| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Polizei Cyber Crime Investigation Departement Virus auf meinem Vista LaptopWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.09.2012, 21:55
| #1 |
| |  Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop Hallo an alle! Ich habe mich soeben neu registriert, da ich vor einer Stunde diesen Polizei Virus mit Österreich Ausprägung auf meinen Vista Laptop bekommen habe. Nun habe ich mir dieses Malwarebytes runtergeladen und mache gerade einen Quick Scan. Ich werde die Protokoll Datei dann posten. Ich hoffe, ihr könnt mir helfen, diesen Virus zu beseitigen, da es mein erster ist und ich nun etwas unbeholfen bin... Ich kenne mich mit PCs auch nicht soo toll aus, von daher bitte ich um Hilfe für sogenannte Newbies... Danke euch vielmals! Schöne Grüße... Malwarebytes Anti-Malware (Test) 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.14.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 home :: HOME-PC [Administrator] Schutz: Aktiviert 14.09.2012 22:46:21 mbam-log-2012-09-14 (22-46-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 190069 Laufzeit: 15 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\home\AppData\Local\Temp\wpbt0.dll (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ---------------------------------------------- Das ist das Protokoll. Was muss ich nun weiter tun, um den Virus endgültig zu löschen?? Danke euch im Voraus!! |
|
15.09.2012, 17:47
| #2 |
| /// Malware-holic   | Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
16.09.2012, 11:22
| #3 |
| | Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop Danke dir für die schnelle Hilfe. Anbei sind die beiden Dateien:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 16.09.2012 11:47:55 - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\home\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,85% Memory free 6,18 Gb Paging File | 4,60 Gb Available in Paging File | 74,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 4,41 Gb Free Space | 3,79% Space Free | Partition Type: NTFS Drive D: | 106,67 Gb Total Space | 65,25 Gb Free Space | 61,16% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.16 11:45:37 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.08.17 17:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.07.03 19:21:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.16 21:47:22 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe PRC - [2010.10.12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe PRC - [2010.02.25 10:46:47 | 000,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.06.22 16:21:58 | 000,304,592 | ---- | M] () -- C:\Program Files\XSManager\WTGService.exe PRC - [2009.06.17 12:28:46 | 000,157,968 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2009.06.17 12:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.28 23:48:18 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe PRC - [2008.11.27 04:54:00 | 000,211,512 | ---- | M] (ATK) -- C:\Program files\P4G\BatteryLife.exe PRC - [2008.08.09 06:00:40 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2008.06.24 05:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008.06.18 07:10:34 | 000,424,504 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\smartlogon.exe PRC - [2008.06.18 07:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008.04.01 08:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2010.06.03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.01.03 23:46:18 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2009.03.28 23:48:18 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe MOD - [2008.10.31 00:37:04 | 000,015,360 | ---- | M] () -- C:\Program files\P4G\OvrClk.dll MOD - [2008.08.21 00:49:56 | 000,016,384 | ---- | M] () -- C:\Program files\P4G\DevMng.dll MOD - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe MOD - [2007.11.30 20:25:08 | 000,289,336 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.11.13 00:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll MOD - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll MOD - [2007.03.10 01:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll ========== Services (SafeList) ========== SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.03 18:19:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.08.17 17:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.07.03 19:21:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.16 21:47:22 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.02.25 10:46:47 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service) SRV - [2009.08.25 20:08:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.06.22 16:21:58 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Program Files\XSManager\WTGService.exe -- (WTGService) SRV - [2009.06.17 12:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2009.03.29 00:00:41 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.12.10 13:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.03 19:21:07 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.03 19:21:07 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.07.14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 13:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.31 17:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser) DRV - [2008.06.25 00:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.06.09 10:45:07 | 001,748,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.04.06 03:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.07.12 19:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.02.22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007.02.22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2007.01.24 05:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2006.12.13 11:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.28 15:22:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.28 15:22:48 | 000,000,000 | ---D | M] [2009.07.13 22:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions [2012.04.15 14:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\kfghossn.default\extensions [2012.04.15 14:42:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\kfghossn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.10 19:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.01.19 15:02:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.10.12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010.10.12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010.10.12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010.10.12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2011.05.23 21:22:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.10.12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010.10.12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe () O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab (Java Plug-in 1.4.2) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76EEA7A1-534C-4D2F-ADD8-184C161AB0FD}: DhcpNameServer = 192.168.0.2 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B999FCE5-B9AA-4C28-A085-C6CF623FD341}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\home\Pictures\mustangred1.jpg O24 - Desktop BackupWallPaper: C:\Users\home\Pictures\mustangred1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{351778b7-82a9-11de-b514-00248cc4063a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{4a57edda-cbcd-11de-8b20-00248cc4063a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{4a57eddd-cbcd-11de-8b20-00248cc4063a}\Shell - "" = AutoRun O33 - MountPoints2\{4a57eddd-cbcd-11de-8b20-00248cc4063a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{6eb9020f-d417-11e1-98e5-00248cc4063a}\Shell\AutoRun\command - "" = F:\urDrive.exe O33 - MountPoints2\{6eb9022d-d417-11e1-98e5-00248cc4063a}\Shell\AutoRun\command - "" = G:\urDrive.exe O33 - MountPoints2\{800503bd-d868-11de-879f-00248cc4063a}\Shell - "" = AutoRun O33 - MountPoints2\{800503bd-d868-11de-879f-00248cc4063a}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: P2Go_Menu - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.16 11:45:34 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe [2012.09.14 22:34:29 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Malwarebytes [2012.09.14 22:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.14 22:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.14 22:34:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.14 22:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.14 22:33:12 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\home\Desktop\mbam-setup-1.65.0.1400.exe [2012.09.13 20:57:08 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\Temp1_wirelesskeyview.zip [2012.09.02 15:49:37 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\segeln kroatien 2012 ========== Files - Modified Within 30 Days ========== [2012.09.16 11:45:37 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe [2012.09.16 11:43:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.16 11:43:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.16 11:43:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.16 11:43:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.16 11:37:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.16 11:37:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.16 11:37:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.16 11:37:04 | 3212,042,240 | -HS- | M] () -- C:\hiberfil.sys [2012.09.15 08:56:03 | 000,001,356 | ---- | M] () -- C:\Users\home\AppData\Local\d3d9caps.dat [2012.09.14 23:50:05 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.09.14 23:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.14 22:34:08 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.14 22:08:54 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\home\Desktop\mbam-setup-1.65.0.1400.exe [2012.09.14 21:56:27 | 001,189,189 | ---- | M] () -- C:\Users\home\Desktop\0tbpw.pad [2012.09.13 21:10:37 | 000,307,135 | ---- | M] () -- C:\Users\home\Desktop\WLAN Passwort vergessen_ – So kann man das WLAN Kennwort auslesen! – Anleitung › Wissen › ITler.NET - Der Blog für ITler und Sy.pdf [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.03 17:20:19 | 001,731,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.09.16 11:37:04 | 3212,042,240 | -HS- | C] () -- C:\hiberfil.sys [2012.09.16 11:37:04 | 3212,042,240 | -HS- | C] () -- \hiberfil.sys [2012.09.14 22:34:08 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.14 21:46:57 | 001,189,189 | ---- | C] () -- C:\Users\home\Desktop\0tbpw.pad [2012.09.13 21:10:33 | 000,307,135 | ---- | C] () -- C:\Users\home\Desktop\WLAN Passwort vergessen_ – So kann man das WLAN Kennwort auslesen! – Anleitung › Wissen › ITler.NET - Der Blog für ITler und Sy.pdf [2011.04.24 16:15:48 | 000,001,356 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat [2010.03.15 21:27:33 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS [2010.03.15 21:27:33 | 000,000,000 | RHS- | C] () -- \IO.SYS [2009.07.15 20:24:14 | 000,076,288 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.14 04:23:17 | 000,000,027 | ---- | C] () -- \Driver.20 [2008.12.09 08:37:37 | 001,048,576 | RH-- | C] () -- \X58LE.BIN [2008.11.06 05:14:01 | 000,000,022 | ---- | C] () -- \RECOVERY.DAT [2008.04.16 11:45:26 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK [2008.04.16 11:45:24 | 000,333,257 | RHS- | C] () -- \bootmgr [2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat [2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys ========== LOP Check ========== [2012.09.16 11:39:50 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Dropbox [2010.05.31 20:22:28 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Facebook [2010.02.13 21:49:55 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\FileZilla [2010.12.28 12:34:47 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\GetRightToGo [2012.02.28 17:09:36 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\ICAClient [2012.02.28 15:32:30 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Juniper Networks [2010.12.28 23:50:14 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\KompoZer [2010.02.02 22:36:27 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Netviewer [2009.07.22 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Nokia [2010.02.12 21:13:55 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Nvu [2010.01.17 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\OpenOffice.org [2009.07.22 17:50:00 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PC Suite [2011.08.09 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PTV AG [2010.01.28 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\XSManager [2012.09.14 23:54:41 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.07.13 21:11:03 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.02.25 17:44:29 | 000,000,000 | ---D | M] -- C:\ADCD [2009.03.29 00:07:22 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2009.03.29 00:18:17 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS [2010.02.02 21:33:47 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.13 21:03:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.03.15 21:27:44 | 000,000,000 | ---D | M] -- C:\DTE [2009.03.28 23:14:06 | 000,000,000 | ---D | M] -- C:\Intel [2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.09.14 22:33:59 | 000,000,000 | R--D | M] -- C:\Program Files [2012.09.14 22:34:06 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.09.16 11:50:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.03.29 00:18:52 | 000,000,000 | ---D | M] -- C:\temp [2009.07.13 21:08:41 | 000,000,000 | R--D | M] -- C:\Users [2012.09.14 23:56:00 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < MD5 for: AGP440.SYS > [2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 02:03:11 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 02:03:11 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:34:35 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2012.09.16 11:48:08 | 002,359,296 | -HS- | M] () -- C:\Users\home\NTUSER.DAT [2012.09.16 11:48:08 | 000,262,144 | -H-- | M] () -- C:\Users\home\ntuser.dat.LOG1 [2009.07.13 21:08:42 | 000,000,000 | -H-- | M] () -- C:\Users\home\ntuser.dat.LOG2 [2012.09.15 08:59:41 | 000,065,536 | -HS- | M] () -- C:\Users\home\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2012.09.15 08:59:41 | 000,524,288 | -HS- | M] () -- C:\Users\home\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2009.07.13 21:17:17 | 000,524,288 | -HS- | M] () -- C:\Users\home\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2009.07.13 21:08:42 | 000,000,020 | -HS- | M] () -- C:\Users\home\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\home\Documents\CIMG3790b2.AVI:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\home\Documents\CIMG3789b2.AVI:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\home\Documents\CIMG3788b2.AVI:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\home\Documents\CIMG3787b2.AVI:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\home\Documents\aoe-paris.avi:TOC.WMV < End of report > -----------------------------------------------------OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.09.2012 11:47:55 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\home\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,85% Memory free
6,18 Gb Paging File | 4,60 Gb Available in Paging File | 74,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 4,41 Gb Free Space | 3,79% Space Free | Partition Type: NTFS
Drive D: | 106,67 Gb Total Space | 65,25 Gb Free Space | 61,16% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5E91CB86-9D13-4AF4-B9D8-DF6550A6607A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DD42531-B454-450C-9200-F5606DD0C7DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75388F5B-445D-4078-A20D-47B9A2689972}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC601189-1B46-4BB9-9B45-71B3F4684627}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B64BFDBF-0E4A-4C26-AAA9-173A6F11756D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CF5B09EF-153C-46B7-BF20-C3D07527283F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBA13DBC-3BA6-4DAE-8FA4-1C570AD223C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7893999-D993-4CFA-8C7C-F88ADB4739E0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F697B65B-2E55-4C1D-B9B7-018930A7492A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041E37FE-9B68-4E59-8769-3F1450E0847C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{13413C01-F77A-486E-A7A1-2E0D5F2FCF95}" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
"{20DD9629-D1C8-47D8-97D9-9EA4F5294884}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A72D4DC-D665-4547-95D6-1FD78B418B6E}" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
"{348437F3-4F6F-41B4-92E5-A43C25EFA801}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41F114FE-5C0B-44F0-82BC-84AC5B602BEA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{45E056EF-9102-4F7F-B2D0-443AE564E175}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56F4C305-4959-4115-B443-98E560445320}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5CB542D1-615F-45A6-BDB5-7DDA5B9C5970}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5EEA97E5-CAE7-4823-9244-6EB1516F055E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{61A3A5BB-5DE4-44F7-A993-59E93F8D4540}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{64D574D0-132F-4788-976B-27E0A34F3DA7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{66ECC23E-EB82-442F-B50E-BE2AE5F36AAA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{6C8D0B84-9392-4B10-ACD1-2A294E9B7730}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{70471E75-B2D6-4349-8CFF-F77263C72663}" = protocol=6 | dir=out | app=system |
"{70965A17-CA83-4A77-962A-2A93D786E675}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{839A6FD9-F670-4916-9FC1-E35CEE77A42E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B413482-3EDD-4CEB-92B1-89F58DFE55F2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{ACC0CFBA-4F25-4BE5-BA60-4087C45F34C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ADAFA64A-5B06-4EF4-98CA-3C9605DB40D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA2EC03B-EF52-470E-AD13-B13DE811092F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC8EB30F-B632-4FE0-A2C2-87BBF481A8C6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BF3F3126-38B8-44FB-83D6-6058303E219F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB76DA26-7BE7-451F-BE7A-2B5CF065F597}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E044ADDF-472E-461C-899C-0395D147D3DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E39659FA-A6DF-4937-9F77-A4D0A5BA9686}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{F9F5BE2F-356F-4A56-8D49-7B4B01EF3987}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"TCP Query User{6E156F88-AFED-42C1-B674-ED30F54698FD}C:\program files\netviewer\support\nv_support_berater_de_free.exe" = protocol=6 | dir=in | app=c:\program files\netviewer\support\nv_support_berater_de_free.exe |
"TCP Query User{74F0B867-B4E4-4A57-92DE-40B48F456FCF}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{93CA46AA-2A67-40FB-AB52-ED24F43E475F}C:\users\home\desktop\nv_support_berater_de_free.exe" = protocol=6 | dir=in | app=c:\users\home\desktop\nv_support_berater_de_free.exe |
"TCP Query User{C72C9392-A3FE-4486-9493-4982A9423C34}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{30D896BB-A5C3-4351-929F-B345E9F7639E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A0E3C7E5-8279-4D6B-A1CC-CDB7923D8A82}C:\program files\netviewer\support\nv_support_berater_de_free.exe" = protocol=17 | dir=in | app=c:\program files\netviewer\support\nv_support_berater_de_free.exe |
"UDP Query User{BACD9C0E-B7F1-4216-AB23-1CD7D634BBDB}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E4F24948-A74A-4061-B0B9-F8F94660EC05}C:\users\home\desktop\nv_support_berater_de_free.exe" = protocol=17 | dir=in | app=c:\users\home\desktop\nv_support_berater_de_free.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{089B1349-BA53-43B1-A2C9-DBF9A7F8FD30}" = MOTORRAD Tourenplaner 2008/2009
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix Online Plug-in (Web)
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix Online Plug-in (USB)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62CF8923-31DC-4285-A23C-17CE5AA6A679}" = Express Gate
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix Online Plug-in (DV)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{73F796D0-8F6C-45F8-86D6-085F7A36787B}" = Zusatzmodul GPS-Tourenplaner MTP09
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8231E7FB-EF2F-4866-95B3-C3C54A910033}" = Netviewer Meet
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE75AF6A-22AC-4497-AE20-9FA4F4B10033}" = Netviewer Support
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC905847-D537-427F-BF91-47CC7ACCDE58}" = ASUS FancyStart
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix Online Plug-in (HDX)
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows-Treiberpaket - Nokia Modem (10/12/2007 3.6)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"DTE" = DTE
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 7.4 by MixMeister
"FileZilla Client" = FileZilla Client 3.3.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KompoZer_is1" = KompoZer 0.77
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Nvu_is1" = Nvu 1.0
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"TVWiz" = Intel(R) TV Wizard
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.0.0
"XSManager" = XSManager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Setup_Client" = Juniper Networks Setup Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.07.2012 08:14:04 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.07.2012 08:14:06 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.07.2012 08:14:07 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.07.2012 08:14:21 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.07.2012 08:22:59 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.07.2012 08:22:59 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.07.2012 08:23:08 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.07.2012 08:23:10 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.07.2012 08:23:11 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.07.2012 08:23:28 | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 15.09.2012 02:55:11 | Computer Name = home-PC | Source = DCOM | ID = 10005
Description =
Error - 15.09.2012 02:55:20 | Computer Name = home-PC | Source = DCOM | ID = 10005
Description =
Error - 15.09.2012 02:55:22 | Computer Name = home-PC | Source = DCOM | ID = 10005
Description =
Error - 15.09.2012 02:55:22 | Computer Name = home-PC | Source = DCOM | ID = 10005
Description =
Error - 15.09.2012 02:55:22 | Computer Name = home-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15.09.2012 02:55:22 | Computer Name = home-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15.09.2012 02:55:55 | Computer Name = home-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15.09.2012 02:55:59 | Computer Name = home-PC | Source = DCOM | ID = 10005
Description =
Error - 15.09.2012 02:56:00 | Computer Name = home-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.09.2012 05:42:40 | Computer Name = home-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
|
|
17.09.2012, 17:08
| #4 | |
| /// Malware-holic | Polizei Cyber Crime Investigation Departement Virus auf meinem Vista LaptopCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.09.2012, 22:32
| #5 |
| | Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop Combofix Logfile: Code:
ATTFilter ComboFix 12-09-16.01 - home 17.09.2012 22:45:32.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.43.1031.18.3062.1848 [GMT 2:00]
ausgeführt von:: c:\users\home\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
c:\windows\system32\OLEAUT32.1
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-17 bis 2012-09-17 ))))))))))))))))))))))))))))))
.
.
2012-09-17 21:07 . 2012-09-17 21:08 -------- d-----w- c:\users\home\AppData\Local\temp
2012-09-17 21:07 . 2012-09-17 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-14 20:34 . 2012-09-14 20:34 -------- d-----w- c:\users\home\AppData\Roaming\Malwarebytes
2012-09-14 20:34 . 2012-09-14 20:34 -------- d-----w- c:\programdata\Malwarebytes
2012-09-14 20:34 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 20:33 . 2012-09-14 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-14 18:52 . 2012-08-27 23:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA8418F9-94A2-4060-B4AE-A273451E50ED}\mpengine.dll
2012-09-03 15:07 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-02 14:09 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 21:50 . 2009-03-28 22:07 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-09-03 16:19 . 2012-06-19 12:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-03 16:19 . 2011-05-23 19:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 11:55 . 2012-07-26 11:55 161792 ----a-w- c:\windows\system32\msls31.dll
2012-07-26 11:55 . 2012-07-26 11:55 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-26 11:55 . 2012-07-26 11:55 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-26 11:55 . 2012-07-26 11:55 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-26 11:55 . 2012-07-26 11:55 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-07-26 11:55 . 2012-07-26 11:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-26 11:55 . 2012-07-26 11:55 367104 ----a-w- c:\windows\system32\html.iec
2012-07-26 11:55 . 2012-07-26 11:55 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-07-26 11:55 . 2012-07-26 11:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-07-26 11:55 . 2012-07-26 11:55 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-26 11:55 . 2012-07-26 11:55 152064 ----a-w- c:\windows\system32\wextract.exe
2012-07-26 11:55 . 2012-07-26 11:55 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-07-26 11:55 . 2012-07-26 11:55 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-07-26 11:55 . 2012-07-26 11:55 11776 ----a-w- c:\windows\system32\mshta.exe
2012-07-26 11:55 . 2012-07-26 11:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-26 11:55 . 2012-07-26 11:55 101888 ----a-w- c:\windows\system32\admparse.dll
2012-07-26 11:54 . 2012-07-26 11:54 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-07-26 11:54 . 2012-07-26 11:54 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-07-26 11:54 . 2012-07-26 11:54 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-07-26 11:54 . 2012-07-26 11:54 2873344 ----a-w- c:\windows\system32\mf.dll
2012-07-26 11:54 . 2012-07-26 11:54 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-26 11:54 . 2012-07-26 11:54 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-26 11:54 . 2012-07-26 11:54 586240 ----a-w- c:\windows\system32\stobject.dll
2012-07-26 11:54 . 2012-07-26 11:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-07-26 11:54 . 2012-07-26 11:54 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-26 11:54 . 2012-07-26 11:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-07-26 11:53 . 2012-07-26 11:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-07-26 11:53 . 2012-07-26 11:53 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-07-26 11:53 . 2012-07-26 11:53 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-07-26 11:53 . 2012-07-26 11:53 37376 ----a-w- c:\windows\system32\cdd.dll
2012-07-26 11:53 . 2012-07-26 11:53 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-07-26 11:53 . 2012-07-26 11:53 258048 ----a-w- c:\windows\system32\winspool.drv
2012-07-26 11:53 . 2012-07-26 11:53 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-07-26 11:53 . 2012-07-26 11:53 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-07-26 11:53 . 2012-07-26 11:53 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-07-26 11:53 . 2012-07-26 11:53 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2010-10-12 15:33 . 2010-10-12 15:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 17:15 . 2010-10-12 17:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 15:37 . 2010-10-12 15:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 15:35 . 2010-10-12 15:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 15:34 . 2010-10-12 15:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 15:32 . 2010-10-12 15:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 15:35 . 2010-10-12 15:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 15:34 . 2010-10-12 15:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 11:42 . 2010-07-14 11:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 15:37 . 2010-10-12 15:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-01-19 13:02 . 2011-10-02 18:13 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-20 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-20 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-23 6707744]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2009-03-28 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-03-28 33136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 1029416]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"starter4g"="c:\windows\starter4g.exe" [2009-06-17 157968]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-23 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
.
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe [2009-3-28 12862]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-04-02 17:09 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 16:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\kfghossn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-17 23:08
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(740)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Zeit der Fertigstellung: 2012-09-17 23:17:20
ComboFix-quarantined-files.txt 2012-09-17 21:17
.
Vor Suchlauf: 4.924.305.408 Bytes frei
Nach Suchlauf: 5.221.171.200 Bytes frei
.
- - End Of File - - 1A1201CA8EC087DE648A05C78F8C7980
Ich hoffe, es stimmt so, wie ich vorgegangen bin und die Datei ist hilfreich?! Danke, LG |
|
18.09.2012, 18:47
| #6 |
| /// Malware-holic | Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop |
|
18.09.2012, 21:14
| #7 |
| | Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop Hallo Anbei sende ich dieses TDSSKiller Logfile: 22:07:19.0549 5864 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 22:07:19.0640 5864 ============================================================ 22:07:19.0640 5864 Current date / time: 2012/09/18 22:07:19.0640 22:07:19.0640 5864 SystemInfo: 22:07:19.0640 5864 22:07:19.0640 5864 OS Version: 6.0.6002 ServicePack: 2.0 22:07:19.0640 5864 Product type: Workstation 22:07:19.0640 5864 ComputerName: HOME-PC 22:07:19.0641 5864 UserName: home 22:07:19.0641 5864 Windows directory: C:\Windows 22:07:19.0641 5864 System windows directory: C:\Windows 22:07:19.0641 5864 Processor architecture: Intel x86 22:07:19.0641 5864 Number of processors: 2 22:07:19.0641 5864 Page size: 0x1000 22:07:19.0641 5864 Boot type: Normal boot 22:07:19.0641 5864 ============================================================ 22:07:20.0523 5864 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:07:20.0526 5864 ============================================================ 22:07:20.0526 5864 \Device\Harddisk0\DR0: 22:07:20.0527 5864 MBR partitions: 22:07:20.0527 5864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xE8E2800 22:07:20.0558 5864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFC6B800, BlocksNum 0xD559800 22:07:20.0558 5864 ============================================================ 22:07:20.0847 5864 C: <-> \Device\Harddisk0\DR0\Partition1 22:07:21.0015 5864 D: <-> \Device\Harddisk0\DR0\Partition2 22:07:21.0016 5864 ============================================================ 22:07:21.0016 5864 Initialize success 22:07:21.0016 5864 ============================================================ 22:07:48.0109 3428 ============================================================ 22:07:48.0109 3428 Scan started 22:07:48.0109 3428 Mode: Manual; SigCheck; TDLFS; 22:07:48.0109 3428 ============================================================ 22:07:48.0854 3428 ================ Scan system memory ======================== 22:07:48.0854 3428 System memory - ok 22:07:48.0855 3428 ================ Scan services ============================= 22:07:49.0504 3428 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 22:07:49.0645 3428 ACPI - ok 22:07:50.0016 3428 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 22:07:50.0031 3428 AdobeFlashPlayerUpdateSvc - ok 22:07:50.0256 3428 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 22:07:50.0486 3428 adp94xx - ok 22:07:50.0584 3428 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 22:07:50.0661 3428 adpahci - ok 22:07:50.0850 3428 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 22:07:50.0866 3428 adpu160m - ok 22:07:50.0922 3428 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 22:07:50.0939 3428 adpu320 - ok 22:07:51.0140 3428 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 22:07:51.0234 3428 ADSMService ( UnsignedFile.Multi.Generic ) - warning 22:07:51.0234 3428 ADSMService - detected UnsignedFile.Multi.Generic (1) 22:07:51.0274 3428 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:07:51.0455 3428 AeLookupSvc - ok 22:07:51.0590 3428 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 22:07:51.0639 3428 AFD - ok 22:07:51.0707 3428 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:07:51.0723 3428 agp440 - ok 22:07:51.0818 3428 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 22:07:51.0863 3428 aic78xx - ok 22:07:51.0913 3428 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 22:07:52.0077 3428 ALG - ok 22:07:52.0152 3428 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 22:07:52.0168 3428 aliide - ok 22:07:52.0237 3428 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 22:07:52.0267 3428 amdagp - ok 22:07:52.0303 3428 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 22:07:52.0324 3428 amdide - ok 22:07:52.0389 3428 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 22:07:52.0435 3428 AmdK7 - ok 22:07:52.0465 3428 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 22:07:52.0538 3428 AmdK8 - ok 22:07:52.0623 3428 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 22:07:52.0671 3428 AntiVirSchedulerService - ok 22:07:52.0698 3428 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 22:07:52.0712 3428 AntiVirService - ok 22:07:52.0770 3428 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 22:07:53.0321 3428 Appinfo - ok 22:07:53.0560 3428 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:07:53.0665 3428 Apple Mobile Device - ok 22:07:53.0763 3428 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 22:07:53.0782 3428 arc - ok 22:07:53.0836 3428 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 22:07:53.0859 3428 arcsas - ok 22:07:53.0925 3428 [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys 22:07:53.0947 3428 AsDsm - ok 22:07:54.0032 3428 [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe 22:07:54.0094 3428 ASLDRService ( UnsignedFile.Multi.Generic ) - warning 22:07:54.0094 3428 ASLDRService - detected UnsignedFile.Multi.Generic (1) 22:07:54.0183 3428 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys 22:07:54.0192 3428 ASMMAP - ok 22:07:54.0292 3428 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:07:54.0372 3428 AsyncMac - ok 22:07:54.0414 3428 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 22:07:54.0431 3428 atapi - ok 22:07:54.0753 3428 [ 4DF523F49694B2884F8E5D870BF3E253 ] athr C:\Windows\system32\DRIVERS\athr.sys 22:07:54.0960 3428 athr - ok 22:07:55.0017 3428 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe 22:07:55.0058 3428 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning 22:07:55.0058 3428 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1) 22:07:55.0221 3428 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:07:55.0303 3428 AudioEndpointBuilder - ok 22:07:55.0353 3428 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 22:07:55.0381 3428 Audiosrv - ok 22:07:55.0504 3428 [ 76B04173A13A045523FD10DB483E2B25 ] Autodata Limited License Service C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe 22:07:55.0560 3428 Autodata Limited License Service ( UnsignedFile.Multi.Generic ) - warning 22:07:55.0560 3428 Autodata Limited License Service - detected UnsignedFile.Multi.Generic (1) 22:07:55.0600 3428 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys 22:07:55.0611 3428 avgio - ok 22:07:55.0647 3428 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 22:07:55.0661 3428 avgntflt - ok 22:07:55.0685 3428 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 22:07:55.0699 3428 avipbb - ok 22:07:55.0808 3428 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 22:07:55.0882 3428 Beep - ok 22:07:55.0979 3428 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 22:07:56.0101 3428 BFE - ok 22:07:56.0322 3428 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 22:07:56.0518 3428 BITS - ok 22:07:56.0581 3428 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 22:07:56.0634 3428 blbdrive - ok 22:07:56.0800 3428 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 22:07:56.0937 3428 Bonjour Service - ok 22:07:57.0047 3428 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:07:57.0114 3428 bowser - ok 22:07:57.0166 3428 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 22:07:57.0213 3428 BrFiltLo - ok 22:07:57.0238 3428 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 22:07:57.0328 3428 BrFiltUp - ok 22:07:57.0383 3428 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 22:07:57.0510 3428 Browser - ok 22:07:57.0571 3428 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 22:07:57.0779 3428 Brserid - ok 22:07:57.0851 3428 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 22:07:57.0953 3428 BrSerWdm - ok 22:07:57.0984 3428 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 22:07:58.0055 3428 BrUsbMdm - ok 22:07:58.0105 3428 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 22:07:58.0150 3428 BrUsbSer - ok 22:07:58.0188 3428 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 22:07:58.0257 3428 BTHMODEM - ok 22:07:58.0366 3428 catchme - ok 22:07:58.0393 3428 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:07:58.0521 3428 cdfs - ok 22:07:58.0587 3428 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:07:58.0636 3428 cdrom - ok 22:07:58.0700 3428 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 22:07:58.0755 3428 CertPropSvc - ok 22:07:58.0784 3428 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 22:07:58.0826 3428 circlass - ok 22:07:58.0951 3428 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 22:07:59.0015 3428 CLFS - ok 22:07:59.0646 3428 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:07:59.0810 3428 clr_optimization_v2.0.50727_32 - ok 22:07:59.0947 3428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:08:00.0095 3428 clr_optimization_v4.0.30319_32 - ok 22:08:00.0161 3428 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 22:08:00.0216 3428 CmBatt - ok 22:08:00.0254 3428 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:08:00.0276 3428 cmdide - ok 22:08:00.0395 3428 [ 675D67423980FC1784B93AA47D350A31 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys 22:08:00.0463 3428 cmnsusbser - ok 22:08:00.0479 3428 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 22:08:00.0501 3428 Compbatt - ok 22:08:00.0508 3428 COMSysApp - ok 22:08:00.0559 3428 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 22:08:00.0580 3428 crcdisk - ok 22:08:00.0650 3428 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 22:08:00.0713 3428 Crusoe - ok 22:08:00.0814 3428 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:08:00.0877 3428 CryptSvc - ok 22:08:00.0969 3428 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 22:08:00.0981 3428 ctxusbm - ok 22:08:01.0059 3428 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:08:01.0262 3428 DcomLaunch - ok 22:08:01.0345 3428 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:08:01.0457 3428 DfsC - ok 22:08:01.0857 3428 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 22:08:02.0074 3428 DFSR - ok 22:08:02.0176 3428 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 22:08:02.0290 3428 Dhcp - ok 22:08:02.0351 3428 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 22:08:02.0375 3428 disk - ok 22:08:02.0513 3428 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:08:02.0641 3428 Dnscache - ok 22:08:02.0707 3428 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:08:02.0775 3428 dot3svc - ok 22:08:02.0820 3428 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 22:08:02.0902 3428 DPS - ok 22:08:02.0950 3428 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:08:02.0995 3428 drmkaud - ok 22:08:03.0155 3428 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:08:03.0197 3428 DXGKrnl - ok 22:08:03.0263 3428 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 22:08:03.0401 3428 E1G60 - ok 22:08:03.0462 3428 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 22:08:03.0529 3428 EapHost - ok 22:08:03.0584 3428 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 22:08:03.0603 3428 Ecache - ok 22:08:03.0680 3428 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 22:08:03.0710 3428 elxstor - ok 22:08:03.0806 3428 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 22:08:03.0925 3428 EMDMgmt - ok 22:08:03.0958 3428 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:08:03.0984 3428 ErrDev - ok 22:08:04.0077 3428 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 22:08:04.0187 3428 EventSystem - ok 22:08:04.0258 3428 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 22:08:04.0425 3428 exfat - ok 22:08:04.0492 3428 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:08:04.0594 3428 fastfat - ok 22:08:04.0653 3428 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:08:04.0721 3428 fdc - ok 22:08:04.0766 3428 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 22:08:04.0812 3428 fdPHost - ok 22:08:04.0831 3428 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 22:08:04.0923 3428 FDResPub - ok 22:08:04.0949 3428 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:08:04.0964 3428 FileInfo - ok 22:08:05.0029 3428 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:08:05.0092 3428 Filetrace - ok 22:08:05.0188 3428 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 22:08:05.0229 3428 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 22:08:05.0229 3428 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 22:08:05.0270 3428 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:08:05.0360 3428 flpydisk - ok 22:08:05.0418 3428 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:08:05.0441 3428 FltMgr - ok 22:08:05.0609 3428 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 22:08:05.0800 3428 FontCache - ok 22:08:05.0880 3428 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 22:08:05.0892 3428 FontCache3.0.0.0 - ok 22:08:05.0971 3428 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:08:06.0016 3428 Fs_Rec - ok 22:08:06.0092 3428 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 22:08:06.0111 3428 gagp30kx - ok 22:08:06.0172 3428 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:08:06.0187 3428 GEARAspiWDM - ok 22:08:06.0328 3428 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 22:08:06.0481 3428 gpsvc - ok 22:08:06.0574 3428 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:08:06.0664 3428 HdAudAddService - ok 22:08:06.0792 3428 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 22:08:06.0918 3428 HDAudBus - ok 22:08:06.0952 3428 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 22:08:07.0060 3428 HidBth - ok 22:08:07.0090 3428 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 22:08:07.0151 3428 HidIr - ok 22:08:07.0209 3428 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 22:08:07.0328 3428 hidserv - ok 22:08:07.0377 3428 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:08:07.0425 3428 HidUsb - ok 22:08:07.0477 3428 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:08:07.0595 3428 hkmsvc - ok 22:08:07.0669 3428 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 22:08:07.0688 3428 HpCISSs - ok 22:08:07.0861 3428 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:08:07.0956 3428 HTTP - ok 22:08:08.0013 3428 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 22:08:08.0028 3428 i2omp - ok 22:08:08.0086 3428 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 22:08:08.0135 3428 i8042prt - ok 22:08:08.0185 3428 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 22:08:08.0201 3428 iaStor - ok 22:08:08.0396 3428 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 22:08:08.0420 3428 iaStorV - ok 22:08:08.0591 3428 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:08:09.0047 3428 idsvc - ok 22:08:09.0698 3428 [ E58042A15DFDF2962B4C26F5C8B4C871 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 22:08:10.0014 3428 igfx - ok 22:08:10.0098 3428 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 22:08:10.0115 3428 iirsp - ok 22:08:10.0248 3428 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 22:08:10.0439 3428 IKEEXT - ok 22:08:10.0674 3428 [ 3C1C6F24E968EE92928AB908F35FE05E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 22:08:10.0979 3428 IntcAzAudAddService - ok 22:08:11.0080 3428 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 22:08:11.0102 3428 intelide - ok 22:08:11.0202 3428 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:08:11.0229 3428 intelppm - ok 22:08:11.0310 3428 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:08:11.0364 3428 IPBusEnum - ok 22:08:11.0400 3428 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:08:11.0457 3428 IpFilterDriver - ok 22:08:11.0594 3428 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:08:11.0710 3428 iphlpsvc - ok 22:08:11.0716 3428 IpInIp - ok 22:08:11.0756 3428 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 22:08:11.0825 3428 IPMIDRV - ok 22:08:11.0901 3428 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 22:08:11.0942 3428 IPNAT - ok 22:08:12.0074 3428 [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 22:08:12.0199 3428 iPod Service - ok 22:08:12.0236 3428 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:08:12.0291 3428 IRENUM - ok 22:08:12.0395 3428 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:08:12.0415 3428 isapnp - ok 22:08:12.0578 3428 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 22:08:12.0597 3428 iScsiPrt - ok 22:08:12.0634 3428 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 22:08:12.0652 3428 iteatapi - ok 22:08:12.0678 3428 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 22:08:12.0695 3428 iteraid - ok 22:08:12.0745 3428 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 22:08:12.0760 3428 kbdclass - ok 22:08:12.0838 3428 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 22:08:12.0964 3428 kbdhid - ok 22:08:13.0003 3428 [ CC2A86D7BBF14977340DCA61BBCBA771 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 22:08:13.0115 3428 kbfiltr - ok 22:08:13.0166 3428 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 22:08:13.0274 3428 KeyIso - ok 22:08:13.0330 3428 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:08:13.0399 3428 KSecDD - ok 22:08:13.0481 3428 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 22:08:13.0670 3428 KtmRm - ok 22:08:13.0717 3428 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 22:08:13.0831 3428 LanmanServer - ok 22:08:13.0864 3428 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:08:14.0064 3428 LanmanWorkstation - ok 22:08:14.0161 3428 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 22:08:14.0169 3428 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 22:08:14.0169 3428 LightScribeService - detected UnsignedFile.Multi.Generic (1) 22:08:14.0228 3428 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:08:14.0281 3428 lltdio - ok 22:08:14.0379 3428 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:08:14.0516 3428 lltdsvc - ok 22:08:14.0547 3428 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:08:14.0651 3428 lmhosts - ok 22:08:14.0721 3428 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 22:08:14.0737 3428 LSI_FC - ok 22:08:14.0841 3428 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 22:08:14.0857 3428 LSI_SAS - ok 22:08:14.0959 3428 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 22:08:14.0979 3428 LSI_SCSI - ok 22:08:15.0005 3428 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 22:08:15.0113 3428 luafv - ok 22:08:15.0193 3428 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 22:08:15.0210 3428 MBAMProtector - ok 22:08:15.0437 3428 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 22:08:15.0511 3428 MBAMScheduler - ok 22:08:15.0846 3428 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 22:08:16.0101 3428 MBAMService - ok 22:08:16.0173 3428 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 22:08:16.0191 3428 megasas - ok 22:08:16.0261 3428 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 22:08:16.0367 3428 MegaSR - ok 22:08:16.0422 3428 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 22:08:16.0559 3428 MMCSS - ok 22:08:16.0601 3428 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 22:08:16.0650 3428 Modem - ok 22:08:16.0679 3428 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:08:16.0750 3428 monitor - ok 22:08:16.0782 3428 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:08:16.0798 3428 mouclass - ok 22:08:16.0821 3428 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:08:16.0897 3428 mouhid - ok 22:08:16.0927 3428 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 22:08:16.0943 3428 MountMgr - ok 22:08:16.0991 3428 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 22:08:17.0007 3428 mpio - ok 22:08:17.0032 3428 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:08:17.0111 3428 mpsdrv - ok 22:08:17.0307 3428 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 22:08:17.0427 3428 MpsSvc - ok 22:08:17.0488 3428 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 22:08:17.0502 3428 Mraid35x - ok 22:08:17.0560 3428 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:08:17.0604 3428 MRxDAV - ok 22:08:17.0713 3428 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:08:17.0781 3428 mrxsmb - ok 22:08:17.0809 3428 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:08:17.0876 3428 mrxsmb10 - ok 22:08:17.0906 3428 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:08:17.0974 3428 mrxsmb20 - ok 22:08:18.0021 3428 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 22:08:18.0035 3428 msahci - ok 22:08:18.0077 3428 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:08:18.0093 3428 msdsm - ok 22:08:18.0197 3428 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 22:08:18.0320 3428 MSDTC - ok 22:08:18.0389 3428 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:08:18.0436 3428 Msfs - ok 22:08:18.0486 3428 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:08:18.0506 3428 msisadrv - ok 22:08:18.0570 3428 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:08:18.0669 3428 MSiSCSI - ok 22:08:18.0674 3428 msiserver - ok 22:08:18.0739 3428 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:08:18.0767 3428 MSKSSRV - ok 22:08:18.0816 3428 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:08:18.0887 3428 MSPCLOCK - ok 22:08:18.0914 3428 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:08:18.0977 3428 MSPQM - ok 22:08:19.0029 3428 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:08:19.0055 3428 MsRPC - ok 22:08:19.0091 3428 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 22:08:19.0111 3428 mssmbios - ok 22:08:19.0151 3428 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:08:19.0187 3428 MSTEE - ok 22:08:19.0288 3428 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys 22:08:19.0344 3428 MTsensor - ok 22:08:19.0380 3428 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 22:08:19.0460 3428 Mup - ok 22:08:19.0502 3428 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 22:08:19.0697 3428 napagent - ok 22:08:19.0765 3428 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:08:19.0812 3428 NativeWifiP - ok 22:08:19.0875 3428 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:08:19.0908 3428 NDIS - ok 22:08:19.0999 3428 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:08:20.0028 3428 NdisTapi - ok 22:08:20.0048 3428 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:08:20.0104 3428 Ndisuio - ok 22:08:20.0138 3428 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:08:20.0164 3428 NdisWan - ok 22:08:20.0235 3428 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:08:20.0319 3428 NDProxy - ok 22:08:20.0384 3428 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:08:20.0475 3428 NetBIOS - ok 22:08:20.0533 3428 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 22:08:20.0597 3428 netbt - ok 22:08:20.0627 3428 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 22:08:20.0690 3428 Netlogon - ok 22:08:20.0765 3428 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 22:08:20.0890 3428 Netman - ok 22:08:20.0917 3428 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 22:08:20.0992 3428 netprofm - ok 22:08:21.0071 3428 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:08:21.0087 3428 NetTcpPortSharing - ok 22:08:21.0126 3428 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 22:08:21.0141 3428 nfrd960 - ok 22:08:21.0162 3428 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:08:21.0237 3428 NlaSvc - ok 22:08:21.0440 3428 [ 696B37EA78F9D9767A2F18BA0304A51A ] nmwcd C:\Windows\system32\drivers\nmwcd.sys 22:08:21.0507 3428 nmwcd - ok 22:08:21.0593 3428 [ BBB6010FC01D9239D88FCDF133E03FF0 ] nmwcdc C:\Windows\system32\drivers\nmwcdc.sys 22:08:21.0696 3428 nmwcdc - ok 22:08:21.0712 3428 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcj C:\Windows\system32\drivers\nmwcdcj.sys 22:08:21.0774 3428 nmwcdcj - ok 22:08:21.0810 3428 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcm C:\Windows\system32\drivers\nmwcdcm.sys 22:08:21.0833 3428 nmwcdcm - ok 22:08:21.0916 3428 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:08:21.0951 3428 Npfs - ok 22:08:22.0031 3428 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 22:08:22.0133 3428 nsi - ok 22:08:22.0173 3428 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:08:22.0202 3428 nsiproxy - ok 22:08:22.0282 3428 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:08:22.0397 3428 Ntfs - ok 22:08:22.0473 3428 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 22:08:22.0562 3428 ntrigdigi - ok 22:08:22.0599 3428 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 22:08:22.0663 3428 Null - ok 22:08:22.0711 3428 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:08:22.0739 3428 nvraid - ok 22:08:22.0773 3428 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:08:22.0789 3428 nvstor - ok 22:08:22.0830 3428 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:08:22.0847 3428 nv_agp - ok 22:08:22.0853 3428 NwlnkFlt - ok 22:08:22.0865 3428 NwlnkFwd - ok 22:08:22.0926 3428 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 22:08:22.0998 3428 ohci1394 - ok 22:08:23.0082 3428 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 22:08:23.0284 3428 p2pimsvc - ok 22:08:23.0350 3428 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 22:08:23.0445 3428 p2psvc - ok 22:08:23.0522 3428 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 22:08:23.0593 3428 Parport - ok 22:08:23.0637 3428 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:08:23.0655 3428 partmgr - ok 22:08:23.0683 3428 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 22:08:23.0752 3428 Parvdm - ok 22:08:23.0828 3428 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 22:08:23.0952 3428 PcaSvc - ok 22:08:24.0041 3428 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 22:08:24.0061 3428 pci - ok 22:08:24.0099 3428 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 22:08:24.0117 3428 pciide - ok 22:08:24.0201 3428 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 22:08:24.0233 3428 pcmcia - ok 22:08:24.0285 3428 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:08:24.0457 3428 PEAUTH - ok 22:08:24.0787 3428 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 22:08:24.0948 3428 pla - ok 22:08:25.0041 3428 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:08:25.0151 3428 PlugPlay - ok 22:08:25.0237 3428 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 22:08:25.0312 3428 PNRPAutoReg - ok 22:08:25.0348 3428 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 22:08:25.0425 3428 PNRPsvc - ok 22:08:25.0563 3428 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:08:25.0635 3428 PolicyAgent - ok 22:08:25.0740 3428 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:08:25.0832 3428 PptpMiniport - ok 22:08:25.0931 3428 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 22:08:25.0963 3428 Processor - ok 22:08:26.0034 3428 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 22:08:26.0110 3428 ProfSvc - ok 22:08:26.0157 3428 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 22:08:26.0207 3428 ProtectedStorage - ok 22:08:26.0321 3428 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 22:08:26.0344 3428 PSched - ok 22:08:26.0500 3428 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 22:08:26.0570 3428 ql2300 - ok 22:08:26.0618 3428 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 22:08:26.0638 3428 ql40xx - ok 22:08:26.0740 3428 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 22:08:26.0916 3428 QWAVE - ok 22:08:26.0953 3428 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:08:27.0018 3428 QWAVEdrv - ok 22:08:27.0087 3428 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:08:27.0137 3428 RasAcd - ok 22:08:27.0183 3428 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 22:08:27.0288 3428 RasAuto - ok 22:08:27.0360 3428 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:08:27.0390 3428 Rasl2tp - ok 22:08:27.0455 3428 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 22:08:27.0598 3428 RasMan - ok 22:08:27.0656 3428 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:08:27.0717 3428 RasPppoe - ok 22:08:27.0793 3428 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:08:27.0815 3428 RasSstp - ok 22:08:27.0875 3428 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:08:27.0958 3428 rdbss - ok 22:08:28.0007 3428 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:08:28.0102 3428 RDPCDD - ok 22:08:28.0141 3428 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 22:08:28.0189 3428 rdpdr - ok 22:08:28.0197 3428 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:08:28.0243 3428 RDPENCDD - ok 22:08:28.0423 3428 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:08:28.0482 3428 RDPWD - ok 22:08:28.0530 3428 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:08:28.0644 3428 RemoteAccess - ok 22:08:28.0697 3428 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:08:28.0842 3428 RemoteRegistry - ok 22:08:28.0949 3428 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe 22:08:28.0964 3428 RichVideo - ok 22:08:29.0042 3428 [ DED01A389926A89540B82373E4C550EE ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys 22:08:29.0099 3428 rimmptsk - ok 22:08:29.0106 3428 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys 22:08:29.0178 3428 rimsptsk - ok 22:08:29.0231 3428 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 22:08:29.0386 3428 RpcLocator - ok 22:08:29.0496 3428 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 22:08:29.0583 3428 RpcSs - ok 22:08:29.0640 3428 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:08:29.0675 3428 rspndr - ok 22:08:29.0774 3428 [ 5C5612756B380BCEDBF566A780FF9AFE ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys 22:08:29.0891 3428 RTL8023xp - ok 22:08:29.0921 3428 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 22:08:29.0979 3428 SamSs - ok 22:08:30.0126 3428 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:08:30.0144 3428 sbp2port - ok 22:08:30.0237 3428 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:08:30.0363 3428 SCardSvr - ok 22:08:30.0693 3428 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 22:08:30.0888 3428 Schedule - ok 22:08:30.0922 3428 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 22:08:30.0953 3428 SCPolicySvc - ok 22:08:31.0041 3428 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 22:08:31.0066 3428 sdbus - ok 22:08:31.0114 3428 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:08:31.0325 3428 SDRSVC - ok 22:08:31.0373 3428 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:08:31.0438 3428 secdrv - ok 22:08:31.0502 3428 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 22:08:31.0597 3428 seclogon - ok 22:08:31.0627 3428 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 22:08:31.0742 3428 SENS - ok 22:08:31.0825 3428 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 22:08:31.0872 3428 Serenum - ok 22:08:31.0906 3428 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 22:08:32.0026 3428 Serial - ok 22:08:32.0063 3428 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 22:08:32.0128 3428 sermouse - ok 22:08:32.0215 3428 [ 56EB980DA71B94B79A341615C3C256CF ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 22:08:32.0325 3428 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 22:08:32.0325 3428 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 22:08:32.0411 3428 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 22:08:32.0553 3428 SessionEnv - ok 22:08:32.0608 3428 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:08:32.0683 3428 sffdisk - ok 22:08:32.0725 3428 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:08:32.0817 3428 sffp_mmc - ok 22:08:32.0845 3428 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:08:32.0924 3428 sffp_sd - ok 22:08:32.0952 3428 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 22:08:32.0992 3428 sfloppy - ok 22:08:33.0056 3428 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:08:33.0160 3428 SharedAccess - ok 22:08:33.0291 3428 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:08:33.0431 3428 ShellHWDetection - ok 22:08:33.0471 3428 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 22:08:33.0489 3428 sisagp - ok 22:08:33.0517 3428 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 22:08:33.0534 3428 SiSRaid2 - ok 22:08:33.0554 3428 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 22:08:33.0572 3428 SiSRaid4 - ok 22:08:33.0872 3428 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 22:08:34.0243 3428 slsvc - ok 22:08:34.0288 3428 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 22:08:34.0400 3428 SLUINotify - ok 22:08:34.0474 3428 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:08:34.0557 3428 Smb - ok 22:08:34.0831 3428 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys 22:08:35.0069 3428 smserial - ok 22:08:35.0126 3428 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:08:35.0272 3428 SNMPTRAP - ok 22:08:35.0384 3428 [ 8F6838AEEBC79E8898C2065D969C47CC ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 22:08:35.0608 3428 SNP2UVC - ok 22:08:35.0667 3428 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 22:08:35.0688 3428 spldr - ok 22:08:35.0713 3428 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 22:08:35.0820 3428 Spooler - ok 22:08:35.0952 3428 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 22:08:36.0111 3428 srv - ok 22:08:36.0183 3428 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:08:36.0271 3428 srv2 - ok 22:08:36.0350 3428 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:08:36.0396 3428 srvnet - ok 22:08:36.0493 3428 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:08:36.0601 3428 SSDPSRV - ok 22:08:36.0662 3428 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 22:08:36.0676 3428 ssmdrv - ok 22:08:36.0766 3428 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:08:36.0845 3428 SstpSvc - ok 22:08:36.0946 3428 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 22:08:37.0133 3428 stisvc - ok 22:08:37.0215 3428 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 22:08:37.0232 3428 swenum - ok 22:08:37.0412 3428 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 22:08:37.0592 3428 swprv - ok 22:08:37.0963 3428 [ 438FAFE708C93B2236FC26B6F2BD5FD0 ] Symantec Core LC C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe 22:08:38.0162 3428 Symantec Core LC - ok 22:08:38.0229 3428 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 22:08:38.0252 3428 Symc8xx - ok 22:08:38.0346 3428 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 22:08:38.0363 3428 Sym_hi - ok 22:08:38.0435 3428 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 22:08:38.0451 3428 Sym_u3 - ok 22:08:38.0510 3428 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 22:08:38.0530 3428 SynTP - ok 22:08:38.0678 3428 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 22:08:38.0886 3428 SysMain - ok 22:08:38.0971 3428 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:08:39.0084 3428 TabletInputService - ok 22:08:39.0153 3428 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:08:39.0343 3428 TapiSrv - ok 22:08:39.0397 3428 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 22:08:39.0507 3428 TBS - ok 22:08:39.0662 3428 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:08:39.0743 3428 Tcpip - ok 22:08:39.0807 3428 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 22:08:39.0852 3428 Tcpip6 - ok 22:08:39.0921 3428 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:08:39.0977 3428 tcpipreg - ok 22:08:40.0021 3428 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:08:40.0110 3428 TDPIPE - ok 22:08:40.0136 3428 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:08:40.0197 3428 TDTCP - ok 22:08:40.0257 3428 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:08:40.0283 3428 tdx - ok 22:08:40.0678 3428 [ B357451A6958E2B7B506FB1D08271BE6 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe 22:08:40.0816 3428 TeamViewer6 - ok 22:08:40.0844 3428 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 22:08:40.0868 3428 TermDD - ok 22:08:40.0947 3428 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 22:08:41.0061 3428 TermService - ok 22:08:41.0096 3428 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 22:08:41.0176 3428 Themes - ok 22:08:41.0216 3428 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 22:08:41.0282 3428 THREADORDER - ok 22:08:41.0394 3428 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 22:08:41.0542 3428 TrkWks - ok 22:08:41.0681 3428 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:08:41.0784 3428 TrustedInstaller - ok 22:08:41.0824 3428 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:08:41.0883 3428 tssecsrv - ok 22:08:41.0919 3428 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 22:08:41.0973 3428 tunmp - ok 22:08:42.0038 3428 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:08:42.0067 3428 tunnel - ok 22:08:42.0095 3428 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:08:42.0113 3428 uagp35 - ok 22:08:42.0183 3428 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:08:42.0211 3428 udfs - ok 22:08:42.0295 3428 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:08:42.0405 3428 UI0Detect - ok 22:08:42.0484 3428 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:08:42.0502 3428 uliagpkx - ok 22:08:42.0556 3428 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 22:08:42.0578 3428 uliahci - ok 22:08:42.0628 3428 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 22:08:42.0646 3428 UlSata - ok 22:08:42.0677 3428 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 22:08:42.0695 3428 ulsata2 - ok 22:08:42.0751 3428 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:08:42.0832 3428 umbus - ok 22:08:42.0880 3428 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 22:08:42.0976 3428 upnphost - ok 22:08:43.0121 3428 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 22:08:43.0150 3428 usbaudio - ok 22:08:43.0234 3428 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:08:43.0277 3428 usbccgp - ok 22:08:43.0468 3428 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:08:43.0528 3428 usbcir - ok 22:08:43.0619 3428 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:08:43.0658 3428 usbehci - ok 22:08:43.0681 3428 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:08:43.0751 3428 usbhub - ok 22:08:43.0796 3428 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:08:43.0913 3428 usbohci - ok 22:08:43.0950 3428 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys 22:08:43.0998 3428 usbprint - ok 22:08:44.0098 3428 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:08:44.0156 3428 USBSTOR - ok 22:08:44.0234 3428 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:08:44.0358 3428 usbuhci - ok 22:08:44.0424 3428 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 22:08:44.0508 3428 usbvideo - ok 22:08:44.0597 3428 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 22:08:44.0729 3428 UxSms - ok 22:08:44.0786 3428 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 22:08:44.0968 3428 vds - ok 22:08:45.0014 3428 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:08:45.0073 3428 vga - ok 22:08:45.0100 3428 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 22:08:45.0139 3428 VgaSave - ok 22:08:45.0162 3428 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 22:08:45.0181 3428 viaagp - ok 22:08:45.0257 3428 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 22:08:45.0295 3428 ViaC7 - ok 22:08:45.0323 3428 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 22:08:45.0346 3428 viaide - ok 22:08:45.0391 3428 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:08:45.0414 3428 volmgr - ok 22:08:45.0457 3428 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:08:45.0485 3428 volmgrx - ok 22:08:45.0516 3428 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:08:45.0539 3428 volsnap - ok 22:08:45.0634 3428 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:08:45.0654 3428 vsmraid - ok 22:08:45.0929 3428 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 22:08:46.0180 3428 VSS - ok 22:08:46.0246 3428 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 22:08:46.0361 3428 W32Time - ok 22:08:46.0391 3428 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 22:08:46.0460 3428 WacomPen - ok 22:08:46.0511 3428 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 22:08:46.0570 3428 Wanarp - ok 22:08:46.0575 3428 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:08:46.0608 3428 Wanarpv6 - ok 22:08:46.0779 3428 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:08:46.0975 3428 wcncsvc - ok 22:08:47.0062 3428 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:08:47.0192 3428 WcsPlugInService - ok 22:08:47.0251 3428 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 22:08:47.0269 3428 Wd - ok 22:08:47.0281 3428 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:08:47.0392 3428 Wdf01000 - ok 22:08:47.0481 3428 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:08:47.0641 3428 WdiServiceHost - ok 22:08:47.0646 3428 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:08:47.0743 3428 WdiSystemHost - ok 22:08:47.0931 3428 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 22:08:48.0099 3428 WebClient - ok 22:08:48.0138 3428 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:08:48.0308 3428 Wecsvc - ok 22:08:48.0373 3428 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:08:48.0487 3428 wercplsupport - ok 22:08:48.0562 3428 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 22:08:48.0706 3428 WerSvc - ok 22:08:48.0808 3428 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 22:08:48.0825 3428 WinDefend - ok 22:08:48.0832 3428 WinHttpAutoProxySvc - ok 22:08:48.0923 3428 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:08:49.0195 3428 Winmgmt - ok 22:08:49.0299 3428 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 22:08:49.0504 3428 WinRM - ok 22:08:49.0631 3428 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 22:08:49.0773 3428 Wlansvc - ok 22:08:49.0850 3428 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 22:08:49.0954 3428 WmiAcpi - ok 22:08:50.0027 3428 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:08:50.0058 3428 wmiApSrv - ok 22:08:50.0277 3428 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 22:08:50.0370 3428 WMPNetworkSvc - ok 22:08:50.0430 3428 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:08:50.0610 3428 WPCSvc - ok 22:08:50.0671 3428 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:08:50.0761 3428 WPDBusEnum - ok 22:08:51.0300 3428 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 22:08:51.0435 3428 WPFFontCache_v0400 - ok 22:08:51.0557 3428 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:08:51.0596 3428 ws2ifsl - ok 22:08:51.0710 3428 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 22:08:51.0871 3428 wscsvc - ok 22:08:51.0876 3428 WSearch - ok 22:08:51.0976 3428 [ 67C1BCCCB4B59552BD62827F812A3A8B ] WTGService C:\Program Files\XSManager\WTGService.exe 22:08:51.0992 3428 WTGService - ok 22:08:52.0320 3428 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 22:08:52.0564 3428 wuauserv - ok 22:08:52.0636 3428 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:08:52.0667 3428 WUDFRd - ok 22:08:52.0727 3428 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:08:52.0852 3428 wudfsvc - ok 22:08:52.0909 3428 [ 4A8DE57515970066E1AFC562CBE818C7 ] XS Stick Service C:\Windows\service4g.exe 22:08:52.0924 3428 XS Stick Service - ok 22:08:52.0991 3428 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 22:08:53.0040 3428 yukonwlh - ok 22:08:53.0049 3428 ================ Scan global =============================== 22:08:53.0189 3428 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 22:08:53.0274 3428 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 22:08:53.0392 3428 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 22:08:53.0583 3428 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 22:08:53.0649 3428 [Global] - ok 22:08:53.0650 3428 ================ Scan MBR ================================== 22:08:53.0703 3428 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 22:08:55.0542 3428 \Device\Harddisk0\DR0 - ok 22:08:55.0543 3428 ================ Scan VBR ================================== 22:08:55.0595 3428 [ 0E816802626907FD0E91537FA5C04B18 ] \Device\Harddisk0\DR0\Partition1 22:08:55.0601 3428 \Device\Harddisk0\DR0\Partition1 - ok 22:08:55.0652 3428 [ 1808A730A8414488CA714A381EA7DA8A ] \Device\Harddisk0\DR0\Partition2 22:08:55.0658 3428 \Device\Harddisk0\DR0\Partition2 - ok 22:08:55.0659 3428 ============================================================ 22:08:55.0659 3428 Scan finished 22:08:55.0659 3428 ============================================================ 22:08:55.0676 5968 Detected object count: 7 22:08:55.0676 5968 Actual detected object count: 7 22:09:53.0630 5968 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user 22:09:53.0630 5968 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:09:53.0633 5968 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user 22:09:53.0633 5968 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:09:53.0638 5968 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user 22:09:53.0638 5968 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:09:53.0639 5968 Autodata Limited License Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:09:53.0639 5968 Autodata Limited License Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:09:53.0642 5968 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:09:53.0643 5968 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:09:53.0645 5968 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 22:09:53.0645 5968 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:09:53.0648 5968 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 22:09:53.0648 5968 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip --------------------------------- Sollte ich die Daten des Laptops auf eine externe Festplatte sichern oder ist der Laptop in dem Zustand noch zu retten?? Ich versteh aus den ganzen Dateien nicht wirklich was?!? Danke dir, schöne Grüße |
|
19.09.2012, 18:17
| #8 |
| /// Malware-holic | Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop nein der braucht nicht neu gemacht werden Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.09.2012, 07:33
| #9 |
| | Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop # AdwCleaner v2.002 - Datei am 09/20/2012 um 08:30:53 erstellt # Aktualisiert am 16/09/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # Benutzer : home - HOME-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\home\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Headlight Schlüssel Gefunden : HKLM\SOFTWARE\Software ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v9.0.1 (de) Profilname : default Datei : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\kfghossn.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [839 octets] - [20/09/2012 08:30:53] ########## EOF - C:\AdwCleaner[R1].txt - [898 octets] ########## Dieser Suchlauf ging ja ziemlich schnell?! Ist die Logdatei komplett?? Schöne Grüße! |
|
20.09.2012, 12:43
| #10 |
| /// Malware-holic | Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop hi
danach: lade den CCleaner standard: CCleaner Download - CCleaner 3.22.1800 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.10.2012, 11:40
| #11 |
| | Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop Hallo! Tut mir leid, dass ich erst sooo spät poste, aber ich hatte den Laptop in der Zwischenzeit nicht in Verwendung. Anbei die beiden Dateien. Bei den Programmen bin ich mir oft nicht sicher, für was diese sind oder wozu man sie benötigt?!? LG ----------------------------------------------- # AdwCleaner v2.002 - Datei am 10/21/2012 um 11:52:45 erstellt # Aktualisiert am 16/09/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # Benutzer : home - HOME-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\home\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Headlight Schlüssel Gelöscht : HKLM\SOFTWARE\Software ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v9.0.1 (de) Profilname : default Datei : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\kfghossn.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [966 octets] - [20/09/2012 08:30:53] AdwCleaner[S1].txt - [1157 octets] - [21/10/2012 11:52:45] ########## EOF - C:\AdwCleaner[S1].txt - [1217 octets] ########## --------------------------------------------------- Adobe Flash Player 11 Plugin Adobe Systems Incorporated 10.10.2012 11.4.402.287 NOTWENDIG Adobe Photoshop CS3 Adobe Systems Incorporated 24.08.2009 10.0 NOTWENDIG Adobe Reader 8.1.2 Adobe Systems Incorporated 27.03.2009 84,8MB 8.1.2 NOTWENDIG Apple Application Support Apple Inc. 20.08.2011 42,8MB 1.3.0 UNBEKANNT/UNNÖTIG Apple Mobile Device Support Apple Inc. 20.08.2011 19,9MB 3.1.0.62 UNBEKANNT/UNNÖTIG Apple Software Update Apple Inc. 20.08.2011 2,26MB 2.1.2.120 UNBEKANNT/UNNÖTIG ASUS Data Security Manager ASUS 27.03.2009 11,3MB 1.00.0007 UNBEKANNT/UNNÖTIG ASUS FancyStart ASUSTeK Computer Inc. 27.03.2009 10,6MB 1.0.1 UNBEKANNT/UNNÖTIG ASUS LifeFrame3 ASUS 27.03.2009 30,7MB 3.0.14 UNBEKANNT/UNNÖTIG ASUS Live Update ASUS 27.03.2009 0,46MB 2.5.6 UNBEKANNT/UNNÖTIG ASUS MultiFrame 27.03.2009 1,18MB 1.0.0018 UNBEKANNT/UNNÖTIG ASUS Power4Gear Hybrid ASUS 27.03.2009 8,11MB 1.1.10 UNBEKANNT/UNNÖTIG ASUS SmartLogon ASUS 27.03.2009 10,7MB 1.0.0005 UNBEKANNT/UNNÖTIG ASUS Splendid Video Enhancement Technology ASUS 27.03.2009 25,0MB 1.02.0021 UNBEKANNT/UNNÖTIG Asus_Camera_ScreenSaver ASUS 27.03.2009 2.0.0006 UNBEKANNT/UNNÖTIG Atheros Client Installation Program Atheros 27.03.2009 10,0MB 7.0 UNBEKANNT ATK Generic Function Service ATK 27.03.2009 0,45MB 1.00.0008 UNBEKANNT ATK Hotkey ASUS 27.03.2009 6,01MB 1.0.0040 UNBEKANNT ATKOSD2 ATK 27.03.2009 7,38MB 6.64.1.6 UNBEKANNT Avira AntiVir Personal - Free Antivirus Avira GmbH 12.03.2012 129,3MB 10.2.0.707 NOTWENDIG Bonjour Apple Inc. 20.08.2011 1,14MB 2.0.2.0 UNBEKANNT/UNNÖTIG CCleaner Piriform 10.02.2010 2,80MB 2.28 NOTWENDIG Cisco EAP-FAST Module Cisco Systems, Inc. 27.03.2009 1,04MB 2.1.6 UNBEKANNT Cisco LEAP Module Cisco Systems, Inc. 27.03.2009 1,04MB 1.0.12 UNBEKANNT Cisco PEAP Module Cisco Systems, Inc. 27.03.2009 0,85MB 1.0.13 UNBEKANNT Citrix Online Plug-in - Web Citrix Systems, Inc. 27.02.2012 16,1MB 12.1.0.30 UNNÖTIG CyberLink DVD Suite CyberLink Corp. 12.07.2009 9,63MB 5.0.2403 NOTWENDIG CyberLink Power2Go CyberLink Corp. 27.03.2009 122,2MB 6.0.1924 UNBEKANNT/UNNÖTIG DIE SIEDLER - Aufstieg eines Königreichs Ubisoft 14.03.2011 2.934,3MB 1.00.0000 UNNÖTIG DivX Plus Web Player DivX,Inc. 03.04.2010 8,52MB 2.0.0 UNBEKANNT Dropbox Dropbox, Inc. 16.06.2012 27,8MB 1.4.7 NOTWENDIG DTE 14.03.2010 3,72MB UNBEKANNT Express Gate devicevm 27.03.2009 622,4MB 0.8.8.9 UNBEKANNT EZ Vinyl/Tape Converter 7.4 by MixMeister MixMeister Technology LLC 20.08.2011 4,33MB UNNÖTIG Facebook Plug-In Facebook, Inc. 30.05.2010 6,26MB UNBEKANNT/UNNÖTIG FileZilla Client 3.3.1 10.02.2010 16,0MB 3.3.1 UNBEKANNT Intel(R) Graphics Media Accelerator Driver Intel Corporation 27.03.2009 UNBEKANNT Intel(R) TV Wizard 28.03.2009 UNBEKANNT/UNNÖTIG iTunes Apple Inc. 20.08.2011 161,7MB 9.2.1.5 UNBEKANNT/UNNÖTIG Java 2 Runtime Environment, SE v1.4.2 Sun Microsystems, Inc. 09.11.2009 78,5MB 1.4.2 UNBEKANNT Java(TM) 6 Update 25 Oracle 22.05.2011 94,7MB 6.0.250 UNBEKANNT Juniper Citrix Services Client Juniper Networks 27.02.2012 0,98MB 7.0.0.17289 UNBEKANNT/UNNÖTIG Juniper Networks Setup Client Juniper Networks 27.02.2012 1,98MB 2.2.4.9429 UNBEKANNT/UNNÖTIG Juniper Networks Setup Client Activex Control Juniper Networks 27.02.2012 2.1.1.1 UNBEKANNT/UNNÖTIG KompoZer 0.77 Thorsten Fritz 11.02.2010 22,3MB 0.77 UNBEKANNT/UNNÖTIG LabelPrint CyberLink Corp. 12.07.2009 86,4MB .2725 UNBEKANNT/UNNÖTIG LightScribe System Software 1.14.17.1 LightScribe 27.03.2009 21,0MB 1.14.17.1 UNBEKANNT/UNNÖTIG LiveUpdate (Symantec Corporation) Symantec Corporation 28.03.2009 3.4.1.232 UNBEKANNT/UNNÖTIG Malwarebytes Anti-Malware Version 1.65.0.1400 Malwarebytes Corporation 13.09.2012 12,8MB 1.65.0.1400 NOTWENDIG MediaShow CyberLink Corporation 12.07.2009 30,8MB 3.0.4325 UNBEKANNT/UNNÖTIG Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 01.09.2009 37,0MB UNBEKANNT Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 12.07.2009 37,0MB UNBEKANNT Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 120,3MB 4.0.30319 UNBEKANNT Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 24,5MB 4.0.30319 UNBEKANNT Microsoft Office XP Professional with FrontPage Microsoft Corporation 13.03.2010 229,5MB 10.0.2627.0 NOTWENDIG Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27.03.2009 0,41MB 8.0.56336 UNBEKANNT/UNNÖTIG Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 16.11.2009 0,58MB 9.0.30729 UNBEKANNT/UNNÖTIG Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.04.2011 0,58MB 9.0.30729.4148 UNBEKANNT/UNNÖTIG MOTORRAD Tourenplaner 2008/2009 08.08.2011 5.367,2MB NOTWENDIG Mozilla Firefox 9.0.1 (x86 de) Mozilla 18.01.2012 42,0MB 9.0.1 NOTWENDIG Netviewer Meet Netviewer AG 01.02.2010 5,75MB 1.0.0.33 NOTWENDIG Netviewer Support Netviewer AG 01.02.2010 4,83MB 1.0.0.33 NOTWENDIG Nokia Connectivity Cable Driver Nokia 21.07.2009 1,00MB 6.85.10.0 UNNÖTIG Nvu 1.0 Thorsten Fritz 11.02.2010 22,0MB 1.0 UNNÖTIG PC Connectivity Solution Nokia 21.07.2009 8,76MB 7.37.22.0 UNNÖTIG PDFCreator Frank Heindörfer, Philip Chinery 10.02.2010 21,2MB 0.9.9 NOTWENDIG PhotoNow! CyberLink Corp. 12.07.2009 1,70MB 1.0.4310 UNNÖTIG PowerDirector CyberLink Corp. 12.07.2009 278,0MB 6.0.1731b UNNÖTIG PowerDVD CyberLink Corporation 12.07.2009 97,8MB 7.0.3409.a UNNÖTIG PowerProducer CyberLink Corp. 12.07.2009 230,3MB UNNÖTIG QuickTime Apple Inc. 20.08.2011 73,8MB 7.66.73.0 UNBEKANNT/UNNÖTIG Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista Realtek 27.03.2009 0,62MB 1.00.0000 UNBEKANNT Realtek High Definition Audio Driver Realtek Semiconductor Corp. 27.03.2009 9,77MB 6.0.1.5764 UNBEKANNT RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03 RICOH 27.03.2009 3,56MB 3.55.03 UNBEKANNT Skype web features Skype Technologies S.A. 28.11.2009 4,34MB 1.0.3971 NOTWENDIG Skype™ 4.1 Skype Technologies S.A. 28.11.2009 31,1MB 4.1.179 NOTWENDIG Synaptics Pointing Device Driver Synaptics 27.03.2009 13,7MB 10.1.8.0 UNBEKANNT TeamViewer 6 TeamViewer GmbH 23.08.2011 15,6MB 6.0.11052 NOTWENDIG USB 2.0 1.3M UVC WebCam 27.03.2009 UNBEKANNT VLC media player 1.0.0 VideoLAN Team 16.07.2009 73,0MB 1.0.0 NOTWENDIG Windows-Treiberpaket - Nokia Modem (10/12/2007 3.6) Nokia 21.07.2009 10/12/2007 3.6 UNNÖTIG WinFlash 27.03.2009 1,37MB UNBEKANNT Wireless Console 2 ATK 27.03.2009 2,12MB 2.0.10 UNBEKANNT XSManager XSManager 22.11.2009 24,3MB 3.0 NOTWENDIG Zusatzmodul GPS-Tourenplaner MTP09 PTV Planung Transport Verkehr AG 08.08.2011 5.367,2MB 12.5 UNBEKANNT |
|
21.10.2012, 18:25
| #12 |
| /// Malware-holic | Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Citrix DIE SIEDLER EZ FileZilla iTunes Java : alle Download der kostenlosen Java-Software downloade java jre instalieren deinstaliere: Juniper : alle KompoZer LabelPrint LightScribe LiveUpdate MediaShow Mozilla : öffnen, hilfe, update, version 15 instalieren. deinstaliere: Nvu Nokia PC Connectivity PhotoNow PowerDirector PowerDVD PowerProducer QuickTime TeamViewer : 1. veraltet, 2. würde ich das nur bei bedarf instalieren. öffne otl. bereinigen, pc startet neu öffne ccleaner, analysieren, starten, pcneustarten. wenn er läuft wie gewünscht, absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: http://www.emsisoft.de/de/software/a...re/?id=5987352 insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.74 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop |
| beseitigen, crime, cyber, datei, hoffe, investigation, laptop, löschen?, malwarebytes, neu, pcs, polizei, polizei virus, poste, protokoll, quick, registriert, runtergeladen, stunde, unbeholfen, virus, vista, Österreich |
Linear-Darstellung
