Device\Harddisk1\DR1\Partition1
20:23:32.0316 2944 \Device\Harddisk1\DR1\Partition1 - ok
20:23:32.0332 2944 [ AC64354338C0E47068E72687BFE6A319 ] \Device\Harddisk1\DR1\Partition2
20:23:32.0332 2944 \Device\Harddisk1\DR1\Partition2 - ok
20:23:32.0332 2944 [ 53BCD970FBEA92024ECFAADDD90E03B9 ] \Device\Harddisk2\DR2\Partition1
20:23:32.0332 2944 \Device\Harddisk2\DR2\Partition1 - ok
20:23:32.0347 2944 [ 90ADA1691F5D7DB8FDAF9E47C35D5883 ] \Device\Harddisk3\DR3\Partition1
20:23:32.0347 2944 \Device\Harddisk3\DR3\Partition1 - ok
20:23:32.0347 2944 ============================================================
20:23:32.0347 2944 Scan finished
20:23:32.0347 2944 ============================================================
20:23:32.0347 0904 Detected object count: 6
20:23:32.0347 0904 Actual detected object count: 6
20:23:41.0910 0904 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:23:41.0910 0904 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:23:41.0910 0904 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:23:41.0910 0904 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:23:41.0910 0904 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
20:23:41.0910 0904 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:23:41.0910 0904 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:23:41.0910 0904 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:23:41.0910 0904 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:23:41.0910 0904 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:23:41.0910 0904 NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
20:23:41.0910 0904 NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.09.2012, 19:43
| #6 |
| /// Malware-holic | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe schlägt secure banking noch an?
__________________ --> Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe |
|
11.09.2012, 19:53
| #7 |
| | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe ja  ======================================== [11.09.2012 - 20:52:28] Malware gefunden! ---------------------------------------- Malware: Unbekannt ---------------------------------------- Infizierter Prozess: iexplore.exe ---------------------------------------- Infizierte Funktionen: InternetReadFile: JMP 0x6A1653C0 InternetQueryDataAvailable: JMP 0x6A164D40 InternetCloseHandle: JMP 0x6A1652A0 ======================================== |
|
12.09.2012, 20:32
| #8 |
| /// Malware-holic | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe poste bitte mal ein neues otl log. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.09.2012, 16:49
| #9 |
| | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe Hmmm ... wenn ich den Inhalt in die Textbox gebe und auf Quick Scan gehe, bekomme ich nur die OTL.txt - die Extra.txt bekomme ich nicht. Code:
ATTFilter OTL logfile created on: 13.09.2012 17:27:39 - Run 6 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\AtomicJunkie\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,74% Memory free 7,99 Gb Paging File | 6,13 Gb Available in Paging File | 76,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 378,22 Gb Free Space | 81,22% Space Free | Partition Type: NTFS Drive E: | 43,94 Gb Total Space | 43,37 Gb Free Space | 98,71% Space Free | Partition Type: NTFS Drive F: | 188,94 Gb Total Space | 53,31 Gb Free Space | 28,22% Space Free | Partition Type: NTFS Drive G: | 1397,26 Gb Total Space | 179,06 Gb Free Space | 12,82% Space Free | Partition Type: NTFS Drive H: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,81% Space Free | Partition Type: FAT Computer Name: AJ-PC | User Name: AtomicJunkie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\AtomicJunkie\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) PRC - C:\Program Files (x86)\Secure Banking\sbservice.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Windows\SysWOW64\XSrvSetup.exe () PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) PRC - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Secure Banking\sbservice.exe () MOD - C:\Program Files (x86)\Secure Banking\SecureBanking.dll () MOD - C:\Program Files (x86)\Secure Banking\funcs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Windows\SysWOW64\CmdRtr.DLL () MOD - C:\Windows\SysWOW64\CTXFIGER.DLL () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe () SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FreeAgentGoNext Service) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (SANDRA) -- C:\Program Files\Sonstiges\SiSoftware Sandra Lite 2011b\WNt500x64\Sandra.sys File not found DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (a4djavs) -- C:\Windows\SysNative\drivers\a4djavs.sys (Native Instruments GmbH) DRV:64bit: - (a4djusb_svc) -- C:\Windows\SysNative\drivers\a4djusb.sys (Native Instruments GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys () DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys () DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd) DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd) DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd) DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd) DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd) DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd) DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd) DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (a4djavs_x64) -- C:\Windows\SysNative\drivers\a4djavs_x64.sys (Native Instruments GmbH) DRV:64bit: - (a4djusb_x64) -- C:\Windows\SysNative\drivers\a4djusb_x64.sys (Native Instruments GmbH) DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 3E 4E 30 87 A0 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=81.211.74.66:1080 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "4Shared" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:3.6.2 FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.1 FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0 FF - prefs.js..extensions.enabledAddons: {3869b071-0fae-4c75-948a-60d9c56ea02b}:1.0 FF - prefs.js..extensions.enabledAddons: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.6 FF - prefs.js..extensions.enabledAddons: {959615e6-98ef-4c26-9ce0-27b7ed3defa4}:1.3b FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.12 FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.11 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1 FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&q=" FF - prefs.js..network.proxy.backup.ftp: "200.207.126.232" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.gopher: "200.207.126.232" FF - prefs.js..network.proxy.backup.gopher_port: 3128 FF - prefs.js..network.proxy.backup.socks: "200.207.126.232" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "200.207.126.232" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.gopher: "189.44.232.22" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "111.252.67.203" FF - prefs.js..network.proxy.http_port: 8909 FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.09.08 19:50:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 08:52:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 08:52:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.09 17:11:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 08:52:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 08:52:24 | 000,000,000 | ---D | M] [2010.12.25 23:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\Extensions [2010.12.25 23:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.06 20:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\Firefox\Profiles\6o5xh4ef.default\extensions [2012.06.30 08:40:56 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\Firefox\Profiles\6o5xh4ef.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012.01.28 18:58:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\Firefox\Profiles\6o5xh4ef.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.09.03 17:27:41 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\Firefox\Profiles\6o5xh4ef.default\extensions\5044c9c132c32@5044c9c132c6b.info [2012.09.03 18:39:47 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\Firefox\Profiles\6o5xh4ef.default\extensions\5044dcfd5cd3f@5044dcfd5cd78.info [2012.06.02 01:05:56 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\Firefox\Profiles\6o5xh4ef.default\extensions\foxyproxy@eric.h.jung [2012.06.06 22:37:12 | 000,007,433 | ---- | M] () (No name found) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\extensions\{3869b071-0fae-4c75-948a-60d9c56ea02b}.xpi [2012.02.25 09:45:30 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2012.09.06 20:15:25 | 000,527,931 | ---- | M] () (No name found) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.06.06 17:38:36 | 000,005,597 | ---- | M] () (No name found) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\extensions\{959615e6-98ef-4c26-9ce0-27b7ed3defa4}.xpi [2012.07.25 21:47:09 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.02 09:27:04 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011.02.22 18:56:37 | 000,001,183 | ---- | M] () -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\searchplugins\4shared.xml [2011.06.20 19:56:02 | 000,002,342 | ---- | M] () -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\searchplugins\icq-search.xml [2011.06.23 21:30:11 | 000,000,950 | ---- | M] () -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\searchplugins\icqplugin-1.xml [2011.04.30 23:39:27 | 000,000,950 | ---- | M] () -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\searchplugins\icqplugin-2.xml [2011.05.06 22:42:07 | 000,000,950 | ---- | M] () -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\searchplugins\icqplugin-3.xml [2011.08.20 23:10:40 | 000,000,950 | ---- | M] () -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\searchplugins\icqplugin-4.xml [2011.08.31 22:21:28 | 000,000,950 | ---- | M] () -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\searchplugins\icqplugin-5.xml [2011.09.07 19:56:06 | 000,000,950 | ---- | M] () -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\searchplugins\icqplugin-6.xml [2011.10.08 14:56:43 | 000,000,950 | ---- | M] () -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\searchplugins\icqplugin-7.xml [2011.11.09 23:49:42 | 000,000,950 | ---- | M] () -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\searchplugins\icqplugin-8.xml [2011.03.05 09:39:39 | 000,000,950 | ---- | M] () -- C:\Users\AtomicJunkie\AppData\Roaming\mozilla\firefox\profiles\6o5xh4ef.default\searchplugins\icqplugin.xml [2012.09.08 08:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.08 08:52:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.09.08 08:52:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.09.08 19:50:58 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2012.09.08 08:52:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 15:35:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.09.11 17:18:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.) O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0047A5C8-81F3-4FE1-A096-CD18B8574407}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.09.11 17:37:35 | 000,000,067 | ---- | M] () - G:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {463EC744-69A8-4152-DC07-B9589482F4E4} - Internet Explorer ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8C8EB22E-A5A9-E734-3514-DFFF53DAD63E} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C4AA2A6C-D4D3-DDD9-81BE-9F6CC0163741} - Microsoft Windows Media Player ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.11 20:19:41 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\AtomicJunkie\Desktop\tdsskiller.exe [2012.09.11 17:24:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.09.11 17:20:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.09.11 17:08:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.09.11 17:08:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.09.11 17:08:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.09.11 17:08:41 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.11 17:08:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.11 16:57:49 | 004,759,433 | R--- | C] (Swearware) -- C:\Users\AtomicJunkie\Desktop\ComboFix.exe [2012.09.10 18:18:22 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\AtomicJunkie\Desktop\OTL.exe [2012.09.10 17:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking [2012.09.10 17:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking [2012.09.08 08:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.09.07 20:12:54 | 000,000,000 | ---D | C] -- C:\Users\AtomicJunkie\AppData\Roaming\Creative [2012.09.07 15:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Creative [2012.09.07 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative [2012.09.07 15:39:00 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information [2012.09.07 15:38:04 | 000,782,336 | ---- | C] (Creative Labs Inc.) -- C:\Windows\SysWow64\oalinst.exe [2012.09.07 15:24:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.09.06 20:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared [2012.09.04 20:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee [2012.09.04 20:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2012.09.01 09:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012.09.01 09:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2012.08.30 17:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.08.30 17:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.08.30 17:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2012.08.15 17:58:58 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HLSW [2012.08.15 17:58:58 | 000,000,000 | ---D | C] -- C:\Users\AtomicJunkie\AppData\Roaming\HLSW [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.13 17:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.13 17:09:17 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 17:09:17 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 17:07:28 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.13 17:07:28 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.13 17:07:28 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.13 17:07:28 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.13 17:07:28 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.13 17:01:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.13 17:01:48 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2012.09.13 17:01:15 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2012.09.13 17:01:15 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2012.09.13 17:01:15 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2012.09.13 17:00:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.12 19:22:20 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.09.12 19:22:20 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.09.12 19:22:05 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.09.11 20:19:53 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\AtomicJunkie\Desktop\tdsskiller.exe [2012.09.11 17:18:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.09.11 16:57:59 | 004,759,433 | R--- | M] (Swearware) -- C:\Users\AtomicJunkie\Desktop\ComboFix.exe [2012.09.10 19:15:14 | 000,050,477 | ---- | M] () -- C:\Users\AtomicJunkie\Desktop\Defogger.exe [2012.09.10 18:18:24 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\AtomicJunkie\Desktop\OTL.exe [2012.09.08 23:39:14 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm [2012.09.08 23:39:14 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm [2012.09.07 20:05:20 | 445,863,857 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.07 16:00:19 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2012.09.07 14:19:03 | 000,002,133 | ---- | M] () -- C:\Users\AtomicJunkie\Desktop\Driver Cleaner Pro.lnk [2012.09.06 22:09:23 | 000,002,312 | ---- | M] () -- C:\Users\Public\Desktop\Creative-Produktregistrierung.lnk [2012.09.05 22:12:07 | 000,036,760 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012.09.05 22:12:07 | 000,036,760 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012.08.30 17:50:41 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.08.30 17:50:41 | 000,002,094 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.08.16 16:58:42 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.15 17:59:00 | 000,000,887 | ---- | M] () -- C:\Users\AtomicJunkie\Desktop\HLSW.lnk [2012.08.14 19:32:15 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.11 17:08:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.09.11 17:08:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.09.11 17:08:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.09.11 17:08:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.09.11 17:08:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.09.10 19:15:13 | 000,050,477 | ---- | C] () -- C:\Users\AtomicJunkie\Desktop\Defogger.exe [2012.09.07 16:05:00 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm [2012.09.07 16:05:00 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm [2012.09.07 16:05:00 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2012.09.07 15:40:47 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2012.09.07 15:40:47 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2012.09.07 15:38:04 | 000,008,386 | ---- | C] () -- C:\Windows\SysWow64\CTAPO64.UDA [2012.09.07 15:38:04 | 000,005,530 | ---- | C] () -- C:\Windows\SysWow64\CTMLFX64.UDA [2012.09.07 15:38:04 | 000,001,688 | ---- | C] () -- C:\Windows\SysNative\XFi.bmp [2012.09.07 15:38:04 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2012.09.07 15:36:31 | 007,572,224 | ---- | C] () -- C:\Windows\SysNative\CT8MGM.SF2 [2012.09.07 15:36:31 | 004,174,814 | ---- | C] () -- C:\Windows\SysNative\CT4MGM.SF2 [2012.09.07 15:36:31 | 002,167,684 | ---- | C] () -- C:\Windows\SysNative\CT2MGM.SF2 [2012.09.07 15:36:29 | 007,572,224 | ---- | C] () -- C:\Windows\SysWow64\CT8MGM.SF2 [2012.09.07 15:36:28 | 004,174,814 | ---- | C] () -- C:\Windows\SysWow64\CT4MGM.SF2 [2012.09.07 15:36:28 | 002,167,684 | ---- | C] () -- C:\Windows\SysWow64\CT2MGM.SF2 [2012.09.07 14:19:03 | 000,002,133 | ---- | C] () -- C:\Users\AtomicJunkie\Desktop\Driver Cleaner Pro.lnk [2012.09.06 22:09:23 | 000,002,312 | ---- | C] () -- C:\Users\Public\Desktop\Creative-Produktregistrierung.lnk [2012.09.06 20:53:19 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2012.09.06 20:53:19 | 000,002,560 | ---- | C] () -- C:\Windows\SysNative\CTXFIGER.DLL [2012.09.06 20:51:52 | 000,006,130 | ---- | C] () -- C:\Windows\SysNative\CTOPT352.cat [2012.09.06 20:51:52 | 000,006,010 | ---- | C] () -- C:\Windows\SysWow64\CTOPT352.cat [2012.08.30 17:07:34 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.08.30 17:07:34 | 000,002,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.08.15 17:59:00 | 000,000,887 | ---- | C] () -- C:\Users\AtomicJunkie\Desktop\HLSW.lnk [2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012.01.27 18:33:35 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.01.27 18:33:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.01.27 18:29:19 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll [2012.01.27 18:29:18 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll [2012.01.27 18:29:18 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe [2011.12.07 22:23:30 | 000,006,144 | ---- | C] () -- C:\Users\AtomicJunkie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.14 21:03:00 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.26 19:59:09 | 000,000,331 | ---- | C] () -- C:\Windows\CoDUO.INI [2010.12.26 19:43:13 | 000,000,733 | ---- | C] () -- C:\Windows\CoD.INI [2010.12.26 18:41:15 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.12.26 17:21:07 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.12.26 17:21:05 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.12.26 17:21:03 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini [2010.12.26 10:42:41 | 002,217,088 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2010.12.26 10:42:41 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2010.12.26 10:42:41 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2010.12.26 10:42:41 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2010.12.26 10:42:41 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2010.12.25 23:26:10 | 000,072,280 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2010.12.21 22:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.17 21:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.03.26 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\Audacity [2011.06.26 20:16:41 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\Canneverbe Limited [2011.03.23 14:00:46 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\EAC [2012.02.05 11:23:43 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\elsterformular [2012.07.30 17:15:21 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\EveHQ [2012.08.12 12:29:51 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\EVEMon [2012.02.08 20:00:20 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\FileZilla [2012.04.10 18:04:32 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\GARMIN [2012.08.17 14:59:35 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\HLSW [2012.07.02 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\ImgBurn [2012.07.30 17:05:33 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\Indicium Technologies [2011.02.21 21:37:59 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\IrfanView [2010.12.25 23:44:55 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\Leadertech [2011.01.29 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\Opera [2010.12.25 23:44:20 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\Thunderbird [2012.07.21 21:46:25 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\TS3Client [2011.12.19 23:38:19 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\uTorrent [2010.12.26 14:15:02 | 000,000,000 | ---D | M] -- C:\Users\AtomicJunkie\AppData\Roaming\wargaming.net [2012.07.03 20:18:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.09.11 17:20:13 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN [2010.12.20 22:35:00 | 000,000,000 | ---D | M] -- C:\AMD [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.12.20 22:32:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.07.03 19:06:23 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0 [2010.12.26 00:08:00 | 000,000,000 | R--D | M] -- C:\MSOCache [2011.05.20 17:53:38 | 000,000,000 | ---D | M] -- C:\Musik [2011.02.07 18:44:29 | 000,000,000 | ---D | M] -- C:\Netgear [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.04.30 10:02:52 | 000,000,000 | ---D | M] -- C:\Platte Musik [2012.09.07 15:39:12 | 000,000,000 | R--D | M] -- C:\Program Files [2012.09.10 17:56:44 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.09.11 17:17:58 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.12.20 22:32:45 | 000,000,000 | -HSD | M] -- C:\Programme [2012.09.11 17:24:25 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.12.25 23:26:10 | 000,000,000 | ---D | M] -- C:\RaidTool [2010.12.20 22:32:45 | 000,000,000 | ---D | M] -- C:\Recovery [2011.03.28 20:33:23 | 000,000,000 | ---D | M] -- C:\Seagate Backup [2012.09.13 17:29:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.12.20 22:32:51 | 000,000,000 | R--D | M] -- C:\Users [2012.09.13 17:02:18 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.09.13 17:29:49 | 002,359,296 | -HS- | M] () -- C:\Users\AtomicJunkie\NTUSER.DAT [2012.09.13 17:29:49 | 000,262,144 | -HS- | M] () -- C:\Users\AtomicJunkie\ntuser.dat.LOG1 [2010.12.20 22:32:54 | 000,000,000 | -HS- | M] () -- C:\Users\AtomicJunkie\ntuser.dat.LOG2 [2010.12.20 22:41:37 | 000,065,536 | -HS- | M] () -- C:\Users\AtomicJunkie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.12.20 22:41:37 | 000,524,288 | -HS- | M] () -- C:\Users\AtomicJunkie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.12.20 22:41:37 | 000,524,288 | -HS- | M] () -- C:\Users\AtomicJunkie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.12.20 22:32:54 | 000,000,020 | -HS- | M] () -- C:\Users\AtomicJunkie\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report >  |
|
13.09.2012, 19:20
| #10 |
| /// Malware-holic | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe passt schon ich hab mal den autor von s.banking angeschrieben der meldet sich
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.09.2012, 19:32
| #11 |
| /// Helfer-Team  | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe Hallo Klappa, ich hatte neulich schon eine Nachricht von einem User erhalten, dass bei ihm Secure Banking bei der Verwendung des MacAfee SiteAdvisors Malware entdeckt. Hierbei handelt es sich nur um einen False Positive, der mit dem nächsten Update behoben wird. (Der Grund warum der SiteAdvisor diese APIs hookt ist mir schlicht unersichtlich.) Wenn du den SiteAdvisor deaktivierst/deinstallierst wird Secure Banking keine Meldung mehr anzeigen. Bis zum nächsten Update einfach mit Firefox weitersurfen, somit kannst du Secure Banking und den SiteAdvisor normal weiterverwenden.
__________________ MfG, Niklas |
|
13.09.2012, 19:36
| #12 |
| /// Malware-holic | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe ah, gut zu wissen :-) lass uns den pc mal trotzdem weiter absichern. lade den CCleaner standard: CCleaner Download - CCleaner 3.22.1800 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.09.2012, 19:33
| #13 |
| | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe Uih ... dann versuche ich es mal. Bei Microsoft Corporation habe ich mal nichts hinter geschrieben, da ich nicht weiß, ob man wirklich alles braucht. Viel Spaß  Code:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 25.12.2010 4,53MB 9.20.00.0 - notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 14.08.2012 6,00MB 11.3.300.271 - notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 30.08.2012 6,00MB 11.4.402.265 - notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 16.08.2012 168MB 10.1.4 - notwendig Apple Application Support Apple Inc. 14.09.2012 64,4MB 2.2.2 - notwendig Apple Mobile Device Support Apple Inc. 15.06.2012 24,5MB 6.0.0.59 - notwendig Apple Software Update Apple Inc. 13.08.2011 2,38MB 2.1.3.127 - notwendig Architektur Designer 2010 1.1.0.5 Creative Amadeo GmbH 02.04.2012 1.1.0.5 - unnötig ATI Catalyst Install Manager ATI Technologies, Inc. 20.12.2010 22,4MB 3.0.804.0 - notwendig Audacity 1.3.12 Audacity Team 25.03.2011 32,2MB - notwendig Avira Free Antivirus Avira 11.09.2012 108MB 12.0.0.1199 - notwendig Bonjour Apple Inc. 14.10.2011 2,00MB 3.0.0.10 - notwendig Bonjour-Druckdienste Apple Inc. 23.03.2011 3,21MB 2.0.2.0 -notwendig Call of Duty 26.12.2010 - notwendig Call of Duty - United Offensive Activision 26.12.2010 895MB 1.00.0000 - notwendig Call of Duty(R) - World at War(TM) Activision 26.12.2010 6,61GB 1.7 - notwendig Call of Duty(R) 4 - Modern Warfare(TM) Activision 26.12.2010 6,23GB 1.7 - notwendig Canon Inkjet Printer Driver Add-On Module 25.12.2010 - notwendig Carbonite Online Backup Setup Carbonite Inc. 26.12.2010 310MB 3.8.0 - unnötig CCleaner Piriform 22.08.2012 3.22 - notwendig CDBurnerXP CDBurnerXP 14.08.2012 12,3MB 4.4.1.3341 - notwendig CDBurnerXP CDBurnerXP 21.09.2011 11,9MB 4.3.8.2631 - unnötig Contribtastic 2.1.1 StackFoundry LLC 03.08.2012 2.1.1 - unnötig Creative Audio-Systemsteuerung Creative Technology Limited 14.09.2012 3.00 - notwendig Creative Software AutoUpdate Creative Technology Limited 14.09.2012 1.40 -notwendig Creative Sound Blaster Properties x64 Edition Creative Technology Limited 14.09.2012 1.02 - notwendig Dolby Digital Live Pack Creative Technology Limited 06.09.2012 3.00 - notwendig DTS Connect Pack Creative Technology Limited 06.09.2012 1.00 - notwendig EASEUS Partition Master 6.5.2 Home Edition EASEUS 26.12.2010 38,5MB - unnötig ElsterFormular Landesfinanzdirektion Thüringen 05.02.2012 158MB 13.0.0.8086p - notwendig EVE Online (remove only) CCP Games Ltd. 26.12.2010 - notwendig EveHQ Indicium Technologies 30.07.2012 73,3MB 2.9 - unnötig EVEMon battleclinic.com 12.08.2012 1.7.2.3882 - notwendig EVEREST Home Edition v2.20 Lavalys Inc 26.12.2010 2.20 - unnötig Exact Audio Copy 1.0beta3 Andre Wiethoff 29.01.2012 1.0beta3 - notwendig FileZilla Client 3.5.3 FileZilla Project 08.02.2012 16,5MB 3.5.3 - notwendig FreePDF (Remove only) 07.03.2011 - notwendig Garmin City Navigator North America NT 2012.30 Update Garmin Ltd or its subsidiaries 24.01.2012 2,19GB 15.30.0.0 - notwendig Garmin City Navigator North America NT 2012.40 Update Garmin Ltd or its subsidiaries 29.04.2012 2,25GB 15.40.0.0 - notwendig Garmin MapSource Garmin Ltd or its subsidiaries 24.01.2012 59,4MB 6.16.3 - notwendig Garmin POI Loader Garmin Ltd or its subsidiaries 09.05.2012 15,0MB 2.7.1 - notwendig Garmin USB Drivers Garmin Ltd or its subsidiaries 24.01.2012 121KB 2.3.0.0 - notwendig Gigabyte Raid Configurer GIGABYTE Technologies, Inc. 25.12.2010 1.17.59.0 - notwendig GPL Ghostscript 9.01 07.03.2011 - notwendig GUILD WARS 26.12.2010 - notwendig HiJackThis Trend Micro 05.04.2012 369KB 1.0.0 - unnötig HLSW v1.4.0.2 Stripf Software 15.08.2012 47,2MB - unnötig ImgBurn LIGHTNING UK! 02.07.2012 2.5.7.0 - unnötig IrfanView (remove only) Irfan Skiljan 21.02.2011 1,50MB 4.28 - notwendig iTunes Apple Inc. 15.06.2012 182MB 10.6.3.25 - notwendig Java(TM) 6 Update 35 Oracle 26.04.2012 95,7MB 6.0.350 - notwendig LAME v3.98.3 for Audacity 25.03.2011 1,16MB - notwendig Last.fm 1.5.4.27091 Last.fm 20.04.2011 - notwendig Logitech SetPoint 6.20 Logitech 25.12.2010 39,0MB 6.20.64 - notwendig Malwarebytes Anti-Malware Version 1.65.0.1400 Malwarebytes Corporation 13.09.2012 19,3MB 1.65.0.1400 - notwendig McAfee Security Scan Plus McAfee, Inc. 30.08.2012 10,2MB 3.0.207.4 - notwendig McAfee SiteAdvisor McAfee, Inc. 05.09.2012 3.5.229 - notwendig Medieval CUE Splitter Medieval Software 25.03.2012 1,66MB 1.2.0 - notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 20.12.2010 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 20.12.2010 2,93MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 14.02.2011 51,9MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 14.02.2011 10,6MB 4.0.30319 Microsoft Office Enterprise 2007 Microsoft Corporation 14.02.2012 12.0.6612.1000 Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,95MB 14.0.5130.5003 Microsoft Office Live Add-in 1.5 Microsoft Corporation 14.06.2012 508KB 2.0.4024.1 Microsoft Silverlight Microsoft Corporation 10.05.2012 140MB 4.1.10329.0 Microsoft SQL Server Compact 4.0 x64 ENU Microsoft Corporation 30.07.2012 19,1MB 4.0.8482.1 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 27.12.2010 252KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.59193 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 25.12.2010 212KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 07.05.2011 790KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 07.05.2011 598KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 25.12.2010 788KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.06.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 03.08.2012 1,41MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 12.05.2011 234KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 26.12.2010 240KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.12.2010 596KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 09.02.2012 12,2MB 10.0.40219 MozBackup 1.4.10 Pavel Cvrcek 25.12.2010 - notwendig Mozilla Firefox 15.0 (x86 de) Mozilla 31.08.2012 39,7MB 15.0 - unnötig ?! Mozilla Firefox 15.0.1 (x86 de) Mozilla 08.09.2012 39,7MB 15.0.1 - notwendig Mozilla Maintenance Service Mozilla 08.09.2012 327KB 15.0.1 - unbekannt Mozilla Thunderbird 14.0 (x86 de) Mozilla 22.07.2012 40,8MB 14.0 - notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 27.12.2010 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 27.12.2010 1,33MB 4.20.9876.0 Native Instruments Audio 4 DJ Native Instruments 26.12.2010 - notwendig Native Instruments Audio 4 DJ Driver 29.06.2012 - notwendig Native Instruments Audio 4 DJ Driver Native Instruments 29.06.2012 - notwendig Native Instruments Controller Editor 29.06.2012 - notwendig Native Instruments Controller Editor Native Instruments 29.06.2012 - notwendig Native Instruments Service Center 26.12.2010 - notwendig Native Instruments Service Center Native Instruments 26.12.2010 - notwendig Native Instruments Traktor 26.12.2010 - notwendig Native Instruments Traktor Native Instruments 26.12.2010 - notwendig OpenAL 25.12.2010 - unbekannt Opera 12.02 Opera Software ASA 08.09.2012 12.02.1578 - notwendig PunkBuster Services Even Balance, Inc. 26.12.2010 0.986 - notwendig QuickTime Apple Inc. 01.06.2012 73,2MB 7.72.80.56 - unnötig Realtek Ethernet Controller Driver Realtek 25.12.2010 - notwendig 7.32.1111.2010 - notwendig Recuva Piriform 28.03.2011 1.40 - unnötig RedMon - Redirection Port Monitor 07.03.2011 - unbekannt Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 25.12.2010 1,00MB 2.0.30.0 - notwendig Seagate Manager Installer Seagate 25.12.2010 47,8MB 2.01.0600 - notwendig SeaTools for Windows Seagate Technology 28.03.2011 24,5MB 1.2.0.4 - notwendig Secure Banking Version 1.5.1 Hopfgartner Niklas 10.09.2012 1,08MB 1.5.1 - notwendig Sound Blaster X-Fi Creative Technology Limited 07.09.2012 1.0 - notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 05.08.2012 3.0.8.1 - notwendig Winamp Nullsoft, Inc 17.07.2011 5.621 - notwendig Winamp Erkennungs-Plug-in Nullsoft, Inc 17.07.2011 75,0KB 1.0.0.1 - notwendig Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Garmin 24.01.2012 06/03/2009 2.3.0.0 - notwendig World of Tanks Closed Beta v.0.6.2.7 Wargaming.net 26.12.2010 3,37GB - notwendig Xfire (remove only) 26.12.2010 - notwendig Zip Motion Block Video codec (Remove Only) DOSBox Team 23.01.2011 - unnötig µTorrent 19.12.2011 3.1.0 - unnötig |
|
14.09.2012, 20:09
| #14 |
| /// Malware-holic | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe hi na diese arbeit macht meistens spaß, hat man sich ja selbst ausgesucht :-) deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Architektur Carbonite Contribtastic EVEREST HiJackThis ImgBurn Java Download der kostenlosen Java-Software downloade java jre instalieren Recuva Zip µTorrent öffne otl, bereinigen, pc startet neu öffne ccleaner, analysieren, starten pc neustarten wenn er läuft wie gewünscht (außer dem s-banking problem) dann absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.74 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.09.2012, 21:36
| #15 | |
| | Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exeZitat:
 Obiges habe ich erledigt. Als AntiMalware-Programm habe ich mich für Emsisoft Anti-Malware entschieden - Testzeit läuft bereits. Bei dem Preis kann man fast gar nicht anders. Danke für den Link. In der Woche geht's mit den Benutzerkonten bzw. mit dem Rest weiter. Ach ja ... McAffee habe ich deinstalliert und bekomme nun auch keine Meldung mehr bei SecureBanking. |
|
| Themen zu Secure Banking findet Malware: Unbekannt / Infizierter Prozess: iexplore.exe |
| administrator, anti, anti-malware, autostart, code, dateien, explorer, firefox, gelöscht, gen, hallo zusammen, iexplore.exe, malware, malware gefunden, meldung, platte, prozess, quarantäne, secure, secure banking, service, speicher, tools, unbekannt, updater.exe, verseucht, version |
Linear-Darstellung
