| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.10.2012, 15:45
| #16 |
 |  T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? Done! Beitrag ist zu lang, deswegen hier Teil 1: aswMBR Log (.dat im Anhang) Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-16 21:41:08
-----------------------------
21:41:08.601 OS Version: Windows 5.1.2600 Service Pack 3
21:41:08.601 Number of processors: 1 586 0x1F00
21:41:08.601 ComputerName: DOCBASE UserName:
21:41:08.882 Initialize success
21:41:21.741 AVAST engine defs: 12101600
21:43:24.163 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:43:24.163 Disk 0 Vendor: SAMSUNG_SP2514N VF100-50 Size: 238475MB BusType: 3
21:43:24.194 Disk 0 MBR read successfully
21:43:24.194 Disk 0 MBR scan
21:43:24.241 Disk 0 Windows XP default MBR code
21:43:24.241 Disk 0 Partition - 00 0F Extended LBA 131061 MB offset 16065
21:43:24.257 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 107395 MB offset 268430085
21:43:24.272 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 123429 MB offset 16128
21:43:24.272 Disk 0 Partition - 00 05 Extended 7632 MB offset 252798840
21:43:24.288 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7632 MB offset 252798903
21:43:24.288 Disk 0 scanning sectors +488376000
21:43:24.319 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
21:43:24.335 Disk 0 scanning F:\WINDOWS\system32\drivers
21:43:34.960 Service scanning
21:43:47.491 Modules scanning
21:43:50.710 Disk 0 trace - called modules:
21:43:50.741 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
21:43:50.741 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87167030]
21:43:50.741 3 CLASSPNP.SYS[f75bcfd7] -> nt!IofCallDriver -> \Device\0000006e[0x87124e88]
21:43:50.741 5 ACPI.sys[f7432620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87168940]
21:43:51.038 AVAST engine scan F:\WINDOWS
21:44:00.960 AVAST engine scan F:\WINDOWS\system32
21:46:08.147 AVAST engine scan F:\WINDOWS\system32\drivers
21:46:23.163 AVAST engine scan F:\Dokumente und Einstellungen\Papa und Mama
21:48:53.538 AVAST engine scan F:\Dokumente und Einstellungen\All Users
21:49:41.132 Scan finished successfully
22:07:28.929 Disk 0 MBR has been saved successfully to "F:\Dokumente und Einstellungen\Papa und Mama\Desktop\MBR.dat"
22:07:28.929 The log file has been saved successfully to "F:\Dokumente und Einstellungen\Papa und Mama\Desktop\aswMBR.txt"
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-16 23:11:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP2514N rev.VF100-50
Running: cqnpk1k1.exe; Driver: F:\DOKUME~1\PAPAUN~1\LOKALE~1\Temp\uxldapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF557F824]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF557EDD0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF557F48A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xF5580062]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF5581C26]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF5581FA4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xF557E7BC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xF557FA10]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xF557FC18]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF557E5C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xF5580830]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xF5580A86]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF5581658]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF557F098]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF557F666]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xF5580052]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xF557E1F0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF557F332]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xF557E3F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xF5580C94]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xF55810E8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xF5580EA6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF55805C8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xF557FE76]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF5581944]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xF5580330]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF557F002]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF557F21E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xF557EBD2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF557E9C0]
---- Kernel code sections - GMER 1.0.15 ----
init F:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF6824900]
.text F:\WINDOWS\system32\drivers\SSHDRV86.sys section is writeable [0xF5500000, 0x26354, 0xE8000020]
.pklstb F:\WINDOWS\system32\drivers\SSHDRV86.sys entry point in ".pklstb" section [0xF5535000]
.relo2 F:\WINDOWS\system32\drivers\SSHDRV86.sys unknown last section [0xF554C000, 0x8E, 0x42000040]
? F:\DOKUME~1\PAPAUN~1\LOKALE~1\Temp\aswMBR.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text F:\WINDOWS\system32\atwtusb.exe[380] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\atwtusb.exe[380] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[380] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\csrss.exe[528] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 10001450 F:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\csrss.exe[528] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 100017F0 F:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\services.exe[604] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\services.exe[604] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\lsass.exe[616] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\lsass.exe[616] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[768] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\WTMKM.exe[832] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\WTMKM.exe[832] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[844] rpcss.dll!WhichService 76A34234 8 Bytes JMP ED501001
.text F:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[884] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 00533F00 F:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text F:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[884] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 0054D9A0 F:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[912] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[996] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1020] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[1036] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\SOUNDMAN.EXE[1076] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\SOUNDMAN.EXE[1076] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1080] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\brsvc01a.exe[1192] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brsvc01a.exe[1192] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\brss01a.exe[1212] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\brss01a.exe[1212] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\spoolsv.exe[1216] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\spoolsv.exe[1216] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[1288] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1364] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\bgsvcgen.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[1480] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[1524] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\CDBurnerXP\NMSAccessU.exe[1556] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[1620] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\System32\alg.exe[1652] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\System32\alg.exe[1652] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\wdfmgr.exe[1660] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\wdfmgr.exe[1660] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\atwtusb.exe[1716] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\atwtusb.exe[1716] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\Explorer.EXE[2032] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\Explorer.EXE[2032] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe[3016] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe[3848] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] ntdll.dll!NtClose 7C91CFEE 2 Bytes JMP 1001D080 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] ntdll.dll!NtClose + 3 7C91CFF1 2 Bytes [70, 93] {JO 0xffffffffffffff95}
.text F:\WINDOWS\system32\svchost.exe[3960] ntdll.dll!NtReplyWaitReceivePort 7C91DA8E 5 Bytes JMP 1002BB80 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] ntdll.dll!NtReplyWaitReceivePortEx 7C91DA9E 5 Bytes JMP 1002B860 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 10027DF0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 1001D1A0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] ADVAPI32.dll!CreateProcessAsUserW 77DBA8A9 5 Bytes JMP 10023A60 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] ADVAPI32.dll!CreateProcessAsUserA 77DE0CE8 5 Bytes JMP 10024390 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] RPCRT4.dll!RpcServerRegisterIfEx 77E6CD53 5 Bytes JMP 1001F060 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 10028BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] GDI32.dll!GetPixel 77EFB74C 5 Bytes JMP 10028990 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10029CC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text F:\WINDOWS\system32\svchost.exe[3960] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 10029BC0 F:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 488376003
---- Files - GMER 1.0.15 ----
File F:\Programme\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
File F:\Programme\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes
---- EOF - GMER 1.0.15 ----
|
|
17.10.2012, 15:47
| #17 |
| | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? uuuuuuund Teil 2
__________________OTL Log Code:
ATTFilter OTL logfile created on: 17.10.2012 15:34:50 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = F:\Dokumente und Einstellungen\Papa und Mama\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,23 Mb Total Physical Memory | 640,29 Mb Available Physical Memory | 62,57% Memory free 1,65 Gb Paging File | 1,37 Gb Available in Paging File | 82,70% Paging File free Paging file location(s): F:\pagefile.sys 768 1536 [binary data] %SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Programme Drive C: | 120,54 Gb Total Space | 4,45 Gb Free Space | 3,69% Space Free | Partition Type: NTFS Drive E: | 7,45 Gb Total Space | 7,12 Gb Free Space | 95,47% Space Free | Partition Type: NTFS Drive F: | 104,88 Gb Total Space | 72,17 Gb Free Space | 68,81% Space Free | Partition Type: NTFS Computer Name: DOCBASE | User Name: Papa und Mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.14 10:14:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Dokumente und Einstellungen\Papa und Mama\Desktop\OTL.exe PRC - [2012.03.11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- F:\Programme\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.01.26 08:45:58 | 000,870,120 | ---- | M] () -- F:\WINDOWS\system32\atwtusb.exe PRC - [2010.12.24 09:31:08 | 007,134,952 | ---- | M] () -- F:\WINDOWS\system32\WTMKM.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- F:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.09.22 15:44:28 | 000,150,040 | ---- | M] (Logitech Inc.) -- F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008.09.22 15:42:24 | 000,186,904 | ---- | M] (Logitech Inc.) -- F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2008.09.22 15:41:50 | 000,564,496 | ---- | M] () -- F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe PRC - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- F:\WINDOWS\system32\bgsvcgen.exe PRC - [2004.02.26 10:53:30 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\SOUNDMAN.EXE PRC - [2003.05.15 02:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2011.12.19 18:59:44 | 000,068,424 | ---- | M] () -- F:\Programme\COMODO\COMODO Internet Security\scanners\smart.cav MOD - [2011.01.26 08:45:58 | 000,870,120 | ---- | M] () -- F:\WINDOWS\system32\atwtusb.exe MOD - [2010.12.24 09:31:08 | 007,134,952 | ---- | M] () -- F:\WINDOWS\system32\WTMKM.exe MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- F:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2008.09.22 15:41:50 | 000,564,496 | ---- | M] () -- F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe MOD - [2003.05.15 04:15:50 | 000,753,664 | ---- | M] () -- F:\Programme\Adobe\Acrobat 6.0\Distillr\AdistRes.DEU ========== Services (SafeList) ========== SRV - [2012.10.05 09:51:08 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.22 11:06:08 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- F:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- F:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2011.01.26 08:45:58 | 000,870,120 | ---- | M] () [Auto | Running] -- F:\WINDOWS\system32\atwtusb.exe -- (WTService) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- F:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2008.09.22 15:44:28 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.09.22 15:42:24 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- F:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- F:\ComboFix\catchme.sys -- (catchme) DRV - [2012.03.11 21:13:48 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\inspect.sys -- (Inspect) DRV - [2012.03.11 21:13:46 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- F:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2012.03.11 21:13:46 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2012.03.11 21:13:44 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- F:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd) DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.08.20 12:38:24 | 000,006,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\walvhid.sys -- (vhidmini) DRV - [2009.03.08 13:15:14 | 000,006,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr) DRV - [2009.02.09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.02.09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.02.09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.02.09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.09.22 15:43:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.05.20 20:59:10 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2008.05.20 20:59:00 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) DRV - [2008.05.20 20:58:48 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.05.20 20:58:02 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008.03.06 20:51:02 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA) DRV - [2007.03.12 18:31:37 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86) DRV - [2006.09.18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) DRV - [2006.09.18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006.09.18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) DRV - [2006.09.18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) DRV - [2006.09.18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2006.09.18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2006.09.18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) DRV - [2006.07.31 02:02:00 | 000,264,704 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.03.13 18:35:28 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex) DRV - [2006.03.13 18:35:26 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2006.03.13 18:35:20 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm) DRV - [2006.03.13 18:35:18 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2006.03.13 18:35:12 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) DRV - [2004.08.19 01:21:00 | 000,189,568 | R--- | M] (Marvell) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2004.03.19 14:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2004.02.24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003.10.31 05:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid) DRV - [2003.07.02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2002.09.16 18:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2001.08.17 13:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase) DRV - [2001.08.17 13:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [2001.04.16 12:54:26 | 000,044,227 | ---- | M] (ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@nero.com) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\NeroCD2k.sys -- (NeroCd2k) DRV - [2000.07.24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- F:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\..\SearchScopes\{AFA52D00-0FE9-46AE-9AB6-10BD7A381ECF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBR_deDE276 IE - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: F:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: F:\Programme\DivX\DivX Plus Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: F:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: F:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: F:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: f:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: F:\Programme\Mozilla Firefox\components [2012.09.22 11:06:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: F:\Programme\Mozilla Firefox\plugins [2012.09.24 16:18:59 | 000,000,000 | ---D | M] [2008.09.16 19:32:22 | 000,000,000 | ---D | M] (No name found) -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Mozilla\Extensions [2012.07.30 21:00:42 | 000,000,000 | ---D | M] (No name found) -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Mozilla\Firefox\Profiles\9zciyatl.default\extensions [2012.06.22 11:35:33 | 000,109,964 | ---- | M] () (No name found) -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Mozilla\Firefox\Profiles\9zciyatl.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.07.10 14:35:21 | 000,123,385 | ---- | M] () (No name found) -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Mozilla\Firefox\Profiles\9zciyatl.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.07.30 21:00:42 | 000,741,958 | ---- | M] () (No name found) -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Mozilla\Firefox\Profiles\9zciyatl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2008.09.24 20:26:29 | 000,001,625 | ---- | M] () -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Mozilla\Firefox\Profiles\9zciyatl.default\searchplugins\dawanda.xml [2012.07.06 17:54:39 | 000,000,000 | ---D | M] (No name found) -- F:\Programme\Mozilla Firefox\extensions [2012.06.21 21:37:18 | 000,000,000 | ---D | M] (Java Console) -- F:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.05.31 02:49:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- F:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.09.22 11:06:11 | 000,266,720 | ---- | M] (Mozilla Foundation) -- F:\Programme\mozilla firefox\components\browsercomps.dll [2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- F:\Programme\mozilla firefox\plugins\npwachk.dll [2012.07.06 17:54:28 | 000,001,392 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.22 11:05:43 | 000,002,465 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\bing.xml [2012.07.06 17:54:28 | 000,001,153 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.07.06 17:54:28 | 000,006,805 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.06 17:54:28 | 000,001,178 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.06 17:54:28 | 000,001,105 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.16 19:55:43 | 000,000,027 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [COMODO Internet Security] F:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [LogitechCommunicationsManager] F:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [MacrokeyManager] F:\WINDOWS\System32\WTMKM.exe () O4 - HKLM..\Run: [SoundMan] F:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1614895754-1993962763-725345543-1003..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.) O4 - Startup: F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = F:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - AppInit_DLLs: (F:\WINDOWS\system32\guard32.dll) - F:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: F:\Dokumente und Einstellungen\Papa und Mama\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: F:\Dokumente und Einstellungen\Papa und Mama\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.02.14 00:44:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.16 21:34:05 | 004,731,392 | ---- | C] (AVAST Software) -- F:\Dokumente und Einstellungen\Papa und Mama\Desktop\aswMBR.exe [2012.10.16 21:34:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- F:\Dokumente und Einstellungen\Papa und Mama\Desktop\OTL.exe [2012.10.16 19:53:31 | 000,000,000 | ---D | C] -- F:\WINDOWS\temp [2012.10.16 19:45:51 | 004,981,258 | R--- | C] (Swearware) -- F:\Dokumente und Einstellungen\Papa und Mama\Desktop\ComboFix.exe [2012.10.14 21:33:41 | 000,000,000 | ---D | C] -- F:\TDSSKiller_Quarantine [2012.10.13 19:32:18 | 000,000,000 | RHSD | C] -- F:\cmdcons [2012.10.13 19:29:22 | 000,518,144 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe [2012.10.13 19:29:22 | 000,406,528 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe [2012.10.13 19:29:22 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe [2012.10.13 19:29:22 | 000,060,416 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe [2012.10.13 19:20:36 | 000,000,000 | ---D | C] -- F:\Qoobox [2012.10.13 19:20:13 | 000,000,000 | R--D | C] -- F:\Dokumente und Einstellungen\Papa und Mama\Eigene Dateien\Eigene Videos [2012.10.13 19:20:12 | 000,000,000 | R--D | C] -- F:\Dokumente und Einstellungen\Papa und Mama\Startmenü\Programme\Verwaltung [2012.10.13 19:19:26 | 000,000,000 | ---D | C] -- F:\WINDOWS\erdnt [2012.10.13 11:53:24 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Malwarebytes [2012.10.13 11:53:14 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.10.13 11:53:13 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.13 11:53:12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys [2012.10.13 11:53:12 | 000,000,000 | ---D | C] -- F:\Programme\Malwarebytes' Anti-Malware [2012.10.13 11:47:56 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Papa und Mama\Eigene Dateien\Anti-Rootkit [2012.10.10 18:00:08 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos [2012.10.08 20:41:56 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PrintMe Internet Printing [2012.10.08 20:38:46 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Papa und Mama\Eigene Dateien\Eigene eBooks [2012.09.27 09:13:59 | 000,000,000 | R--D | C] -- F:\Dokumente und Einstellungen\Papa und Mama\Eigene Dateien\Eigene Bilder [2012.09.24 16:23:27 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Foxit Software [2012.09.24 16:21:45 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Foxit Reader [2012.09.24 16:21:42 | 000,000,000 | ---D | C] -- F:\Programme\Foxit Reader [2012.09.24 15:53:32 | 000,000,000 | ---D | C] -- F:\VritualRoot [2012.09.24 15:36:43 | 000,000,000 | ---D | C] -- F:\Programme\MSECache [2012.09.23 11:35:57 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\COMODO [2012.09.23 11:35:39 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Comodo [2012.09.23 11:35:34 | 000,000,000 | ---D | C] -- F:\Programme\COMODO [2007.02.14 16:50:34 | 005,971,432 | ---- | C] (Mozilla) -- F:\Programme\Firefox Setup 2.0.0.1.exe [5 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ] [1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.17 15:35:46 | 000,000,434 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{880AD5C7-21D4-4BBC-9448-39A83A7BC511}.job [2012.10.17 15:34:11 | 000,001,086 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.10.17 15:34:06 | 1073,008,640 | -HS- | M] () -- F:\hiberfil.sys [2012.10.17 15:34:06 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat [2012.10.17 15:34:05 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\drivers\lvuvc.hs [2012.10.17 15:34:03 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\drivers\logiflt.iad [2012.10.16 22:51:01 | 000,000,884 | ---- | M] () -- F:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.16 22:24:17 | 000,001,090 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.10.16 22:07:28 | 000,000,512 | ---- | M] () -- F:\Dokumente und Einstellungen\Papa und Mama\Desktop\MBR.dat [2012.10.16 19:55:43 | 000,000,027 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts [2012.10.16 19:44:54 | 004,981,258 | R--- | M] (Swearware) -- F:\Dokumente und Einstellungen\Papa und Mama\Desktop\ComboFix.exe [2012.10.16 19:42:03 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl [2012.10.14 22:02:03 | 001,474,832 | ---- | M] () -- F:\WINDOWS\System32\drivers\sfi.dat [2012.10.14 10:14:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Dokumente und Einstellungen\Papa und Mama\Desktop\OTL.exe [2012.10.13 19:32:21 | 000,000,327 | RHS- | M] () -- F:\boot.ini [2012.10.13 11:06:36 | 004,731,392 | ---- | M] (AVAST Software) -- F:\Dokumente und Einstellungen\Papa und Mama\Desktop\aswMBR.exe [2012.10.10 22:51:00 | 000,302,592 | ---- | M] () -- F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe [2012.10.10 15:56:18 | 000,001,393 | ---- | M] () -- F:\WINDOWS\imsins.BAK [2012.10.09 15:37:33 | 000,188,200 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT [2012.10.08 20:41:56 | 000,001,810 | ---- | M] () -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk [2012.10.08 20:41:56 | 000,001,726 | ---- | M] () -- F:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 6.0 Professional.lnk [2012.09.23 11:35:57 | 000,001,625 | ---- | M] () -- F:\Dokumente und Einstellungen\All Users\Desktop\COMODO Internet Security.lnk [5 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ] [1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.16 22:07:28 | 000,000,512 | ---- | C] () -- F:\Dokumente und Einstellungen\Papa und Mama\Desktop\MBR.dat [2012.10.16 21:34:05 | 000,302,592 | ---- | C] () -- F:\Dokumente und Einstellungen\Papa und Mama\Desktop\cqnpk1k1.exe [2012.10.13 19:32:21 | 000,000,210 | ---- | C] () -- F:\Boot.bak [2012.10.13 19:32:19 | 000,262,448 | RHS- | C] () -- F:\cmldr [2012.10.13 19:29:22 | 000,256,000 | ---- | C] () -- F:\WINDOWS\PEV.exe [2012.10.13 19:29:22 | 000,208,896 | ---- | C] () -- F:\WINDOWS\MBR.exe [2012.10.13 19:29:22 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe [2012.10.13 19:29:22 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe [2012.10.13 19:29:22 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe [2012.10.08 20:41:56 | 000,001,810 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk [2012.10.08 20:41:56 | 000,001,726 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 6.0 Professional.lnk [2012.09.23 11:38:44 | 001,474,832 | ---- | C] () -- F:\WINDOWS\System32\drivers\sfi.dat [2012.09.23 11:35:57 | 000,001,625 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Desktop\COMODO Internet Security.lnk [2012.06.23 10:56:50 | 000,003,072 | ---- | C] () -- F:\WINDOWS\System32\iacenc.dll [2011.10.08 13:06:52 | 000,005,504 | ---- | C] () -- F:\WINDOWS\System32\drivers\StarOpen.sys [2011.07.26 07:43:58 | 000,010,525 | ---- | C] () -- F:\WINDOWS\System32\Default_3.ini [2011.07.26 07:43:58 | 000,010,283 | ---- | C] () -- F:\WINDOWS\System32\Default_2.ini [2011.07.26 07:43:58 | 000,009,917 | ---- | C] () -- F:\WINDOWS\System32\Default_1.ini [2011.07.26 07:43:58 | 000,000,738 | ---- | C] () -- F:\WINDOWS\System32\MKProfile.ini [2011.07.26 07:43:56 | 000,870,120 | ---- | C] () -- F:\WINDOWS\System32\atwtusb.exe [2011.07.26 07:43:51 | 007,134,952 | ---- | C] () -- F:\WINDOWS\System32\WTMKM.exe [2011.07.26 07:43:49 | 000,045,056 | ---- | C] () -- F:\WINDOWS\System32\InstallService.exe [2011.07.26 07:43:45 | 003,683,560 | ---- | C] () -- F:\WINDOWS\System32\Control Panel_Betteryless.exe [2011.07.26 07:43:44 | 000,148,200 | ---- | C] () -- F:\WINDOWS\System32\Calibration.exe [2011.07.26 07:43:39 | 000,835,072 | ---- | C] () -- F:\WINDOWS\RmTablet.exe [2011.07.26 07:43:39 | 000,010,708 | ---- | C] () -- F:\WINDOWS\System32\aiptbl.ini [2010.11.27 13:46:47 | 000,024,903 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern3.dat [2010.11.27 13:46:47 | 000,021,390 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern5.dat [2010.11.27 13:46:47 | 000,011,811 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern4.dat [2010.11.27 13:46:47 | 000,004,943 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern6.dat [2010.11.27 13:46:47 | 000,001,146 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_DU.dat [2010.11.27 13:46:47 | 000,001,139 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_PT.dat [2010.11.27 13:46:47 | 000,001,139 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_BP.dat [2010.11.27 13:46:47 | 000,001,136 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_ES.dat [2010.11.27 13:46:47 | 000,001,129 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_FR.dat [2010.11.27 13:46:47 | 000,001,129 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_CF.dat [2010.11.27 13:46:47 | 000,001,120 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_IT.dat [2010.11.27 13:46:47 | 000,001,107 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_GE.dat [2010.11.27 13:46:47 | 000,001,104 | ---- | C] () -- F:\WINDOWS\System32\EPPICPresetData_EN.dat [2010.11.27 13:46:46 | 000,031,053 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern131.dat [2010.11.27 13:46:46 | 000,027,417 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern121.dat [2010.11.27 13:46:46 | 000,020,148 | ---- | C] () -- F:\WINDOWS\System32\EPPICPattern2.dat [2008.03.19 21:55:53 | 000,000,349 | ---- | C] () -- F:\Dokumente und Einstellungen\Papa und Mama\Schlecker_Fotoservice.exe [2007.09.10 12:54:52 | 000,000,305 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.03.01 19:17:16 | 000,025,600 | ---- | C] () -- F:\Dokumente und Einstellungen\Papa und Mama\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2010.11.27 13:39:59 | 000,000,227 | RHS- | M] () -- F:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.10.08 13:06:59 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2012.05.10 19:47:27 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2011.09.22 22:04:39 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG [2009.06.16 14:58:14 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN [2009.12.28 11:03:51 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.12.28 11:20:38 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.11.27 13:52:34 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic [2007.02.14 17:03:09 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Propellerhead Software [2012.10.10 18:00:08 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos [2011.07.26 07:43:58 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tablet [2007.08.17 14:43:43 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2011.08.06 19:40:03 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Album Shaper [2012.06.22 12:29:25 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Auslogics [2011.10.08 13:06:59 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Canneverbe Limited [2007.03.12 18:31:44 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\capella-software [2012.06.22 12:53:02 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\CheckPoint [2012.10.14 11:15:43 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Dropbox [2008.02.17 20:27:01 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\EPSON [2011.09.22 22:04:39 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\fotobuch.de AG [2012.09.24 16:23:27 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Foxit Software [2010.10.21 16:32:51 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\GARMIN [2011.10.16 09:38:30 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\ICQ [2007.02.28 14:45:19 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\ICQLite [2007.03.27 11:28:26 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\iScreensaver [2008.06.15 20:32:55 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\KeySafe [2008.01.01 17:25:09 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Leadertech [2009.12.28 11:24:22 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\MyPhoneExplorer [2011.01.08 12:56:32 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Notepad++ [2011.08.06 19:06:11 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Presenter [2008.02.17 20:26:04 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Smart Panel [2007.08.17 14:46:57 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Teleca [2011.03.29 15:20:54 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Papa und Mama\Anwendungsdaten\Uniblue ========== Purity Check ========== < End of report > |
|
17.10.2012, 16:35
| #18 | ||
| /// TB-Ausbilder  | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? Okay. Wir müssen den MBR fixen. Das geht normalerweise gut, muss es aber nicht. Daher bitte alle wichtigen Daten sicher bevor es los geht.
__________________Schritt 1: MBR-Fix
Schritt 2: Scan mit aswMBR Schritt 3: Scan mit Combofix
__________________ |
|
17.10.2012, 21:11
| #19 |
| | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? So, scheint noch nicht von Erfolg gekrönt gewesen zu sein: aswMBR Log Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-17 21:53:36
-----------------------------
21:53:36.640 OS Version: Windows 5.1.2600 Service Pack 3
21:53:36.640 Number of processors: 1 586 0x1F00
21:53:36.640 ComputerName: DOCBASE UserName:
21:53:36.984 Initialize success
21:53:54.687 AVAST engine defs: 12101600
21:53:56.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:53:56.203 Disk 0 Vendor: SAMSUNG_SP2514N VF100-50 Size: 238475MB BusType: 3
21:53:56.234 Disk 0 MBR read successfully
21:53:56.234 Disk 0 MBR scan
21:53:56.265 Disk 0 Windows XP default MBR code
21:53:56.265 Disk 0 Partition - 00 0F Extended LBA 131061 MB offset 16065
21:53:56.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 107395 MB offset 268430085
21:53:56.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 123429 MB offset 16128
21:53:56.296 Disk 0 Partition - 00 05 Extended 7632 MB offset 252798840
21:53:56.312 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7632 MB offset 252798903
21:53:56.312 Disk 0 scanning sectors +488376000
21:53:56.343 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
21:53:56.375 Disk 0 scanning F:\WINDOWS\system32\drivers
21:54:10.796 Service scanning
21:54:33.156 Modules scanning
21:54:38.015 Disk 0 trace - called modules:
21:54:38.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
21:54:38.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87167030]
21:54:38.031 3 CLASSPNP.SYS[f75bcfd7] -> nt!IofCallDriver -> \Device\0000006e[0x87124e88]
21:54:38.031 5 ACPI.sys[f7432620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87168940]
21:54:38.328 AVAST engine scan F:\WINDOWS
21:54:49.906 AVAST engine scan F:\WINDOWS\system32
21:56:49.437 AVAST engine scan F:\WINDOWS\system32\drivers
21:57:03.406 AVAST engine scan F:\Dokumente und Einstellungen\Papa und Mama
21:59:41.875 AVAST engine scan F:\Dokumente und Einstellungen\All Users
22:00:27.203 Scan finished successfully
22:00:55.734 Disk 0 MBR has been saved successfully to "F:\Dokumente und Einstellungen\Papa und Mama\Desktop\MBR.dat"
22:00:55.734 The log file has been saved successfully to "F:\Dokumente und Einstellungen\Papa und Mama\Desktop\aswMBR Log 17.10.12.txt"
Code:
ATTFilter ComboFix 12-10-17.05 - Papa und Mama 17.10.2012 22:02:30.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.544 [GMT 2:00]
ausgeführt von:: f:\dokumente und einstellungen\Papa und Mama\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-17 bis 2012-10-17 ))))))))))))))))))))))))))))))
.
.
2012-10-14 19:33 . 2012-10-14 19:33 -------- d-----w- F:\TDSSKiller_Quarantine
2012-10-13 09:53 . 2012-10-13 09:53 -------- d-----w- f:\dokumente und einstellungen\Papa und Mama\Anwendungsdaten\Malwarebytes
2012-10-13 09:53 . 2012-10-13 09:53 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-10-13 09:53 . 2012-10-13 09:53 -------- d-----w- f:\programme\Malwarebytes' Anti-Malware
2012-10-13 09:53 . 2012-09-07 15:04 22856 ----a-w- f:\windows\system32\drivers\mbam.sys
2012-10-10 16:00 . 2012-10-10 16:00 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Sophos
2012-09-24 14:23 . 2012-09-24 14:23 -------- d-----w- f:\dokumente und einstellungen\Papa und Mama\Anwendungsdaten\Foxit Software
2012-09-24 14:21 . 2012-09-24 14:22 -------- d-----w- f:\programme\Foxit Reader
2012-09-24 13:53 . 2012-09-24 13:53 -------- d-----w- F:\VritualRoot
2012-09-24 13:36 . 2012-09-24 13:36 -------- d-----w- f:\programme\MSECache
2012-09-23 09:38 . 2012-10-14 20:02 1474832 ----a-w- f:\windows\system32\drivers\sfi.dat
2012-09-23 09:35 . 2012-10-10 20:00 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Comodo
2012-09-23 09:35 . 2012-09-23 09:35 -------- d-----w- f:\programme\COMODO
2012-09-22 09:06 . 2012-09-22 09:06 73696 ----a-w- f:\programme\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-05 07:51 . 2012-05-31 00:45 696240 ----a-w- f:\windows\system32\FlashPlayerApp.exe
2012-10-05 07:51 . 2011-07-28 06:40 73136 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:05 . 2004-08-03 22:57 916992 ----a-w- f:\windows\system32\wininet.dll
2012-08-28 15:05 . 2004-08-03 22:58 1469440 ------w- f:\windows\system32\inetcpl.cpl
2012-08-28 15:05 . 2004-08-03 22:57 43520 ------w- f:\windows\system32\licmgr10.dll
2012-08-28 12:07 . 2004-08-03 22:42 385024 ------w- f:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-03 22:57 177664 ----a-w- f:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2004-08-04 00:50 2071936 ----a-w- f:\windows\system32\ntkrnlpa.exe
2012-08-23 06:26 . 2004-08-03 22:50 2195200 ----a-w- f:\windows\system32\ntoskrnl.exe
2007-02-14 14:50 . 2007-02-14 14:50 5971432 ----a-w- f:\programme\Firefox Setup 2.0.0.1.exe
2012-09-22 09:06 . 2011-05-19 16:14 266720 ----a-w- f:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- f:\dokumente und einstellungen\Papa und Mama\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- f:\dokumente und einstellungen\Papa und Mama\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- f:\dokumente und einstellungen\Papa und Mama\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- f:\dokumente und einstellungen\Papa und Mama\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacrokeyManager"="WTMKM.exe" [2010-12-24 7134952]
"QuickTime Task"="f:\programme\QuickTime\qttask.exe" [2007-02-16 282624]
"SunJavaUpdateSched"="f:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"LogitechCommunicationsManager"="f:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2008-09-22 564496]
"COMODO Internet Security"="f:\programme\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
f:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Acrobat Assistant.lnk - f:\programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=f:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"IswSvc"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"AntiVirService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Programme\\ICQ6.5\\ICQ.exe"=
"f:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\GRILLI\\Photoalbum\\fotobuch.de\\Designer 2.0\\Designer.exe"=
"f:\\Dokumente und Einstellungen\\Papa und Mama\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 viasraid;viasraid;f:\windows\system32\drivers\viasraid.sys [08.03.2007 17:58 77312]
R1 cmderd;COMODO Internet Security Eradication Driver;f:\windows\system32\drivers\cmderd.sys [11.03.2012 21:13 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;f:\windows\system32\drivers\cmdGuard.sys [11.03.2012 21:13 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;f:\windows\system32\drivers\cmdhlp.sys [11.03.2012 21:13 31704]
R1 SSHDRV86;SSHDRV86;f:\windows\system32\drivers\SSHDRV86.sys [12.03.2007 18:31 81408]
R2 WTService;WTService;f:\windows\system32\atwtusb.exe -s --> f:\windows\system32\atwtusb.exe -s [?]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;f:\windows\system32\drivers\avmwan.sys [14.02.2007 00:17 37568]
R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI v2.0;f:\windows\system32\drivers\fpcibase.sys [14.02.2007 00:17 444416]
R3 NeroCd2k;NeroCd2k;f:\windows\system32\drivers\NeroCD2k.sys [16.04.2001 12:54 44227]
S2 gupdate1c9ea9a95520194;Google Update Service (gupdate1c9ea9a95520194);f:\programme\Google\Update\GoogleUpdate.exe [11.06.2009 15:43 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31.05.2012 02:45 250288]
S3 FWLANUSB;AVM FRITZ!WLAN;f:\windows\system32\drivers\fwlanusb.sys [14.02.2007 15:46 264704]
S3 gupdatem;Google Update-Dienst (gupdatem);f:\programme\Google\Update\GoogleUpdate.exe [11.06.2009 15:43 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;f:\programme\Mozilla Maintenance Service\maintenanceservice.exe [06.05.2012 12:19 114144]
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-17 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 07:51]
.
2012-08-16 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\programme\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
2012-10-17 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\programme\Google\Update\GoogleUpdate.exe [2009-06-11 13:43]
.
2012-10-17 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\programme\Google\Update\GoogleUpdate.exe [2009-06-11 13:43]
.
2012-10-17 f:\windows\Tasks\User_Feed_Synchronization-{880AD5C7-21D4-4BBC-9448-39A83A7BC511}.job
- f:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - f:\dokumente und einstellungen\Papa und Mama\Anwendungsdaten\Mozilla\Firefox\Profiles\9zciyatl.default\
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN113545810186885-1025&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=cabb7ceb0000000000000011d8b18e1c&q=
FF - user.js: extensions.zonealarm.id - cabb7ceb0000000000000011d8b18e1c
FF - user.js: extensions.zonealarm.instlDay - 15513
FF - user.js: extensions.zonealarm.vrsn - 1.5.24.4
FF - user.js: extensions.zonealarm.vrsni - 1.5.24.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.24.418:30
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN113545810186885-1025
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-17 22:06
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
f:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(616)
f:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3280)
f:\windows\system32\guard32.dll
f:\dokumente und einstellungen\Papa und Mama\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
f:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(528)
f:\windows\system32\cmdcsr.dll
.
Zeit der Fertigstellung: 2012-10-17 22:08:17
ComboFix-quarantined-files.txt 2012-10-17 20:08
ComboFix2.txt 2012-10-13 17:44
.
Vor Suchlauf: 9 Verzeichnis(se), 77.469.319.168 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 77.597.192.192 Bytes frei
.
- - End Of File - - 54CC81C5078A5AD54AFE9C3B7516097D
Schönen Abend! |
|
18.10.2012, 17:43
| #20 | |
| /// TB-Ausbilder | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? Gut!  Wir sind hier fast fertig. Bevor wir zu Rechner 2 übergehen müssen wir noch ein paar Kontrollen machen. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Java Update Schritt 4: Update: Firefox, Addons und Plugins Schritt 5: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.10.2012, 15:06
| #21 |
| | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? Ok, alles erledigt: Malwarybytes Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.21.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Papa und Mama :: DOCBASE [Administrator] 21.10.2012 14:03:03 mbam-log-2012-10-21 (14-03-03).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 194412 Laufzeit: 3 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter F:\Dokumente und Einstellungen\Papa und Mama\Eigene Dateien\Downloads\fsSetup129.exe Win32/Toolbar.Widgi application
F:\Dokumente und Einstellungen\Papa und Mama\Eigene Dateien\Downloads\SoftonicDownloader_fuer_google-earth.exe a variant of Win32/SoftonicDownloader.E application
Code:
ATTFilter Results of screen317's Security Check version 0.99.53 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` COMODO Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 CCleaner Java(TM) 6 Update 33 Java 7 Update 9 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.4.402.287 Mozilla Firefox (16.0.1) ````````Process Check: objlist.exe by Laurent```````` Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive F:: ````````````````````End of Log`````````````````````` |
|
21.10.2012, 18:35
| #22 | ||
| /// TB-Ausbilder | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats?Zitat:
Ja du hast recht. Das ist ein Überbleibsel das man mit normalen Mitteln nicht wegbekommt, aber es ist inaktiv und stört da erstmal nicht. Mit Rechner 1 wären wir also soweit fertig und räumen diesen auf. Gleichzeitig fangen wir mit PC2 an. Schritt 1: ESET-Funde löschen
Schritt 2: Deinstallation von Programmen Schritt 3: Combofix deinstallieren Schritt 4: Toolbereinigung mit OTL Schritt 5: AdwCleaner entfernen Schritt 6: ESET deinstallieren (Optional) Wir beginnen jetzt mit PC2: Schritt 1: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Schritt 2: Scan mit aswMBR
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.10.2012, 21:00
| #23 |
| | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? Ok, PC1 werd ich weiterhin kontrollieren. Vielen Dank! Werd mir wohl auch noch ne bessere Security-Software zulegen. Jetzt zu PC2: TDSSKiller Log: Code:
ATTFilter 21:28:56.0140 0360 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:28:56.0140 0360 ============================================================
21:28:56.0140 0360 Current date / time: 2012/10/21 21:28:56.0140
21:28:56.0140 0360 SystemInfo:
21:28:56.0140 0360
21:28:56.0140 0360 OS Version: 5.1.2600 ServicePack: 3.0
21:28:56.0140 0360 Product type: Workstation
21:28:56.0140 0360 ComputerName: FREDDOOF
21:28:56.0140 0360 UserName: Freddy
21:28:56.0140 0360 Windows directory: C:\WINDOWS
21:28:56.0140 0360 System windows directory: C:\WINDOWS
21:28:56.0140 0360 Processor architecture: Intel x86
21:28:56.0140 0360 Number of processors: 1
21:28:56.0140 0360 Page size: 0x1000
21:28:56.0140 0360 Boot type: Normal boot
21:28:56.0140 0360 ============================================================
21:28:59.0953 0360 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:28:59.0968 0360 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:28:59.0984 0360 Drive \Device\Harddisk2\DR5 - Size: 0x3F140000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:28:59.0984 0360 ============================================================
21:28:59.0984 0360 \Device\Harddisk0\DR0:
21:28:59.0984 0360 MBR partitions:
21:28:59.0984 0360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
21:28:59.0984 0360 \Device\Harddisk1\DR1:
21:28:59.0984 0360 MBR partitions:
21:29:00.0000 0360 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x97995A8
21:29:00.0015 0360 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x979D4E7, BlocksNum 0x927B5DA
21:29:00.0015 0360 \Device\Harddisk2\DR5:
21:29:00.0015 0360 MBR partitions:
21:29:00.0015 0360 \Device\Harddisk2\DR5\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1F89E0
21:29:00.0015 0360 ============================================================
21:29:00.0062 0360 C: <-> \Device\Harddisk0\DR0\Partition1
21:29:00.0093 0360 D: <-> \Device\Harddisk1\DR1\Partition1
21:29:00.0156 0360 E: <-> \Device\Harddisk1\DR1\Partition2
21:29:00.0156 0360 ============================================================
21:29:00.0156 0360 Initialize success
21:29:00.0156 0360 ============================================================
21:29:09.0718 2084 ============================================================
21:29:09.0718 2084 Scan started
21:29:09.0718 2084 Mode: Manual; TDLFS;
21:29:09.0718 2084 ============================================================
21:29:09.0937 2084 ================ Scan system memory ========================
21:29:09.0937 2084 System memory - ok
21:29:09.0953 2084 ================ Scan services =============================
21:29:10.0093 2084 Abiosdsk - ok
21:29:10.0125 2084 abp480n5 - ok
21:29:10.0171 2084 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:29:10.0203 2084 ACPI - ok
21:29:10.0265 2084 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:29:10.0281 2084 ACPIEC - ok
21:29:10.0359 2084 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:29:10.0375 2084 AdobeFlashPlayerUpdateSvc - ok
21:29:10.0406 2084 adpu160m - ok
21:29:10.0453 2084 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:29:10.0453 2084 aec - ok
21:29:10.0515 2084 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:29:10.0546 2084 AFD - ok
21:29:10.0578 2084 Aha154x - ok
21:29:10.0609 2084 aic78u2 - ok
21:29:10.0640 2084 aic78xx - ok
21:29:10.0703 2084 [ BA88534A3CEB6161E7432438B9EA4F54 ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
21:29:10.0781 2084 ALCXSENS - ok
21:29:10.0843 2084 [ 9A6A99F0D75B457E3A2267776EBE9F47 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:29:10.0875 2084 ALCXWDM - ok
21:29:10.0921 2084 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:29:10.0937 2084 Alerter - ok
21:29:10.0984 2084 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:29:10.0984 2084 ALG - ok
21:29:11.0015 2084 AliIde - ok
21:29:11.0046 2084 amsint - ok
21:29:11.0109 2084 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:29:11.0140 2084 AppMgmt - ok
21:29:11.0203 2084 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:29:11.0265 2084 Arp1394 - ok
21:29:11.0296 2084 asc - ok
21:29:11.0328 2084 asc3350p - ok
21:29:11.0359 2084 asc3550 - ok
21:29:11.0484 2084 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:29:11.0484 2084 aspnet_state - ok
21:29:11.0531 2084 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:29:11.0546 2084 AsyncMac - ok
21:29:11.0609 2084 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:29:11.0609 2084 atapi - ok
21:29:11.0640 2084 Atdisk - ok
21:29:11.0703 2084 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:29:11.0750 2084 Atmarpc - ok
21:29:11.0796 2084 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:29:11.0828 2084 AudioSrv - ok
21:29:11.0875 2084 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:29:11.0890 2084 audstub - ok
21:29:11.0937 2084 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:29:11.0984 2084 Beep - ok
21:29:12.0031 2084 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:29:12.0125 2084 BITS - ok
21:29:12.0171 2084 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
21:29:12.0171 2084 Browser - ok
21:29:12.0218 2084 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:29:12.0234 2084 cbidf2k - ok
21:29:12.0265 2084 cd20xrnt - ok
21:29:12.0312 2084 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:29:12.0343 2084 Cdaudio - ok
21:29:12.0390 2084 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:29:12.0437 2084 Cdfs - ok
21:29:12.0484 2084 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:29:12.0515 2084 Cdrom - ok
21:29:12.0546 2084 Changer - ok
21:29:12.0609 2084 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:29:12.0656 2084 CiSvc - ok
21:29:12.0687 2084 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:29:12.0734 2084 ClipSrv - ok
21:29:12.0781 2084 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:12.0796 2084 clr_optimization_v2.0.50727_32 - ok
21:29:12.0828 2084 CmdIde - ok
21:29:12.0859 2084 COMSysApp - ok
21:29:12.0921 2084 Cpqarray - ok
21:29:13.0000 2084 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:29:13.0000 2084 CryptSvc - ok
21:29:13.0046 2084 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:29:13.0046 2084 CVirtA - ok
21:29:13.0078 2084 dac2w2k - ok
21:29:13.0109 2084 dac960nt - ok
21:29:13.0171 2084 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:29:13.0171 2084 DcomLaunch - ok
21:29:13.0234 2084 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:29:13.0234 2084 Dhcp - ok
21:29:13.0281 2084 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:29:13.0312 2084 Disk - ok
21:29:13.0343 2084 dmadmin - ok
21:29:13.0406 2084 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:29:13.0500 2084 dmboot - ok
21:29:13.0546 2084 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:29:13.0578 2084 dmio - ok
21:29:13.0609 2084 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:29:13.0625 2084 dmload - ok
21:29:13.0671 2084 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:29:13.0671 2084 dmserver - ok
21:29:13.0718 2084 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:29:13.0718 2084 DMusic - ok
21:29:13.0796 2084 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
21:29:13.0812 2084 DNE - ok
21:29:13.0875 2084 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:29:13.0890 2084 Dnscache - ok
21:29:13.0953 2084 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:29:14.0015 2084 Dot3svc - ok
21:29:14.0046 2084 dpti2o - ok
21:29:14.0078 2084 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:29:14.0078 2084 drmkaud - ok
21:29:14.0125 2084 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:29:14.0171 2084 EapHost - ok
21:29:14.0218 2084 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
21:29:14.0250 2084 epmntdrv - ok
21:29:14.0312 2084 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:29:14.0312 2084 ERSvc - ok
21:29:14.0359 2084 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
21:29:14.0375 2084 EuGdiDrv - ok
21:29:14.0437 2084 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:29:14.0437 2084 Eventlog - ok
21:29:14.0500 2084 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
21:29:14.0515 2084 EventSystem - ok
21:29:14.0562 2084 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:29:14.0562 2084 Fastfat - ok
21:29:14.0625 2084 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:29:14.0671 2084 FastUserSwitchingCompatibility - ok
21:29:14.0718 2084 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:29:14.0750 2084 Fdc - ok
21:29:14.0781 2084 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:29:14.0812 2084 Fips - ok
21:29:14.0843 2084 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:29:14.0875 2084 Flpydisk - ok
21:29:14.0921 2084 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:29:14.0953 2084 FltMgr - ok
21:29:15.0046 2084 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:29:15.0046 2084 FontCache3.0.0.0 - ok
21:29:15.0078 2084 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:29:15.0093 2084 Fs_Rec - ok
21:29:15.0125 2084 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:29:15.0156 2084 Ftdisk - ok
21:29:15.0203 2084 [ 3A74C423CF6BCCA6982715878F450A3B ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
21:29:15.0234 2084 gagp30kx - ok
21:29:15.0296 2084 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:29:15.0312 2084 Gpc - ok
21:29:15.0390 2084 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:29:15.0390 2084 helpsvc - ok
21:29:15.0406 2084 HidServ - ok
21:29:15.0484 2084 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:29:15.0546 2084 hkmsvc - ok
21:29:15.0578 2084 hpn - ok
21:29:15.0640 2084 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:29:15.0656 2084 HTTP - ok
21:29:15.0718 2084 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:29:15.0734 2084 HTTPFilter - ok
21:29:15.0781 2084 i2omgmt - ok
21:29:15.0812 2084 i2omp - ok
21:29:15.0875 2084 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:29:15.0906 2084 i8042prt - ok
21:29:16.0000 2084 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:29:16.0031 2084 idsvc - ok
21:29:16.0078 2084 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:29:16.0109 2084 Imapi - ok
21:29:16.0171 2084 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:29:16.0265 2084 ImapiService - ok
21:29:16.0312 2084 ini910u - ok
21:29:16.0359 2084 IntelIde - ok
21:29:16.0406 2084 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:29:16.0437 2084 Ip6Fw - ok
21:29:16.0484 2084 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:29:16.0515 2084 IpFilterDriver - ok
21:29:16.0546 2084 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:29:16.0578 2084 IpInIp - ok
21:29:16.0625 2084 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:29:16.0656 2084 IpNat - ok
21:29:16.0703 2084 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:29:16.0750 2084 IPSec - ok
21:29:16.0796 2084 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:29:16.0812 2084 IRENUM - ok
21:29:16.0890 2084 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:29:16.0921 2084 isapnp - ok
21:29:16.0953 2084 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:29:16.0984 2084 Kbdclass - ok
21:29:17.0015 2084 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:29:17.0031 2084 kmixer - ok
21:29:17.0078 2084 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:29:17.0125 2084 KSecDD - ok
21:29:17.0171 2084 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:29:17.0171 2084 lanmanserver - ok
21:29:17.0218 2084 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:29:17.0250 2084 lanmanworkstation - ok
21:29:17.0296 2084 lbrtfdc - ok
21:29:17.0375 2084 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:29:17.0390 2084 LmHosts - ok
21:29:17.0437 2084 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:29:17.0468 2084 Messenger - ok
21:29:17.0515 2084 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:29:17.0546 2084 mnmdd - ok
21:29:17.0578 2084 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:29:17.0625 2084 mnmsrvc - ok
21:29:17.0687 2084 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:29:17.0703 2084 Modem - ok
21:29:17.0750 2084 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:29:17.0781 2084 Mouclass - ok
21:29:17.0843 2084 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:29:17.0875 2084 MountMgr - ok
21:29:17.0953 2084 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:29:17.0953 2084 MozillaMaintenance - ok
21:29:18.0015 2084 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:29:18.0015 2084 MpFilter - ok
21:29:18.0125 2084 [ A69630D039C38018689190234F866D77 ] MpKsl23dede19 c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{098787C1-E228-406B-8BBB-DF4414ED1578}\MpKsl23dede19.sys
21:29:18.0125 2084 MpKsl23dede19 - ok
21:29:18.0156 2084 mraid35x - ok
21:29:18.0187 2084 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:29:18.0203 2084 MRxDAV - ok
21:29:18.0265 2084 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:29:18.0343 2084 MRxSmb - ok
21:29:18.0390 2084 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:29:18.0406 2084 MSDTC - ok
21:29:18.0453 2084 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:29:18.0531 2084 Msfs - ok
21:29:18.0562 2084 MSIServer - ok
21:29:18.0593 2084 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:29:18.0609 2084 MSKSSRV - ok
21:29:18.0703 2084 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Programme\Microsoft Security Client\MsMpEng.exe
21:29:18.0703 2084 MsMpSvc - ok
21:29:18.0750 2084 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:29:18.0765 2084 MSPCLOCK - ok
21:29:18.0796 2084 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:29:18.0812 2084 MSPQM - ok
21:29:18.0859 2084 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:29:18.0890 2084 mssmbios - ok
21:29:18.0937 2084 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:29:18.0984 2084 Mup - ok
21:29:19.0078 2084 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:29:19.0156 2084 napagent - ok
21:29:19.0203 2084 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:29:19.0250 2084 NDIS - ok
21:29:19.0296 2084 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:29:19.0328 2084 NdisTapi - ok
21:29:19.0359 2084 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:29:19.0375 2084 Ndisuio - ok
21:29:19.0406 2084 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:29:19.0468 2084 NdisWan - ok
21:29:19.0515 2084 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:29:19.0562 2084 NDProxy - ok
21:29:19.0593 2084 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:29:19.0625 2084 NetBIOS - ok
21:29:19.0656 2084 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:29:19.0718 2084 NetBT - ok
21:29:19.0781 2084 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:29:19.0875 2084 NetDDE - ok
21:29:19.0906 2084 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:29:19.0906 2084 NetDDEdsdm - ok
21:29:19.0968 2084 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:29:19.0968 2084 Netlogon - ok
21:29:20.0000 2084 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:29:20.0015 2084 Netman - ok
21:29:20.0062 2084 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:20.0062 2084 NetTcpPortSharing - ok
21:29:20.0125 2084 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:29:20.0156 2084 NIC1394 - ok
21:29:20.0218 2084 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:29:20.0234 2084 Nla - ok
21:29:20.0281 2084 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:29:20.0312 2084 Npfs - ok
21:29:20.0375 2084 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:29:20.0421 2084 Ntfs - ok
21:29:20.0453 2084 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:29:20.0453 2084 NtLmSsp - ok
21:29:20.0531 2084 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:29:20.0578 2084 NtmsSvc - ok
21:29:20.0609 2084 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:29:20.0625 2084 Null - ok
21:29:20.0718 2084 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:29:20.0812 2084 nv - ok
21:29:20.0875 2084 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:29:20.0890 2084 NwlnkFlt - ok
21:29:20.0921 2084 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:29:20.0953 2084 NwlnkFwd - ok
21:29:21.0046 2084 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
21:29:21.0062 2084 odserv - ok
21:29:21.0125 2084 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:29:21.0156 2084 ohci1394 - ok
21:29:21.0218 2084 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:29:21.0218 2084 ose - ok
21:29:21.0281 2084 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:29:21.0328 2084 Parport - ok
21:29:21.0359 2084 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:29:21.0375 2084 PartMgr - ok
21:29:21.0421 2084 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:29:21.0421 2084 ParVdm - ok
21:29:21.0453 2084 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:29:21.0500 2084 PCI - ok
21:29:21.0515 2084 PCIDump - ok
21:29:21.0546 2084 PCIIde - ok
21:29:21.0593 2084 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:29:21.0625 2084 Pcmcia - ok
21:29:21.0656 2084 PDCOMP - ok
21:29:21.0687 2084 PDFRAME - ok
21:29:21.0718 2084 PDRELI - ok
21:29:21.0750 2084 PDRFRAME - ok
21:29:21.0781 2084 perc2 - ok
21:29:21.0812 2084 perc2hib - ok
21:29:21.0906 2084 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:29:21.0921 2084 PlugPlay - ok
21:29:21.0937 2084 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:29:21.0937 2084 PolicyAgent - ok
21:29:21.0984 2084 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:29:22.0015 2084 PptpMiniport - ok
21:29:22.0062 2084 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:29:22.0109 2084 Processor - ok
21:29:22.0140 2084 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:29:22.0140 2084 ProtectedStorage - ok
21:29:22.0171 2084 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:29:22.0218 2084 PSched - ok
21:29:22.0250 2084 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:29:22.0265 2084 Ptilink - ok
21:29:22.0312 2084 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:29:22.0312 2084 PxHelp20 - ok
21:29:22.0343 2084 ql1080 - ok
21:29:22.0375 2084 Ql10wnt - ok
21:29:22.0406 2084 ql12160 - ok
21:29:22.0437 2084 ql1240 - ok
21:29:22.0468 2084 ql1280 - ok
21:29:22.0500 2084 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:29:22.0515 2084 RasAcd - ok
21:29:22.0562 2084 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:29:22.0578 2084 RasAuto - ok
21:29:22.0625 2084 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:29:22.0671 2084 Rasl2tp - ok
21:29:22.0718 2084 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:29:22.0734 2084 RasMan - ok
21:29:22.0765 2084 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:29:22.0796 2084 RasPppoe - ok
21:29:22.0828 2084 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:29:22.0843 2084 Raspti - ok
21:29:22.0890 2084 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:29:22.0906 2084 Rdbss - ok
21:29:22.0953 2084 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:29:22.0953 2084 RDPCDD - ok
21:29:23.0015 2084 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:29:23.0015 2084 rdpdr - ok
21:29:23.0078 2084 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:29:23.0093 2084 RDPWD - ok
21:29:23.0140 2084 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:29:23.0296 2084 RDSessMgr - ok
21:29:23.0343 2084 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:29:23.0375 2084 redbook - ok
21:29:23.0453 2084 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:29:23.0500 2084 RemoteAccess - ok
21:29:23.0546 2084 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:29:23.0546 2084 RemoteRegistry - ok
21:29:23.0593 2084 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:29:23.0640 2084 RpcLocator - ok
21:29:23.0687 2084 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:29:23.0687 2084 RpcSs - ok
21:29:23.0734 2084 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:29:23.0781 2084 RSVP - ok
21:29:23.0859 2084 [ B29EEB1EA7971BD83069EB2E2258D224 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
21:29:23.0921 2084 RTL8192su - ok
21:29:23.0953 2084 [ D0EEDC88876B20D42157CDCCA3E647F3 ] s1039bus C:\WINDOWS\system32\DRIVERS\s1039bus.sys
21:29:23.0953 2084 s1039bus - ok
21:29:24.0000 2084 [ 7B35091A7BB597C86262C589B0B57D06 ] s1039mdfl C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys
21:29:24.0000 2084 s1039mdfl - ok
21:29:24.0031 2084 [ 4CB1AB13C9813CBF3E4C6406F8043EC2 ] s1039mdm C:\WINDOWS\system32\DRIVERS\s1039mdm.sys
21:29:24.0046 2084 s1039mdm - ok
21:29:24.0093 2084 [ 305E3E3ACA0037AF2E2C1B50A383C91B ] s1039obex C:\WINDOWS\system32\DRIVERS\s1039obex.sys
21:29:24.0093 2084 s1039obex - ok
21:29:24.0140 2084 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:29:24.0140 2084 SamSs - ok
21:29:24.0203 2084 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:29:24.0250 2084 SCardSvr - ok
21:29:24.0328 2084 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:29:24.0375 2084 Schedule - ok
21:29:24.0437 2084 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:29:24.0468 2084 Secdrv - ok
21:29:24.0515 2084 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:29:24.0515 2084 seclogon - ok
21:29:24.0562 2084 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:29:24.0562 2084 SENS - ok
21:29:24.0593 2084 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:29:24.0609 2084 serenum - ok
21:29:24.0656 2084 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:29:24.0734 2084 Serial - ok
21:29:24.0812 2084 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:29:24.0828 2084 Sfloppy - ok
21:29:24.0890 2084 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:29:24.0906 2084 SharedAccess - ok
21:29:24.0953 2084 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:29:24.0953 2084 ShellHWDetection - ok
21:29:24.0984 2084 Simbad - ok
21:29:25.0078 2084 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
21:29:25.0078 2084 SkypeUpdate - ok
21:29:25.0109 2084 Sparrow - ok
21:29:25.0140 2084 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:29:25.0140 2084 splitter - ok
21:29:25.0187 2084 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:29:25.0187 2084 Spooler - ok
21:29:25.0234 2084 [ 8EA0FD60A5B047E0C734D51AACE531C9 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
21:29:25.0234 2084 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 8EA0FD60A5B047E0C734D51AACE531C9
21:29:25.0250 2084 sptd ( LockedFile.Multi.Generic ) - warning
21:29:25.0250 2084 sptd - detected LockedFile.Multi.Generic (1)
21:29:25.0265 2084 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:29:25.0328 2084 sr - ok
21:29:25.0406 2084 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:29:25.0406 2084 srservice - ok
21:29:25.0468 2084 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:29:25.0484 2084 Srv - ok
21:29:25.0531 2084 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:29:25.0531 2084 SSDPSRV - ok
21:29:25.0593 2084 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:29:25.0625 2084 stisvc - ok
21:29:25.0687 2084 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:29:25.0703 2084 swenum - ok
21:29:25.0734 2084 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:29:25.0734 2084 swmidi - ok
21:29:25.0765 2084 SwPrv - ok
21:29:25.0812 2084 symc810 - ok
21:29:25.0843 2084 symc8xx - ok
21:29:25.0875 2084 sym_hi - ok
21:29:25.0906 2084 sym_u3 - ok
21:29:25.0937 2084 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:29:25.0937 2084 sysaudio - ok
21:29:25.0984 2084 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:29:26.0062 2084 SysmonLog - ok
21:29:26.0109 2084 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:29:26.0109 2084 TapiSrv - ok
21:29:26.0171 2084 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:29:26.0250 2084 Tcpip - ok
21:29:26.0296 2084 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:29:26.0328 2084 TDPIPE - ok
21:29:26.0375 2084 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:29:26.0375 2084 TDTCP - ok
21:29:26.0421 2084 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:29:26.0421 2084 TermDD - ok
21:29:26.0484 2084 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:29:26.0500 2084 TermService - ok
21:29:26.0562 2084 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:29:26.0562 2084 Themes - ok
21:29:26.0640 2084 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:29:26.0671 2084 TlntSvr - ok
21:29:26.0703 2084 TosIde - ok
21:29:26.0765 2084 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:29:26.0765 2084 TrkWks - ok
21:29:26.0843 2084 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:29:26.0890 2084 Udfs - ok
21:29:26.0921 2084 ultra - ok
21:29:26.0968 2084 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:29:27.0031 2084 Update - ok
21:29:27.0093 2084 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:29:27.0171 2084 upnphost - ok
21:29:27.0234 2084 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:29:27.0312 2084 UPS - ok
21:29:27.0359 2084 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:29:27.0390 2084 usbehci - ok
21:29:27.0453 2084 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:29:27.0484 2084 usbhub - ok
21:29:27.0546 2084 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:29:27.0578 2084 usbscan - ok
21:29:27.0625 2084 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:29:27.0625 2084 USBSTOR - ok
21:29:27.0656 2084 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:29:27.0687 2084 usbuhci - ok
21:29:27.0718 2084 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:29:27.0750 2084 VgaSave - ok
21:29:27.0796 2084 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
21:29:27.0843 2084 viaagp1 - ok
21:29:27.0859 2084 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:29:27.0875 2084 ViaIde - ok
21:29:27.0921 2084 [ EBE101C01D80A42868F57B327BE1B564 ] viasraid C:\WINDOWS\system32\DRIVERS\viasraid.sys
21:29:27.0953 2084 viasraid - ok
21:29:28.0015 2084 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:29:28.0046 2084 VolSnap - ok
21:29:28.0140 2084 [ 3B98AB9849754CB88265111422441DF7 ] vpnagent C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
21:29:28.0156 2084 vpnagent - ok
21:29:28.0203 2084 [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
21:29:28.0203 2084 vpnva - ok
21:29:28.0265 2084 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:29:28.0343 2084 VSS - ok
21:29:28.0390 2084 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:29:28.0390 2084 W32Time - ok
21:29:28.0468 2084 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:29:28.0500 2084 Wanarp - ok
21:29:28.0531 2084 WDICA - ok
21:29:28.0593 2084 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:29:28.0593 2084 wdmaud - ok
21:29:28.0640 2084 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:29:28.0656 2084 WebClient - ok
21:29:28.0734 2084 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:29:28.0734 2084 winmgmt - ok
21:29:28.0859 2084 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:29:28.0875 2084 WmdmPmSN - ok
21:29:28.0953 2084 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:29:28.0953 2084 Wmi - ok
21:29:29.0015 2084 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:29:29.0109 2084 WmiApSrv - ok
21:29:29.0250 2084 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
21:29:29.0640 2084 WMPNetworkSvc - ok
21:29:29.0718 2084 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:29:29.0718 2084 wscsvc - ok
21:29:29.0781 2084 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:29:29.0781 2084 wuauserv - ok
21:29:29.0843 2084 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:29:29.0890 2084 WudfPf - ok
21:29:29.0937 2084 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:29:29.0984 2084 WudfRd - ok
21:29:30.0031 2084 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:29:30.0046 2084 WudfSvc - ok
21:29:30.0125 2084 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:29:30.0140 2084 WZCSVC - ok
21:29:30.0187 2084 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:29:30.0234 2084 xmlprov - ok
21:29:30.0296 2084 [ DEE4899B4AC10A673B2DF0CDD135167E ] yukonwxp C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
21:29:30.0359 2084 yukonwxp - ok
21:29:30.0437 2084 ================ Scan global ===============================
21:29:30.0453 2084 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:29:30.0546 2084 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:29:30.0593 2084 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:29:30.0625 2084 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:29:30.0625 2084 [Global] - ok
21:29:30.0640 2084 ================ Scan MBR ==================================
21:29:30.0671 2084 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:29:30.0875 2084 \Device\Harddisk0\DR0 - ok
21:29:30.0906 2084 [ 205060F860AA1EC25B607A1B5B40A40C ] \Device\Harddisk1\DR1
21:29:30.0953 2084 \Device\Harddisk1\DR1 - ok
21:29:30.0984 2084 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk2\DR5
21:29:38.0140 2084 \Device\Harddisk2\DR5 - ok
21:29:38.0156 2084 ================ Scan VBR ==================================
21:29:38.0171 2084 [ 5B3E83E175D312D171B80BDA6CDCE7B5 ] \Device\Harddisk0\DR0\Partition1
21:29:38.0171 2084 \Device\Harddisk0\DR0\Partition1 - ok
21:29:38.0187 2084 [ 9562EAC3E0925C76EFAA69CF2C2F7429 ] \Device\Harddisk1\DR1\Partition1
21:29:38.0187 2084 \Device\Harddisk1\DR1\Partition1 - ok
21:29:38.0203 2084 [ 50D4E6FED0BAC3672CD2B71B2CE9E47F ] \Device\Harddisk1\DR1\Partition2
21:29:38.0218 2084 \Device\Harddisk1\DR1\Partition2 - ok
21:29:38.0234 2084 [ 1F534B53A5C2A95CE069C027D1876B2D ] \Device\Harddisk2\DR5\Partition1
21:29:38.0234 2084 \Device\Harddisk2\DR5\Partition1 - ok
21:29:38.0250 2084 ============================================================
21:29:38.0250 2084 Scan finished
21:29:38.0250 2084 ============================================================
21:29:38.0281 2052 Detected object count: 1
21:29:38.0281 2052 Actual detected object count: 1
21:29:50.0718 2052 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:29:50.0718 2052 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:30:52.0187 0348 Deinitialize success
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-21 21:36:05
-----------------------------
21:36:05.539 OS Version: Windows 5.1.2600 Service Pack 3
21:36:05.539 Number of processors: 1 586 0x2F02
21:36:05.539 ComputerName: FREDDOOF UserName: Freddy
21:36:15.633 Initialize success
21:39:59.633 AVAST engine defs: 12102100
21:40:08.866 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:40:08.866 Disk 0 Vendor: WDC_WD800BB-00JHA0 05.01C05 Size: 76318MB BusType: 3
21:40:08.898 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
21:40:08.898 Disk 1 Vendor: SAMSUNG_SP1654N BV100-50 Size: 152627MB BusType: 3
21:40:09.210 Disk 0 MBR read successfully
21:40:09.210 Disk 0 MBR scan
21:40:09.882 Disk 0 Windows XP default MBR code
21:40:09.944 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
21:40:10.507 Disk 0 scanning sectors +156280320
21:40:11.538 Disk 0 scanning C:\WINDOWS\system32\drivers
21:41:31.960 Service scanning
21:41:58.226 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:42:07.366 Modules scanning
21:42:11.913 Module: C:\WINDOWS\System32\Drivers\atapi.sys **SUSPICIOUS**
21:42:17.444 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
21:42:19.460 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
21:42:19.460 Disk 0 trace - called modules:
21:42:19.476 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys viaide.sys
21:42:19.476 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86775030]
21:42:19.476 3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\00000065[0x86777eb0]
21:42:19.476 5 ACPI.sys[f739c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86746940]
21:42:21.835 AVAST engine scan C:\WINDOWS
21:42:32.148 AVAST engine scan C:\WINDOWS\system32
21:47:23.366 AVAST engine scan C:\WINDOWS\system32\drivers
21:47:48.601 AVAST engine scan C:\Dokumente und Einstellungen\Freddy
21:51:17.476 AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:52:19.648 Scan finished successfully
21:56:14.226 Disk 0 MBR has been saved successfully to "F:\PC Freddy\Schritt 1\MBR.dat"
21:56:14.226 The log file has been saved successfully to "F:\PC Freddy\Schritt 1\aswMBR Log 21.10.12.txt"
|
|
23.10.2012, 16:49
| #24 | ||
| /// TB-Ausbilder | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? Okay, jetzt geht es weiter  Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop. Schritt 2: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.10.2012, 17:41
| #25 |
| | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? Defogger Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:16 on 23/10/2012 (Freddy)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter ComboFix 12-10-23.01 - Freddy 23.10.2012 18:25:21.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.678 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Freddy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Freddy\WINDOWS
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET48.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-23 bis 2012-10-23 ))))))))))))))))))))))))))))))
.
.
2012-10-21 19:38 . 2012-10-12 05:56 6918632 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{CF977A62-A417-4731-A263-98BBFCB8B11E}\mpengine.dll
2012-10-14 18:12 . 2012-08-29 23:17 6980552 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-13 08:36 . 2012-10-13 08:36 -------- d-----w- c:\dokumente und einstellungen\Freddy\Anwendungsdaten\Malwarebytes
2012-10-13 08:35 . 2012-10-13 08:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-10-13 08:35 . 2012-10-13 08:35 -------- d-----w- c:\programme\ Malwarebytes Anti-Malware
2012-10-13 08:35 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-13 07:39 . 2012-10-13 08:09 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2012-10-13 07:39 . 2012-10-13 07:39 -------- d-----w- c:\programme\Spybot - Search & Destroy
2012-10-10 16:35 . 2012-10-10 16:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sophos
2012-10-08 20:43 . 2012-10-08 20:43 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 13:42 . 2012-04-21 10:37 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 13:42 . 2011-10-25 15:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 20:03 . 2011-04-18 12:18 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:05 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2006-02-28 12:00 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2004-08-04 00:50 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-23 08:50 . 2011-10-25 12:00 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2006-02-28 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2006-02-28 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2006-02-28 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2006-02-28 12:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2006-02-28 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . D45BBCDDC74A1B0259A0C4B00C190D20 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 8AFBC2E1E5555A1C29953AF854F0FCA5 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2006-02-28 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
.
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 65F6B774819BD727358157CEDEA67B8E . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-09 . A07CA23EA361A01E627D911CF139B950 . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2006-02-28 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2006-02-28 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2006-02-28 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 2B6ADE29F8D00EEFA5FA2250CBE094AD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2006-02-28 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2006-02-28 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2006-02-28 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:30 . D68ED3908C7A0DB446111D34AC40DC18 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:16 . 3912BEF896D1D687B6053409E5F5F2A6 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2006-02-28 12:00 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll
.
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2006-02-28 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . A6F4977F9D2C9506050BFF0EF0B574B5 . 1059840 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . B6053A5FA67EAC4A292A44F585881FFF . 1062912 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2006-02-28 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
.
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2006-02-28 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2006-02-28 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2006-02-28 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2006-02-28 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 774274C487493452DF3B0126DBE7FF3B . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . EB55B1D9978B61E9913EDCD27EEC4C7C . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2006-02-28 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2009-02-06 . ED4BBAD725A21632FB205452749FC8F5 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . ED4BBAD725A21632FB205452749FC8F5 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2006-02-28 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2006-02-28 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2006-02-28 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2006-02-28 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2006-02-28 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2006-02-28 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2006-02-28 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2006-02-28 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2006-02-28 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2006-02-28 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2006-02-28 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2006-02-28 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EB2AD9C7DADE6C63F5F933881BA2A430 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2006-02-28 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-02-28 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 927666F4228E3FBBC3D1171581DC8BDC . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-02-28 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . DC4E223F5813150073FB5CC63D13293B . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . DC4E223F5813150073FB5CC63D13293B . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2006-02-28 . 3B8A9C87027BF8D6D156BE5FA6E8EBC6 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-02-28 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2006-02-28 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2006-02-28 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2010-12-09 . 0314B25236E38383DACD4527C40156E8 . 743936 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . E3BDD71DA7EAB0A503129D4D127AF1CB . 743936 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . E3BDD71DA7EAB0A503129D4D127AF1CB . 743936 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . 06DA2C9091606174BFC6F46037AAFFF8 . 740864 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2009-02-09 . 1392B1FB3CD232D4439418DB91DB57A1 . 740352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntdll.dll
[-] 2009-02-09 . 1392B1FB3CD232D4439418DB91DB57A1 . 740352 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
[-] 2009-02-09 . 00396DB3298F569268C854D8192A6524 . 740352 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
[-] 2009-02-09 . 13F65D69BC90600C2F0274A4D42D38B5 . 740864 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntdll.dll
[-] 2008-04-14 . 95092EFBE367A108ECDD5D6E439754C3 . 731648 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
[-] 2008-04-14 . 95092EFBE367A108ECDD5D6E439754C3 . 731648 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[-] 2006-02-28 . 00E9FF65CC5C4F965ABB0C7BBDAE8309 . 733696 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntdll.dll
.
[-] 2008-04-14 . 275CAC40038A2643833B5F48FB474857 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 275CAC40038A2643833B5F48FB474857 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2006-02-28 . C7329927E2C73450323565DCFE17D78E . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2006-02-28 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2006-02-28 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2006-02-28 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2006-02-28 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2006-02-28 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2006-02-28 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2006-02-28 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2006-02-28 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2006-02-28 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 4891FCDAE77486BFB56999AA217651FA . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-02-28 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2006-02-28 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2006-02-28 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2006-02-28 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2006-02-28 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2006-02-28 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2006-02-28 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2006-02-28 12:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2006-02-28 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2006-02-28 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-02-28 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2006-02-28 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-02-28 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2006-02-28 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-02-28 . 84028E2EBE7A25494766673A5FF4B304 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
[-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2006-02-28 . 3FEADE4D0B41D22E8B8460739A9B4FEE . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Freddy\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Freddy\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Freddy\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Freddy\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Freddy\Startmenü\Programme\Autostart\
USB Sync.lnk - c:\dokumente und einstellungen\Freddy\Eigene Dateien\Sync\USB.ffs_real [2012-2-4 383]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
VIA RAID TOOL.lnk - c:\programme\VIA\RAID\raid_tool.exe [2011-10-25 565248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-02-26 15:53 65024 ----a-w- c:\windows\soundman.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Dokumente und Einstellungen\\Freddy\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [25.10.2011 13:51 77312]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [22.09.2011 20:43 645048]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 14:14 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [21.04.2012 12:37 250808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [25.10.2011 13:58 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [25.10.2011 13:58 8456]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [27.04.2012 22:17 114144]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [06.01.2010 17:21 594048]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [15.03.2010 09:38 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [15.03.2010 09:38 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [15.03.2010 09:38 124016]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [15.03.2010 09:38 113904]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 13:42]
.
2012-10-23 c:\windows\Tasks\Auslogics Disk Defrag Start On Freddy Logon.job
- c:\programme\Auslogics Disk Defrag\DiskDefrag.exe [2011-10-25 16:24]
.
2012-10-23 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programme\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Freddy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{13B1BC65-2CE0-4ABF-AF29-CD6EB3267C09}: NameServer = 131.188.0.10,131.188.0.11
FF - ProfilePath - c:\dokumente und einstellungen\Freddy\Anwendungsdaten\Mozilla\Firefox\Profiles\0puisig2.default\
FF - prefs.js: browser.startup.homepage - google.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-23 18:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2012-10-23 18:31:52
ComboFix-quarantined-files.txt 2012-10-23 16:31
.
Vor Suchlauf: 6 Verzeichnis(se), 61.098.479.616 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 61.378.068.480 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 62DBC5115182C3357B7897FBE5FB4B48
|
|
23.10.2012, 19:16
| #26 | ||
| /// TB-Ausbilder | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? Nein das sieht soweit ganz gut aus. Aber bitte ... ... bitte auch schonmal an PC3 deinstallieren falls das Programm dort auch ist. Für PC2 bitte: Schritt 1: Liste der installierten Programme (Combofix) Bitte suche und poste mir die folgende Datei:Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen
Schritt 3: Quick-Scan mit Malwarebytes Schritt 4: ESET Online Scanner Zitat:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.10.2012, 14:27
| #27 |
| | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? Ok, das sieht ganz gut aus: Installierte Programme: Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Ashampoo Burning Studio 6 FREE v.6.80 Auslogics Disk Defrag Belkin Connect Wireless USB Adapter CCleaner Cisco AnyConnect VPN Client DivX-Setup Dropbox EASEUS Partition Master 7.1.1 Home Edition EndNote X5 Foxit Reader Free YouTube to MP3 Converter version 3.11.17.319 FreeFileSync v5.0 GIMP 2.6.11 Hotfix für Windows Media Player 11 (KB939683) Hotfix für Windows XP (KB2570791) Hotfix für Windows XP (KB2633952) Hotfix für Windows XP (KB2756822) Hotfix für Windows XP (KB952287) Hotfix für Windows XP (KB961118) Hotfix für Windows XP (KB981793) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB976002-v5) IBM SPSS Statistics 19 inSSIDer K-Lite Codec Pack 7.6.0 (Full) Malwarebytes Anti-Malware Version 1.65.0.1400 Marvell Miniport Driver MediaMonkey 3.2 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Antimalware Service DE-DE Language Pack Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Security Client Microsoft Security Client DE-DE Language Pack Microsoft Security Essentials Microsoft Software Update for Web Folders (German) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 15.0.1 (x86 de) Mozilla Maintenance Service Realtek AC'97 Audio ResearchSoft Direct Export Helper Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Sicherheitsupdate für Microsoft Windows (KB2564958) Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516) Sicherheitsupdate für Windows Internet Explorer 8 (KB2675157) Sicherheitsupdate für Windows Internet Explorer 8 (KB2699988) Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) Sicherheitsupdate für Windows Media Player (KB2378111) Sicherheitsupdate für Windows Media Player (KB952069) Sicherheitsupdate für Windows Media Player (KB954155) Sicherheitsupdate für Windows Media Player (KB973540) Sicherheitsupdate für Windows Media Player (KB975558) Sicherheitsupdate für Windows Media Player (KB978695) Sicherheitsupdate für Windows Media Player (KB979402) Sicherheitsupdate für Windows Media Player 11 (KB954154) Sicherheitsupdate für Windows XP (KB2079403) Sicherheitsupdate für Windows XP (KB2115168) Sicherheitsupdate für Windows XP (KB2229593) Sicherheitsupdate für Windows XP (KB2296011) Sicherheitsupdate für Windows XP (KB2347290) Sicherheitsupdate für Windows XP (KB2360937) Sicherheitsupdate für Windows XP (KB2387149) Sicherheitsupdate für Windows XP (KB2393802) Sicherheitsupdate für Windows XP (KB2412687) Sicherheitsupdate für Windows XP (KB2419632) Sicherheitsupdate für Windows XP (KB2423089) Sicherheitsupdate für Windows XP (KB2440591) Sicherheitsupdate für Windows XP (KB2443105) Sicherheitsupdate für Windows XP (KB2476490) Sicherheitsupdate für Windows XP (KB2478960) Sicherheitsupdate für Windows XP (KB2478971) Sicherheitsupdate für Windows XP (KB2479943) Sicherheitsupdate für Windows XP (KB2481109) Sicherheitsupdate für Windows XP (KB2483185) Sicherheitsupdate für Windows XP (KB2485663) Sicherheitsupdate für Windows XP (KB2506212) Sicherheitsupdate für Windows XP (KB2507618) Sicherheitsupdate für Windows XP (KB2507938) Sicherheitsupdate für Windows XP (KB2508272) Sicherheitsupdate für Windows XP (KB2508429) Sicherheitsupdate für Windows XP (KB2509553) Sicherheitsupdate für Windows XP (KB2510581) Sicherheitsupdate für Windows XP (KB2535512) Sicherheitsupdate für Windows XP (KB2536276-v2) Sicherheitsupdate für Windows XP (KB2544521) Sicherheitsupdate für Windows XP (KB2544893-v2) Sicherheitsupdate für Windows XP (KB2544893) Sicherheitsupdate für Windows XP (KB2562937) Sicherheitsupdate für Windows XP (KB2566454) Sicherheitsupdate für Windows XP (KB2567053) Sicherheitsupdate für Windows XP (KB2567680) Sicherheitsupdate für Windows XP (KB2570222) Sicherheitsupdate für Windows XP (KB2570947) Sicherheitsupdate für Windows XP (KB2584146) Sicherheitsupdate für Windows XP (KB2585542) Sicherheitsupdate für Windows XP (KB2586448) Sicherheitsupdate für Windows XP (KB2592799) Sicherheitsupdate für Windows XP (KB2598479) Sicherheitsupdate für Windows XP (KB2603381) Sicherheitsupdate für Windows XP (KB2618444) Sicherheitsupdate für Windows XP (KB2618451) Sicherheitsupdate für Windows XP (KB2619339) Sicherheitsupdate für Windows XP (KB2620712) Sicherheitsupdate für Windows XP (KB2621440) Sicherheitsupdate für Windows XP (KB2624667) Sicherheitsupdate für Windows XP (KB2631813) Sicherheitsupdate für Windows XP (KB2633171) Sicherheitsupdate für Windows XP (KB2639417) Sicherheitsupdate für Windows XP (KB2641653) Sicherheitsupdate für Windows XP (KB2646524) Sicherheitsupdate für Windows XP (KB2647518) Sicherheitsupdate für Windows XP (KB2653956) Sicherheitsupdate für Windows XP (KB2655992) Sicherheitsupdate für Windows XP (KB2659262) Sicherheitsupdate für Windows XP (KB2660465) Sicherheitsupdate für Windows XP (KB2661637) Sicherheitsupdate für Windows XP (KB2676562) Sicherheitsupdate für Windows XP (KB2685939) Sicherheitsupdate für Windows XP (KB2686509) Sicherheitsupdate für Windows XP (KB2691442) Sicherheitsupdate für Windows XP (KB2695962) Sicherheitsupdate für Windows XP (KB2698365) Sicherheitsupdate für Windows XP (KB2705219) Sicherheitsupdate für Windows XP (KB2707511) Sicherheitsupdate für Windows XP (KB2709162) Sicherheitsupdate für Windows XP (KB2712808) Sicherheitsupdate für Windows XP (KB2719985) Sicherheitsupdate für Windows XP (KB2723135) Sicherheitsupdate für Windows XP (KB2724197) Sicherheitsupdate für Windows XP (KB2731847) Sicherheitsupdate für Windows XP (KB923561) Sicherheitsupdate für Windows XP (KB923789) Sicherheitsupdate für Windows XP (KB941569) Sicherheitsupdate für Windows XP (KB946648) Sicherheitsupdate für Windows XP (KB950762) Sicherheitsupdate für Windows XP (KB950974) Sicherheitsupdate für Windows XP (KB951376-v2) Sicherheitsupdate für Windows XP (KB951748) Sicherheitsupdate für Windows XP (KB952004) Sicherheitsupdate für Windows XP (KB952954) Sicherheitsupdate für Windows XP (KB955069) Sicherheitsupdate für Windows XP (KB956572) Sicherheitsupdate für Windows XP (KB956744) Sicherheitsupdate für Windows XP (KB956802) Sicherheitsupdate für Windows XP (KB956803) Sicherheitsupdate für Windows XP (KB956844) Sicherheitsupdate für Windows XP (KB958644) Sicherheitsupdate für Windows XP (KB958869) Sicherheitsupdate für Windows XP (KB959426) Sicherheitsupdate für Windows XP (KB960225) Sicherheitsupdate für Windows XP (KB960803) Sicherheitsupdate für Windows XP (KB960859) Sicherheitsupdate für Windows XP (KB961501) Sicherheitsupdate für Windows XP (KB969059) Sicherheitsupdate für Windows XP (KB970238) Sicherheitsupdate für Windows XP (KB970430) Sicherheitsupdate für Windows XP (KB971468) Sicherheitsupdate für Windows XP (KB971657) Sicherheitsupdate für Windows XP (KB972270) Sicherheitsupdate für Windows XP (KB973507) Sicherheitsupdate für Windows XP (KB973869) Sicherheitsupdate für Windows XP (KB973904) Sicherheitsupdate für Windows XP (KB974112) Sicherheitsupdate für Windows XP (KB974318) Sicherheitsupdate für Windows XP (KB974392) Sicherheitsupdate für Windows XP (KB974571) Sicherheitsupdate für Windows XP (KB975025) Sicherheitsupdate für Windows XP (KB975467) Sicherheitsupdate für Windows XP (KB975560) Sicherheitsupdate für Windows XP (KB975561) Sicherheitsupdate für Windows XP (KB975562) Sicherheitsupdate für Windows XP (KB975713) Sicherheitsupdate für Windows XP (KB977816) Sicherheitsupdate für Windows XP (KB977914) Sicherheitsupdate für Windows XP (KB978037) Sicherheitsupdate für Windows XP (KB978338) Sicherheitsupdate für Windows XP (KB978542) Sicherheitsupdate für Windows XP (KB978601) Sicherheitsupdate für Windows XP (KB978706) Sicherheitsupdate für Windows XP (KB979309) Sicherheitsupdate für Windows XP (KB979482) Sicherheitsupdate für Windows XP (KB979559) Sicherheitsupdate für Windows XP (KB979683) Sicherheitsupdate für Windows XP (KB979687) Sicherheitsupdate für Windows XP (KB980195) Sicherheitsupdate für Windows XP (KB980218) Sicherheitsupdate für Windows XP (KB980232) Sicherheitsupdate für Windows XP (KB980436) Sicherheitsupdate für Windows XP (KB981322) Sicherheitsupdate für Windows XP (KB981997) Sicherheitsupdate für Windows XP (KB982132) Sicherheitsupdate für Windows XP (KB982381) Sicherheitsupdate für Windows XP (KB982665) Skype™ 5.10 Spybot - Search & Destroy Update für Windows Internet Explorer 8 (KB2598845) Update für Windows XP (KB2345886) Update für Windows XP (KB2467659) Update für Windows XP (KB2541763) Update für Windows XP (KB2616676-v2) Update für Windows XP (KB2641690) Update für Windows XP (KB2661254-v2) Update für Windows XP (KB2718704) Update für Windows XP (KB2736233) Update für Windows XP (KB2749655) Update für Windows XP (KB951978) Update für Windows XP (KB955759) Update für Windows XP (KB967715) Update für Windows XP (KB968389) Update für Windows XP (KB971029) Update für Windows XP (KB971737) Update für Windows XP (KB973687) Update für Windows XP (KB973815) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 VIA Integrated Setup Wizard WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR Code:
ATTFilter # AdwCleaner v2.004 - Datei am 23/10/2012 um 21:21:51 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Freddy - FREDDOOF
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Freddy\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [820 octets] - [23/10/2012 21:21:51]
########## EOF - C:\AdwCleaner[S1].txt - [879 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.23.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Freddy :: FREDDOOF [Administrator] 23.10.2012 21:31:10 mbam-log-2012-10-23 (21-31-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199273 Laufzeit: 5 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
24.10.2012, 22:03
| #28 |
| /// TB-Ausbilder | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? In Ordnung. PC2 ist fertig. Wir räumen auf. Schritt 1: Defogger re-enable. Schritt 2: Combofix deinstallieren Schritt 3: AdwCleaner entfernen Schritt 4: ESET deinstallieren (Optional) Wir beginnen jetzt mit PC3. Schritt 1: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Customscan mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
26.10.2012, 19:17
| #29 |
| | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? Ok, PC2 ist aufgeräumt, hier nun die Scans von PC3 - wieder in 2 Teilen: TDSSKiller Log: Code:
ATTFilter 19:41:19.0275 4024 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:41:19.0291 4024 ============================================================
19:41:19.0291 4024 Current date / time: 2012/10/26 19:41:19.0291
19:41:19.0291 4024 SystemInfo:
19:41:19.0291 4024
19:41:19.0291 4024 OS Version: 6.1.7601 ServicePack: 1.0
19:41:19.0291 4024 Product type: Workstation
19:41:19.0291 4024 ComputerName: DEPP
19:41:19.0291 4024 UserName: Jörg
19:41:19.0291 4024 Windows directory: C:\Windows
19:41:19.0291 4024 System windows directory: C:\Windows
19:41:19.0291 4024 Running under WOW64
19:41:19.0291 4024 Processor architecture: Intel x64
19:41:19.0291 4024 Number of processors: 4
19:41:19.0291 4024 Page size: 0x1000
19:41:19.0291 4024 Boot type: Normal boot
19:41:19.0291 4024 ============================================================
19:41:21.0334 4024 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x19E0186, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000040
19:41:21.0334 4024 Drive \Device\Harddisk1\DR1 - Size: 0x3F140000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:41:21.0334 4024 ============================================================
19:41:21.0334 4024 \Device\Harddisk0\DR0:
19:41:21.0334 4024 MBR partitions:
19:41:21.0334 4024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:41:21.0334 4024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32FE8, BlocksNum 0xA06E8D0
19:41:21.0350 4024 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA0A20E4, BlocksNum 0x98FE424
19:41:21.0366 4024 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x139A0D34, BlocksNum 0xA2AD87C
19:41:21.0366 4024 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x1DC4ED94, BlocksNum 0x4DDD4EDC
19:41:21.0381 4024 \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x6BA23C74, BlocksNum 0x8CE313C
19:41:21.0381 4024 \Device\Harddisk1\DR1:
19:41:21.0381 4024 MBR partitions:
19:41:21.0381 4024 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1F89E0
19:41:21.0381 4024 ============================================================
19:41:21.0428 4024 C: <-> \Device\Harddisk0\DR0\Partition2
19:41:21.0444 4024 D: <-> \Device\Harddisk0\DR0\Partition3
19:41:21.0475 4024 E: <-> \Device\Harddisk0\DR0\Partition4
19:41:21.0490 4024 F: <-> \Device\Harddisk0\DR0\Partition5
19:41:21.0506 4024 G: <-> \Device\Harddisk0\DR0\Partition6
19:41:21.0506 4024 ============================================================
19:41:21.0506 4024 Initialize success
19:41:21.0506 4024 ============================================================
19:41:33.0268 3252 ============================================================
19:41:33.0268 3252 Scan started
19:41:33.0268 3252 Mode: Manual; TDLFS;
19:41:33.0268 3252 ============================================================
19:41:34.0267 3252 ================ Scan system memory ========================
19:41:34.0267 3252 System memory - ok
19:41:34.0267 3252 ================ Scan services =============================
19:41:34.0376 3252 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:41:34.0376 3252 1394ohci - ok
19:41:34.0392 3252 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:41:34.0392 3252 ACPI - ok
19:41:34.0407 3252 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:41:34.0407 3252 AcpiPmi - ok
19:41:34.0548 3252 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:41:34.0548 3252 AdobeFlashPlayerUpdateSvc - ok
19:41:34.0579 3252 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:41:34.0594 3252 adp94xx - ok
19:41:34.0610 3252 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:41:34.0626 3252 adpahci - ok
19:41:34.0657 3252 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:41:34.0657 3252 adpu320 - ok
19:41:34.0672 3252 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:41:34.0672 3252 AeLookupSvc - ok
19:41:34.0735 3252 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:41:34.0735 3252 AFD - ok
19:41:34.0813 3252 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:41:34.0813 3252 agp440 - ok
19:41:34.0860 3252 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:41:34.0860 3252 ALG - ok
19:41:34.0922 3252 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:41:34.0922 3252 aliide - ok
19:41:35.0016 3252 ALSysIO - ok
19:41:35.0094 3252 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:41:35.0094 3252 amdide - ok
19:41:35.0156 3252 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:41:35.0156 3252 AmdK8 - ok
19:41:35.0172 3252 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:41:35.0172 3252 AmdPPM - ok
19:41:35.0250 3252 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:41:35.0265 3252 amdsata - ok
19:41:35.0296 3252 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:41:35.0328 3252 amdsbs - ok
19:41:35.0343 3252 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:41:35.0343 3252 amdxata - ok
19:41:35.0421 3252 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:41:35.0437 3252 AppID - ok
19:41:35.0452 3252 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:41:35.0452 3252 AppIDSvc - ok
19:41:35.0484 3252 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:41:35.0499 3252 Appinfo - ok
19:41:35.0562 3252 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:41:35.0577 3252 AppMgmt - ok
19:41:35.0624 3252 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:41:35.0640 3252 arc - ok
19:41:35.0655 3252 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:41:35.0655 3252 arcsas - ok
19:41:35.0764 3252 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:41:35.0780 3252 aspnet_state - ok
19:41:35.0796 3252 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:41:35.0811 3252 AsyncMac - ok
19:41:35.0874 3252 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:41:35.0874 3252 atapi - ok
19:41:35.0967 3252 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:41:35.0983 3252 AudioEndpointBuilder - ok
19:41:35.0998 3252 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:41:35.0998 3252 AudioSrv - ok
19:41:36.0061 3252 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:41:36.0061 3252 AxInstSV - ok
19:41:36.0092 3252 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:41:36.0108 3252 b06bdrv - ok
19:41:36.0123 3252 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:41:36.0123 3252 b57nd60a - ok
19:41:36.0154 3252 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:41:36.0154 3252 BDESVC - ok
19:41:36.0170 3252 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:41:36.0170 3252 Beep - ok
19:41:36.0217 3252 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:41:36.0217 3252 BFE - ok
19:41:36.0232 3252 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:41:36.0248 3252 BITS - ok
19:41:36.0264 3252 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:41:36.0264 3252 blbdrive - ok
19:41:36.0295 3252 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:41:36.0295 3252 bowser - ok
19:41:36.0326 3252 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:41:36.0326 3252 BrFiltLo - ok
19:41:36.0326 3252 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:41:36.0326 3252 BrFiltUp - ok
19:41:36.0342 3252 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:41:36.0342 3252 Browser - ok
19:41:36.0357 3252 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:41:36.0357 3252 Brserid - ok
19:41:36.0373 3252 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:41:36.0373 3252 BrSerWdm - ok
19:41:36.0373 3252 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:41:36.0373 3252 BrUsbMdm - ok
19:41:36.0388 3252 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:41:36.0388 3252 BrUsbSer - ok
19:41:36.0404 3252 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:41:36.0404 3252 BTHMODEM - ok
19:41:36.0420 3252 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:41:36.0420 3252 bthserv - ok
19:41:36.0451 3252 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:41:36.0451 3252 cdfs - ok
19:41:36.0466 3252 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:41:36.0482 3252 cdrom - ok
19:41:36.0513 3252 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:41:36.0513 3252 CertPropSvc - ok
19:41:36.0513 3252 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:41:36.0513 3252 circlass - ok
19:41:36.0544 3252 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:41:36.0544 3252 CLFS - ok
19:41:36.0591 3252 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:41:36.0591 3252 clr_optimization_v2.0.50727_32 - ok
19:41:36.0622 3252 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:41:36.0622 3252 clr_optimization_v2.0.50727_64 - ok
19:41:36.0716 3252 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:41:36.0732 3252 clr_optimization_v4.0.30319_32 - ok
19:41:36.0747 3252 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:41:36.0747 3252 clr_optimization_v4.0.30319_64 - ok
19:41:36.0763 3252 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:41:36.0763 3252 CmBatt - ok
19:41:36.0794 3252 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:41:36.0794 3252 cmdide - ok
19:41:36.0810 3252 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:41:36.0810 3252 CNG - ok
19:41:36.0841 3252 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:41:36.0841 3252 Compbatt - ok
19:41:36.0856 3252 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:41:36.0856 3252 CompositeBus - ok
19:41:36.0872 3252 COMSysApp - ok
19:41:36.0872 3252 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:41:36.0872 3252 crcdisk - ok
19:41:36.0903 3252 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:41:36.0903 3252 CryptSvc - ok
19:41:36.0934 3252 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:41:36.0934 3252 CSC - ok
19:41:36.0966 3252 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:41:36.0966 3252 CscService - ok
19:41:36.0997 3252 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
19:41:36.0997 3252 CVirtA - ok
19:41:37.0059 3252 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\Cisco\VPNClient\cvpnd.exe
19:41:37.0059 3252 CVPND - ok
19:41:37.0075 3252 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
19:41:37.0075 3252 CVPNDRVA - ok
19:41:37.0106 3252 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:41:37.0122 3252 DcomLaunch - ok
19:41:37.0153 3252 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:41:37.0153 3252 defragsvc - ok
19:41:37.0168 3252 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:41:37.0168 3252 DfsC - ok
19:41:37.0200 3252 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:41:37.0200 3252 Dhcp - ok
19:41:37.0215 3252 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:41:37.0215 3252 discache - ok
19:41:37.0262 3252 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:41:37.0278 3252 Disk - ok
19:41:37.0371 3252 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
19:41:37.0371 3252 DNE - ok
19:41:37.0434 3252 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:41:37.0434 3252 Dnscache - ok
19:41:37.0465 3252 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:41:37.0465 3252 dot3svc - ok
19:41:37.0480 3252 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:41:37.0480 3252 DPS - ok
19:41:37.0512 3252 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:41:37.0512 3252 drmkaud - ok
19:41:37.0590 3252 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:41:37.0590 3252 dtsoftbus01 - ok
19:41:37.0636 3252 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:41:37.0636 3252 DXGKrnl - ok
19:41:37.0652 3252 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:41:37.0652 3252 EapHost - ok
19:41:37.0714 3252 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:41:37.0746 3252 ebdrv - ok
19:41:37.0761 3252 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:41:37.0777 3252 EFS - ok
19:41:38.0058 3252 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:41:38.0073 3252 ehRecvr - ok
19:41:38.0104 3252 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:41:38.0104 3252 ehSched - ok
19:41:38.0136 3252 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:41:38.0151 3252 elxstor - ok
19:41:38.0167 3252 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:41:38.0167 3252 ErrDev - ok
19:41:38.0214 3252 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:41:38.0229 3252 EventSystem - ok
19:41:38.0245 3252 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:41:38.0245 3252 exfat - ok
19:41:38.0292 3252 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:41:38.0292 3252 fastfat - ok
19:41:38.0370 3252 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:41:38.0385 3252 Fax - ok
19:41:38.0401 3252 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:41:38.0416 3252 fdc - ok
19:41:38.0494 3252 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:41:38.0494 3252 fdPHost - ok
19:41:38.0494 3252 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:41:38.0494 3252 FDResPub - ok
19:41:38.0510 3252 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:41:38.0510 3252 FileInfo - ok
19:41:38.0510 3252 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:41:38.0510 3252 Filetrace - ok
19:41:38.0526 3252 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:41:38.0526 3252 flpydisk - ok
19:41:38.0572 3252 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:41:38.0572 3252 FltMgr - ok
19:41:38.0604 3252 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:41:38.0604 3252 FontCache - ok
19:41:38.0682 3252 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:41:38.0697 3252 FontCache3.0.0.0 - ok
19:41:38.0713 3252 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:41:38.0713 3252 FsDepends - ok
19:41:38.0728 3252 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:41:38.0728 3252 Fs_Rec - ok
19:41:38.0760 3252 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:41:38.0775 3252 fvevol - ok
19:41:38.0791 3252 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:41:38.0791 3252 gagp30kx - ok
19:41:38.0806 3252 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:41:38.0822 3252 gpsvc - ok
19:41:38.0869 3252 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:41:38.0869 3252 gupdate - ok
19:41:38.0884 3252 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:41:38.0884 3252 gupdatem - ok
19:41:38.0900 3252 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:41:38.0900 3252 hcw85cir - ok
19:41:38.0947 3252 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:41:38.0947 3252 HdAudAddService - ok
19:41:38.0978 3252 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:41:38.0978 3252 HDAudBus - ok
19:41:38.0994 3252 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:41:38.0994 3252 HidBatt - ok
19:41:39.0009 3252 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:41:39.0009 3252 HidBth - ok
19:41:39.0025 3252 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:41:39.0025 3252 HidIr - ok
19:41:39.0040 3252 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:41:39.0040 3252 hidserv - ok
19:41:39.0056 3252 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:41:39.0056 3252 HidUsb - ok
19:41:39.0072 3252 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:41:39.0072 3252 hkmsvc - ok
19:41:39.0087 3252 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:41:39.0087 3252 HomeGroupListener - ok
19:41:39.0118 3252 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:41:39.0118 3252 HomeGroupProvider - ok
19:41:39.0134 3252 [ 502433044773567F6CE942F8E0A621CA ] HPMo4DE3 C:\Windows\system32\DRIVERS\HPMo4DE3.sys
19:41:39.0134 3252 HPMo4DE3 - ok
19:41:39.0181 3252 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:41:39.0181 3252 HpSAMD - ok
19:41:39.0196 3252 [ A635DDB3ED98953BB4D42079017B4E30 ] HPub4DE3 C:\Windows\system32\Drivers\HPub4DE3.sys
19:41:39.0196 3252 HPub4DE3 - ok
19:41:39.0228 3252 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:41:39.0228 3252 HTTP - ok
19:41:39.0259 3252 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:41:39.0259 3252 hwpolicy - ok
19:41:39.0290 3252 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:41:39.0290 3252 i8042prt - ok
19:41:39.0384 3252 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:41:39.0399 3252 iaStorV - ok
19:41:39.0430 3252 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:41:39.0446 3252 idsvc - ok
19:41:39.0477 3252 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:41:39.0477 3252 iirsp - ok
19:41:39.0493 3252 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:41:39.0508 3252 IKEEXT - ok
19:41:39.0508 3252 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:41:39.0508 3252 intelide - ok
19:41:39.0540 3252 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:41:39.0540 3252 intelppm - ok
19:41:39.0555 3252 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:41:39.0555 3252 IPBusEnum - ok
19:41:39.0571 3252 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:41:39.0571 3252 IpFilterDriver - ok
19:41:39.0586 3252 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:41:39.0586 3252 iphlpsvc - ok
19:41:39.0618 3252 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:41:39.0618 3252 IPMIDRV - ok
19:41:39.0618 3252 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:41:39.0618 3252 IPNAT - ok
19:41:39.0633 3252 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:41:39.0649 3252 IRENUM - ok
19:41:39.0664 3252 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:41:39.0664 3252 isapnp - ok
19:41:39.0696 3252 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:41:39.0711 3252 iScsiPrt - ok
19:41:39.0711 3252 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:41:39.0727 3252 kbdclass - ok
19:41:39.0742 3252 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:41:39.0742 3252 kbdhid - ok
19:41:39.0758 3252 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:41:39.0758 3252 KeyIso - ok
19:41:39.0774 3252 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:41:39.0774 3252 KSecDD - ok
19:41:39.0774 3252 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:41:39.0789 3252 KSecPkg - ok
19:41:39.0805 3252 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:41:39.0805 3252 ksthunk - ok
19:41:39.0867 3252 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:41:39.0883 3252 KtmRm - ok
19:41:39.0945 3252 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:41:39.0945 3252 LanmanServer - ok
19:41:39.0961 3252 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:41:39.0961 3252 LanmanWorkstation - ok
19:41:39.0992 3252 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:41:39.0992 3252 lltdio - ok
19:41:40.0008 3252 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:41:40.0008 3252 lltdsvc - ok
19:41:40.0023 3252 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:41:40.0023 3252 lmhosts - ok
19:41:40.0054 3252 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:41:40.0054 3252 LSI_FC - ok
19:41:40.0070 3252 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:41:40.0070 3252 LSI_SAS - ok
19:41:40.0070 3252 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:41:40.0070 3252 LSI_SAS2 - ok
19:41:40.0086 3252 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:41:40.0086 3252 LSI_SCSI - ok
19:41:40.0101 3252 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:41:40.0101 3252 luafv - ok
19:41:40.0132 3252 [ F2643036B225BA4621A965434478F35E ] MAUSBFASTTRACK C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
19:41:40.0164 3252 MAUSBFASTTRACK - ok
19:41:40.0179 3252 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:41:40.0179 3252 Mcx2Svc - ok
19:41:40.0195 3252 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:41:40.0195 3252 megasas - ok
19:41:40.0210 3252 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:41:40.0210 3252 MegaSR - ok
19:41:40.0242 3252 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:41:40.0242 3252 MMCSS - ok
19:41:40.0257 3252 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:41:40.0257 3252 Modem - ok
19:41:40.0273 3252 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:41:40.0273 3252 monitor - ok
19:41:40.0288 3252 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:41:40.0288 3252 mouclass - ok
19:41:40.0304 3252 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:41:40.0304 3252 mouhid - ok
19:41:40.0335 3252 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:41:40.0335 3252 mountmgr - ok
19:41:40.0366 3252 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:41:40.0382 3252 MozillaMaintenance - ok
19:41:40.0413 3252 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:41:40.0413 3252 MpFilter - ok
19:41:40.0476 3252 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:41:40.0491 3252 mpio - ok
19:41:40.0507 3252 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:41:40.0507 3252 mpsdrv - ok
19:41:40.0538 3252 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:41:40.0538 3252 MpsSvc - ok
19:41:40.0554 3252 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:41:40.0554 3252 MRxDAV - ok
19:41:40.0585 3252 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:41:40.0585 3252 mrxsmb - ok
19:41:40.0600 3252 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:41:40.0616 3252 mrxsmb10 - ok
19:41:40.0632 3252 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:41:40.0647 3252 mrxsmb20 - ok
19:41:40.0663 3252 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:41:40.0663 3252 msahci - ok
19:41:40.0710 3252 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
19:41:40.0710 3252 MSCamSvc - ok
19:41:40.0725 3252 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:41:40.0725 3252 msdsm - ok
19:41:40.0741 3252 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:41:40.0741 3252 MSDTC - ok
19:41:40.0772 3252 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:41:40.0772 3252 Msfs - ok
19:41:40.0788 3252 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:41:40.0788 3252 mshidkmdf - ok
19:41:40.0897 3252 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:41:40.0897 3252 msisadrv - ok
19:41:40.0912 3252 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:41:40.0928 3252 MSiSCSI - ok
19:41:40.0928 3252 msiserver - ok
19:41:40.0944 3252 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:41:40.0944 3252 MSKSSRV - ok
19:41:41.0037 3252 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:41:41.0037 3252 MsMpSvc - ok
19:41:41.0084 3252 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:41:41.0084 3252 MSPCLOCK - ok
19:41:41.0084 3252 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:41:41.0084 3252 MSPQM - ok
19:41:41.0131 3252 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:41:41.0146 3252 MsRPC - ok
19:41:41.0178 3252 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:41:41.0178 3252 mssmbios - ok
19:41:41.0178 3252 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:41:41.0178 3252 MSTEE - ok
19:41:41.0193 3252 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:41:41.0193 3252 MTConfig - ok
19:41:41.0224 3252 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:41:41.0224 3252 MTsensor - ok
19:41:41.0256 3252 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:41:41.0256 3252 Mup - ok
19:41:41.0271 3252 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:41:41.0271 3252 napagent - ok
19:41:41.0302 3252 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:41:41.0302 3252 NativeWifiP - ok
19:41:41.0349 3252 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:41:41.0365 3252 NDIS - ok
19:41:41.0380 3252 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:41:41.0380 3252 NdisCap - ok
19:41:41.0396 3252 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:41:41.0396 3252 NdisTapi - ok
19:41:41.0427 3252 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:41:41.0427 3252 Ndisuio - ok
19:41:41.0443 3252 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:41:41.0443 3252 NdisWan - ok
19:41:41.0474 3252 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:41:41.0474 3252 NDProxy - ok
19:41:41.0490 3252 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:41:41.0490 3252 NetBIOS - ok
19:41:41.0505 3252 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:41:41.0505 3252 NetBT - ok
19:41:41.0521 3252 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:41:41.0521 3252 Netlogon - ok
19:41:41.0583 3252 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:41:41.0583 3252 Netman - ok
19:41:41.0614 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:41:41.0630 3252 NetMsmqActivator - ok
19:41:41.0630 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:41:41.0646 3252 NetPipeActivator - ok
19:41:41.0646 3252 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:41:41.0661 3252 netprofm - ok
19:41:41.0661 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:41:41.0661 3252 NetTcpActivator - ok
19:41:41.0661 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:41:41.0661 3252 NetTcpPortSharing - ok
19:41:41.0692 3252 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:41:41.0692 3252 nfrd960 - ok
19:41:41.0973 3252 [ 0BCB418C2906852C6F9347A258FD5711 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
19:41:42.0160 3252 NIHardwareService - ok
19:41:43.0096 3252 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:41:43.0096 3252 NisDrv - ok
19:41:43.0206 3252 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:41:43.0221 3252 NisSrv - ok
19:41:43.0268 3252 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:41:43.0268 3252 NlaSvc - ok
19:41:43.0299 3252 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:41:43.0315 3252 Npfs - ok
19:41:43.0330 3252 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:41:43.0330 3252 nsi - ok
19:41:43.0346 3252 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:41:43.0346 3252 nsiproxy - ok
19:41:43.0424 3252 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:41:43.0455 3252 Ntfs - ok
19:41:43.0471 3252 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:41:43.0471 3252 Null - ok
19:41:43.0502 3252 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
19:41:43.0502 3252 NVENETFD - ok
19:41:43.0564 3252 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:41:43.0564 3252 NVHDA - ok
19:41:43.0923 3252 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:41:43.0986 3252 nvlddmkm - ok
19:41:44.0048 3252 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
19:41:44.0048 3252 NVNET - ok
19:41:44.0079 3252 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:41:44.0079 3252 nvraid - ok
19:41:44.0110 3252 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:41:44.0110 3252 nvstor - ok
19:41:44.0188 3252 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:41:44.0204 3252 nvsvc - ok
19:41:44.0298 3252 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:41:44.0313 3252 nvUpdatusService - ok
19:41:44.0313 3252 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:41:44.0329 3252 nv_agp - ok
19:41:44.0391 3252 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:41:44.0391 3252 odserv - ok
19:41:44.0422 3252 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:41:44.0438 3252 ohci1394 - ok
19:41:44.0485 3252 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:41:44.0485 3252 ose - ok
19:41:44.0500 3252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:41:44.0516 3252 p2pimsvc - ok
19:41:44.0516 3252 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:41:44.0532 3252 p2psvc - ok
19:41:44.0547 3252 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:41:44.0547 3252 Parport - ok
19:41:44.0563 3252 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:41:44.0563 3252 partmgr - ok
19:41:44.0578 3252 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:41:44.0578 3252 PcaSvc - ok
19:41:44.0594 3252 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:41:44.0594 3252 pci - ok
19:41:44.0610 3252 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:41:44.0610 3252 pciide - ok
19:41:44.0625 3252 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:41:44.0625 3252 pcmcia - ok
19:41:44.0641 3252 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:41:44.0641 3252 pcw - ok
19:41:44.0641 3252 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:41:44.0656 3252 PEAUTH - ok
19:41:44.0688 3252 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:41:44.0688 3252 PeerDistSvc - ok
19:41:44.0781 3252 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:41:44.0781 3252 PerfHost - ok
19:41:44.0828 3252 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:41:44.0844 3252 pla - ok
19:41:44.0875 3252 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:41:44.0875 3252 PlugPlay - ok
19:41:44.0922 3252 PnkBstrA - ok
19:41:44.0953 3252 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:41:44.0968 3252 PNRPAutoReg - ok
19:41:45.0000 3252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:41:45.0000 3252 PNRPsvc - ok
19:41:45.0046 3252 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:41:45.0046 3252 PolicyAgent - ok
19:41:45.0062 3252 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:41:45.0062 3252 Power - ok
19:41:45.0093 3252 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:41:45.0093 3252 PptpMiniport - ok
19:41:45.0109 3252 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:41:45.0124 3252 Processor - ok
19:41:45.0140 3252 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:41:45.0156 3252 ProfSvc - ok
19:41:45.0156 3252 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:41:45.0156 3252 ProtectedStorage - ok
19:41:45.0187 3252 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:41:45.0187 3252 Psched - ok
19:41:45.0218 3252 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:41:45.0234 3252 ql2300 - ok
19:41:45.0249 3252 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:41:45.0249 3252 ql40xx - ok
19:41:45.0265 3252 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:41:45.0265 3252 QWAVE - ok
19:41:45.0280 3252 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:41:45.0280 3252 QWAVEdrv - ok
19:41:45.0280 3252 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:41:45.0280 3252 RasAcd - ok
19:41:45.0312 3252 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:41:45.0312 3252 RasAgileVpn - ok
19:41:45.0312 3252 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:41:45.0312 3252 RasAuto - ok
19:41:45.0343 3252 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:41:45.0343 3252 Rasl2tp - ok
19:41:45.0358 3252 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:41:45.0358 3252 RasMan - ok
19:41:45.0358 3252 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:41:45.0374 3252 RasPppoe - ok
19:41:45.0374 3252 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:41:45.0374 3252 RasSstp - ok
19:41:45.0405 3252 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:41:45.0405 3252 rdbss - ok
19:41:45.0421 3252 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:41:45.0421 3252 rdpbus - ok
19:41:45.0436 3252 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:41:45.0436 3252 RDPCDD - ok
19:41:45.0452 3252 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:41:45.0452 3252 RDPDR - ok
19:41:45.0468 3252 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:41:45.0468 3252 RDPENCDD - ok
19:41:45.0483 3252 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:41:45.0483 3252 RDPREFMP - ok
19:41:45.0499 3252 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:41:45.0499 3252 RDPWD - ok
19:41:45.0530 3252 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:41:45.0530 3252 rdyboost - ok
19:41:45.0561 3252 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:41:45.0561 3252 RemoteAccess - ok
19:41:45.0577 3252 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:41:45.0577 3252 RemoteRegistry - ok
19:41:45.0592 3252 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:41:45.0592 3252 RpcEptMapper - ok
19:41:45.0608 3252 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:41:45.0608 3252 RpcLocator - ok
19:41:45.0639 3252 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:41:45.0639 3252 RpcSs - ok
19:41:45.0702 3252 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:41:45.0702 3252 rspndr - ok
19:41:45.0748 3252 [ A332DB1DAC07E95667A57AAEEC236C37 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
19:41:45.0764 3252 RTL8192su - ok
19:41:45.0795 3252 [ C92E383CDAFE94B0DA30CBFCD561ECF8 ] s1039bus C:\Windows\system32\DRIVERS\s1039bus.sys
19:41:45.0795 3252 s1039bus - ok
19:41:45.0858 3252 [ CBACDDCE5FD32310FD5855E1FD8517E8 ] s1039mdfl C:\Windows\system32\DRIVERS\s1039mdfl.sys
19:41:45.0858 3252 s1039mdfl - ok
19:41:45.0951 3252 [ A339F1E0BC7AF29B2FDBA32AE4B9FCA4 ] s1039mdm C:\Windows\system32\DRIVERS\s1039mdm.sys
19:41:45.0982 3252 s1039mdm - ok
19:41:46.0092 3252 [ 84E260AAD1BB19DFCC0DD333CB83BBA7 ] s1039mgmt C:\Windows\system32\DRIVERS\s1039mgmt.sys
19:41:46.0107 3252 s1039mgmt - ok
19:41:46.0170 3252 [ 0772F403D615563E9D8D32BA7A132D1E ] s1039nd5 C:\Windows\system32\DRIVERS\s1039nd5.sys
19:41:46.0201 3252 s1039nd5 - ok
19:41:46.0310 3252 [ 134EDBCE4DACD749FC508AFE1C512D09 ] s1039obex C:\Windows\system32\DRIVERS\s1039obex.sys
19:41:46.0341 3252 s1039obex - ok
19:41:46.0419 3252 [ BC54B27EC3900328BC390E98BBFC9D3A ] s1039unic C:\Windows\system32\DRIVERS\s1039unic.sys
19:41:46.0419 3252 s1039unic - ok
19:41:46.0466 3252 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:41:46.0482 3252 s3cap - ok
19:41:46.0513 3252 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:41:46.0513 3252 SamSs - ok
19:41:46.0560 3252 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:41:46.0575 3252 sbp2port - ok
19:41:46.0825 3252 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:41:46.0840 3252 SBSDWSCService - ok
19:41:46.0887 3252 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:41:46.0887 3252 SCardSvr - ok
19:41:46.0918 3252 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:41:46.0918 3252 scfilter - ok
19:41:47.0012 3252 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:41:47.0028 3252 Schedule - ok
19:41:47.0059 3252 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:41:47.0059 3252 SCPolicySvc - ok
19:41:47.0074 3252 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:41:47.0074 3252 SDRSVC - ok
19:41:47.0106 3252 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:41:47.0106 3252 secdrv - ok
19:41:47.0106 3252 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:41:47.0106 3252 seclogon - ok
19:41:47.0137 3252 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:41:47.0137 3252 SENS - ok
19:41:47.0137 3252 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:41:47.0137 3252 SensrSvc - ok
19:41:47.0168 3252 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:41:47.0184 3252 Serenum - ok
19:41:47.0199 3252 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:41:47.0199 3252 Serial - ok
19:41:47.0215 3252 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:41:47.0215 3252 sermouse - ok
19:41:47.0246 3252 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:41:47.0246 3252 SessionEnv - ok
19:41:47.0277 3252 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:41:47.0277 3252 sffdisk - ok
19:41:47.0277 3252 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:41:47.0277 3252 sffp_mmc - ok
19:41:47.0293 3252 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:41:47.0293 3252 sffp_sd - ok
19:41:47.0308 3252 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:41:47.0308 3252 sfloppy - ok
19:41:47.0324 3252 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:41:47.0324 3252 SharedAccess - ok
19:41:47.0340 3252 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:41:47.0355 3252 ShellHWDetection - ok
19:41:47.0371 3252 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:41:47.0371 3252 SiSRaid2 - ok
19:41:47.0386 3252 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:41:47.0386 3252 SiSRaid4 - ok
19:41:47.0418 3252 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:41:47.0418 3252 SkypeUpdate - ok
19:41:47.0433 3252 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:41:47.0433 3252 Smb - ok
19:41:47.0464 3252 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:41:47.0464 3252 SNMPTRAP - ok
19:41:47.0480 3252 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:41:47.0480 3252 spldr - ok
19:41:47.0496 3252 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:41:47.0511 3252 Spooler - ok
19:41:47.0574 3252 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:41:47.0605 3252 sppsvc - ok
19:41:47.0620 3252 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:41:47.0620 3252 sppuinotify - ok
19:41:47.0636 3252 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:41:47.0652 3252 srv - ok
19:41:47.0667 3252 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:41:47.0667 3252 srv2 - ok
19:41:47.0683 3252 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:41:47.0683 3252 srvnet - ok
19:41:47.0714 3252 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:41:47.0714 3252 SSDPSRV - ok
19:41:47.0714 3252 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:41:47.0730 3252 SstpSvc - ok
19:41:47.0792 3252 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:41:47.0792 3252 Stereo Service - ok
19:41:47.0808 3252 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:41:47.0823 3252 stexstor - ok
19:41:47.0870 3252 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:41:47.0964 3252 stisvc - ok
19:41:47.0979 3252 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:41:47.0979 3252 storflt - ok
19:41:47.0995 3252 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
19:41:47.0995 3252 StorSvc - ok
19:41:48.0010 3252 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:41:48.0010 3252 storvsc - ok
19:41:48.0026 3252 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:41:48.0026 3252 swenum - ok
19:41:48.0088 3252 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:41:48.0120 3252 swprv - ok
19:41:48.0151 3252 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:41:48.0166 3252 SysMain - ok
19:41:48.0182 3252 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:41:48.0182 3252 TabletInputService - ok
19:41:48.0213 3252 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:41:48.0213 3252 TapiSrv - ok
19:41:48.0229 3252 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:41:48.0229 3252 TBS - ok
19:41:48.0276 3252 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:41:48.0307 3252 Tcpip - ok
19:41:48.0354 3252 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:41:48.0369 3252 TCPIP6 - ok
19:41:48.0385 3252 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:41:48.0385 3252 tcpipreg - ok
19:41:48.0400 3252 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:41:48.0400 3252 TDPIPE - ok
19:41:48.0416 3252 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:41:48.0416 3252 TDTCP - ok
19:41:48.0447 3252 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:41:48.0447 3252 tdx - ok
19:41:48.0478 3252 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:41:48.0478 3252 TermDD - ok
19:41:48.0494 3252 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:41:48.0525 3252 TermService - ok
19:41:48.0541 3252 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:41:48.0541 3252 Themes - ok
19:41:48.0556 3252 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:41:48.0556 3252 THREADORDER - ok
19:41:48.0572 3252 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:41:48.0572 3252 TrkWks - ok
19:41:48.0619 3252 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
19:41:48.0619 3252 truecrypt - ok
19:41:48.0666 3252 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:41:48.0666 3252 TrustedInstaller - ok
19:41:48.0681 3252 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:41:48.0681 3252 tssecsrv - ok
19:41:48.0728 3252 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:41:48.0728 3252 TsUsbFlt - ok
19:41:48.0759 3252 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:41:48.0759 3252 tunnel - ok
19:41:48.0790 3252 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:41:48.0790 3252 uagp35 - ok
19:41:48.0806 3252 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:41:48.0806 3252 udfs - ok
19:41:48.0837 3252 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:41:48.0837 3252 UI0Detect - ok
19:41:48.0853 3252 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:41:48.0853 3252 uliagpkx - ok
19:41:48.0868 3252 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:41:48.0868 3252 umbus - ok
19:41:48.0884 3252 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:41:48.0884 3252 UmPass - ok
19:41:48.0900 3252 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:41:48.0900 3252 UmRdpService - ok
19:41:48.0915 3252 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:41:48.0915 3252 upnphost - ok
19:41:48.0931 3252 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:41:48.0931 3252 usbaudio - ok
19:41:48.0946 3252 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:41:48.0962 3252 usbccgp - ok
19:41:48.0978 3252 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:41:48.0978 3252 usbcir - ok
19:41:48.0978 3252 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:41:48.0978 3252 usbehci - ok
19:41:49.0009 3252 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:41:49.0009 3252 usbhub - ok
19:41:49.0024 3252 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:41:49.0024 3252 usbohci - ok
19:41:49.0056 3252 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:41:49.0056 3252 usbprint - ok
19:41:49.0071 3252 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:41:49.0071 3252 USBSTOR - ok
19:41:49.0087 3252 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:41:49.0087 3252 usbuhci - ok
19:41:49.0118 3252 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:41:49.0118 3252 UxSms - ok
19:41:49.0134 3252 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:41:49.0134 3252 VaultSvc - ok
19:41:49.0149 3252 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:41:49.0165 3252 vdrvroot - ok
19:41:49.0196 3252 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:41:49.0196 3252 vds - ok
19:41:49.0227 3252 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:41:49.0227 3252 vga - ok
19:41:49.0243 3252 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:41:49.0243 3252 VgaSave - ok
19:41:49.0243 3252 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:41:49.0243 3252 vhdmp - ok
19:41:49.0258 3252 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:41:49.0258 3252 viaide - ok
19:41:49.0274 3252 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:41:49.0274 3252 vmbus - ok
19:41:49.0290 3252 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:41:49.0290 3252 VMBusHID - ok
19:41:49.0305 3252 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:41:49.0305 3252 volmgr - ok
19:41:49.0321 3252 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:41:49.0321 3252 volmgrx - ok
19:41:49.0336 3252 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:41:49.0336 3252 volsnap - ok
19:41:49.0368 3252 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:41:49.0368 3252 vsmraid - ok
19:41:49.0399 3252 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:41:49.0414 3252 VSS - ok
19:41:49.0430 3252 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:41:49.0430 3252 vwifibus - ok
19:41:49.0461 3252 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:41:49.0461 3252 vwififlt - ok
19:41:49.0539 3252 [ CE6C085771812D5EE863CC7EF93CAEF2 ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys
19:41:49.0555 3252 VX1000 - ok
19:41:49.0586 3252 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:41:49.0602 3252 W32Time - ok
19:41:49.0617 3252 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:41:49.0617 3252 WacomPen - ok
19:41:49.0648 3252 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:41:49.0648 3252 WANARP - ok
19:41:49.0664 3252 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:41:49.0664 3252 Wanarpv6 - ok
19:41:49.0695 3252 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:41:49.0711 3252 wbengine - ok
19:41:49.0742 3252 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:41:49.0742 3252 WbioSrvc - ok
19:41:49.0758 3252 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:41:49.0773 3252 wcncsvc - ok
19:41:49.0789 3252 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:41:49.0789 3252 WcsPlugInService - ok
19:41:49.0820 3252 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:41:49.0820 3252 Wd - ok
19:41:49.0836 3252 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:41:49.0836 3252 Wdf01000 - ok
19:41:49.0851 3252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:41:49.0851 3252 WdiServiceHost - ok
19:41:49.0851 3252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:41:49.0851 3252 WdiSystemHost - ok
19:41:49.0867 3252 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:41:49.0867 3252 WebClient - ok
19:41:49.0882 3252 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:41:49.0882 3252 Wecsvc - ok
19:41:49.0898 3252 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:41:49.0898 3252 wercplsupport - ok
19:41:49.0929 3252 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:41:49.0945 3252 WerSvc - ok
19:41:49.0976 3252 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:41:49.0976 3252 WfpLwf - ok
19:41:50.0007 3252 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:41:50.0007 3252 WIMMount - ok
19:41:50.0023 3252 WinDefend - ok
19:41:50.0038 3252 WinHttpAutoProxySvc - ok
19:41:50.0101 3252 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:41:50.0116 3252 Winmgmt - ok
19:41:50.0210 3252 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:41:50.0241 3252 WinRM - ok
19:41:50.0272 3252 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:41:50.0288 3252 WinUsb - ok
19:41:50.0319 3252 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:41:50.0335 3252 Wlansvc - ok
19:41:50.0350 3252 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:41:50.0350 3252 WmiAcpi - ok
19:41:50.0382 3252 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:41:50.0382 3252 wmiApSrv - ok
19:41:50.0413 3252 WMPNetworkSvc - ok
19:41:50.0413 3252 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:41:50.0413 3252 WPCSvc - ok
19:41:50.0444 3252 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:41:50.0444 3252 WPDBusEnum - ok
19:41:50.0460 3252 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:41:50.0475 3252 ws2ifsl - ok
19:41:50.0491 3252 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:41:50.0491 3252 wscsvc - ok
19:41:50.0491 3252 WSearch - ok
19:41:50.0538 3252 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:41:50.0569 3252 wuauserv - ok
19:41:50.0584 3252 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:41:50.0584 3252 WudfPf - ok
19:41:50.0616 3252 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:41:50.0616 3252 WUDFRd - ok
19:41:50.0631 3252 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:41:50.0631 3252 wudfsvc - ok
19:41:50.0662 3252 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:41:50.0662 3252 WwanSvc - ok
19:41:50.0678 3252 ================ Scan global ===============================
19:41:50.0694 3252 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:41:50.0725 3252 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:41:50.0740 3252 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:41:50.0740 3252 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:41:50.0756 3252 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:41:50.0756 3252 [Global] - ok
19:41:50.0756 3252 ================ Scan MBR ==================================
19:41:50.0772 3252 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:41:51.0474 3252 \Device\Harddisk0\DR0 - ok
19:41:51.0474 3252 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
19:41:58.0088 3252 \Device\Harddisk1\DR1 - ok
19:41:58.0088 3252 ================ Scan VBR ==================================
19:41:58.0104 3252 [ D242BBF09E716E1451100B56D0C11F87 ] \Device\Harddisk0\DR0\Partition1
19:41:58.0119 3252 \Device\Harddisk0\DR0\Partition1 - ok
19:41:58.0119 3252 [ 904706D1D8F8BAE777675AADDAA30F97 ] \Device\Harddisk0\DR0\Partition2
19:41:58.0119 3252 \Device\Harddisk0\DR0\Partition2 - ok
19:41:58.0119 3252 [ EDF021246E0414E9F79353B749BF2251 ] \Device\Harddisk0\DR0\Partition3
19:41:58.0135 3252 \Device\Harddisk0\DR0\Partition3 - ok
19:41:58.0150 3252 [ B7B1399CDA6767F0F91F5DDE1931E4E7 ] \Device\Harddisk0\DR0\Partition4
19:41:58.0150 3252 \Device\Harddisk0\DR0\Partition4 - ok
19:41:58.0166 3252 [ 694959334304356416879637C7CC2507 ] \Device\Harddisk0\DR0\Partition5
19:41:58.0166 3252 \Device\Harddisk0\DR0\Partition5 - ok
19:41:58.0182 3252 [ A782FF88000B0785D6E231DE509FB8D0 ] \Device\Harddisk0\DR0\Partition6
19:41:58.0182 3252 \Device\Harddisk0\DR0\Partition6 - ok
19:41:58.0182 3252 [ B5A37EEEF3155EB738E07EB53FFCFBB7 ] \Device\Harddisk1\DR1\Partition1
19:41:58.0182 3252 \Device\Harddisk1\DR1\Partition1 - ok
19:41:58.0197 3252 ============================================================
19:41:58.0197 3252 Scan finished
19:41:58.0197 3252 ============================================================
19:41:58.0197 3256 Detected object count: 0
19:41:58.0197 3256 Actual detected object count: 0
19:43:07.0965 3564 Deinitialize success
Code:
ATTFilter # AdwCleaner v2.004 - Datei am 26/10/2012 um 19:50:10 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Jörg - DEPP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jörg\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Jörg\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Jörg\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Jörg\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Jörg\AppData\Roaming\loadtbs
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\6j61c987.default\prefs.js
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=C[...]
Gelöscht : user_pref("tfp.CT2319825", true);
*************************
AdwCleaner[R1].txt - [3074 octets] - [26/10/2012 19:43:42]
AdwCleaner[S1].txt - [2885 octets] - [26/10/2012 19:50:10]
########## EOF - C:\AdwCleaner[S1].txt - [2945 octets] ##########
Geändert von yoork (26.10.2012 um 19:23 Uhr) |
|
26.10.2012, 19:18
| #30 |
| | T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? OTL Log: Code:
ATTFilter OTL logfile created on: 26.10.2012 20:01:26 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jörg\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,48% Memory free 8,00 Gb Paging File | 6,87 Gb Available in Paging File | 85,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 80,22 Gb Total Space | 33,55 Gb Free Space | 41,82% Space Free | Partition Type: NTFS Drive D: | 76,50 Gb Total Space | 4,37 Gb Free Space | 5,72% Space Free | Partition Type: NTFS Drive E: | 81,34 Gb Total Space | 25,50 Gb Free Space | 31,35% Space Free | Partition Type: NTFS Drive F: | 622,92 Gb Total Space | 445,52 Gb Free Space | 71,52% Space Free | Partition Type: NTFS Drive G: | 70,44 Gb Total Space | 22,46 Gb Free Space | 31,89% Space Free | Partition Type: NTFS Drive K: | 1005,23 Mb Total Space | 935,55 Mb Free Space | 93,07% Space Free | Partition Type: FAT32 Computer Name: DEPP | User Name: Jörg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jörg\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Cisco\VPNClient\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\vVX1000.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (CVPND) -- C:\Program Files (x86)\Cisco\VPNClient\cvpnd.exe (Cisco Systems, Inc.) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (MAUSBFASTTRACK) -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys (Avid Technology, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (s1039unic) -- C:\Windows\SysNative\drivers\s1039unic.sys (MCCI Corporation) DRV:64bit: - (s1039obex) -- C:\Windows\SysNative\drivers\s1039obex.sys (MCCI Corporation) DRV:64bit: - (s1039nd5) -- C:\Windows\SysNative\drivers\s1039nd5.sys (MCCI Corporation) DRV:64bit: - (s1039mgmt) -- C:\Windows\SysNative\drivers\s1039mgmt.sys (MCCI Corporation) DRV:64bit: - (s1039mdm) -- C:\Windows\SysNative\drivers\s1039mdm.sys (MCCI Corporation) DRV:64bit: - (s1039mdfl) -- C:\Windows\SysNative\drivers\s1039mdfl.sys (MCCI Corporation) DRV:64bit: - (s1039bus) -- C:\Windows\SysNative\drivers\s1039bus.sys (MCCI Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3831809362-3858447475-1775678743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3831809362-3858447475-1775678743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3831809362-3858447475-1775678743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3831809362-3858447475-1775678743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 40 C5 DF 2A 05 CD 01 [binary data] IE - HKU\S-1-5-21-3831809362-3858447475-1775678743-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-3831809362-3858447475-1775678743-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3831809362-3858447475-1775678743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4 FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: {a3a5c777-f583-4fef-9380-ab4add1bc2a8}:4.3 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..network.proxy.autoconfig_url: "206.208.183.97" FF - prefs.js..network.proxy.http: "206.208.183.97" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.26 23:13:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.14 20:32:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.16 22:57:33 | 000,000,000 | ---D | M] [2012.03.18 19:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions [2012.09.20 21:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6j61c987.default\extensions [2012.09.20 21:22:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6j61c987.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.09.20 21:22:23 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6j61c987.default\extensions\ich@maltegoetz.de [2012.05.16 22:57:33 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6j61c987.default\extensions\software@loadtubes.com [2012.06.24 09:38:36 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\6j61c987.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.09.14 20:15:44 | 000,024,018 | ---- | M] () (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\6j61c987.default\extensions\customization@adblockplus.org.xpi [2012.09.14 20:15:46 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\6j61c987.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.03.18 19:34:47 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\6j61c987.default\extensions\youtube2mp3@mondayx.de.xpi [2012.09.20 04:28:52 | 000,013,822 | ---- | M] () (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\6j61c987.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi [2012.09.14 20:18:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\6j61c987.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.18 19:34:54 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\6j61c987.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.10.02 15:43:33 | 000,005,335 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\6j61c987.default\searchplugins\thomann-de.xml [2012.03.18 21:21:40 | 000,001,330 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\6j61c987.default\searchplugins\wikipedia-en.xml [2012.03.18 21:21:55 | 000,002,057 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\6j61c987.default\searchplugins\youtube-videosuche.xml [2012.03.18 19:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.26 23:13:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\USERS\JöRG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6J61C987.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI File not found (No name found) -- C:\USERS\JöRG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6J61C987.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D} File not found (No name found) -- C:\USERS\JöRG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6J61C987.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI File not found (No name found) -- C:\USERS\JöRG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6J61C987.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI File not found (No name found) -- C:\USERS\JöRG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6J61C987.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE File not found (No name found) -- C:\USERS\JöRG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6J61C987.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2012.09.14 20:32:53 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.05.16 22:57:26 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.14 20:32:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.14 19:34:44 | 000,444,411 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15262 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3831809362-3858447475-1775678743-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3831809362-3858447475-1775678743-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O4 - HKU\S-1-5-21-3831809362-3858447475-1775678743-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jörg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PC & Eee Sync.lnk = C:\Users\Jörg\Documents\FileSync Batches\PC und Eee.ffs_real () O4 - Startup: C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\USB Sync.lnk = C:\Users\Jörg\Documents\FileSync Batches\USB.ffs_real () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3831809362-3858447475-1775678743-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Fences\FencesMenu64.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{37b04cd1-798d-11e1-afcf-20cf30db0bbe}\Shell - "" = AutoRun O33 - MountPoints2\{37b04cd1-798d-11e1-afcf-20cf30db0bbe}\Shell\AutoRun\command - "" = K:\Startme.exe O33 - MountPoints2\{fc6de0a6-079c-11e2-8c8e-20cf30db0bbe}\Shell - "" = AutoRun O33 - MountPoints2\{fc6de0a6-079c-11e2-8c8e-20cf30db0bbe}\Shell\AutoRun\command - "" = J:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: SophosVirusRemovalTool - Reg Error: Value error. SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: SophosVirusRemovalTool - Reg Error: Value error. SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: SophosVirusRemovalTool - Reg Error: Value error. SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: SophosVirusRemovalTool - Reg Error: Value error. SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.26 19:41:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe [2012.10.26 19:41:08 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jörg\Desktop\tdsskiller.exe [2012.10.23 18:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2 [2012.10.23 18:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced IP Scanner v2 [2012.10.21 17:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.10.21 14:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.10.21 14:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.10.21 14:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.10.21 14:39:00 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\DVDVideoSoft [2012.10.21 14:14:10 | 000,057,344 | ---- | C] (Acrotech Solutions) -- C:\Windows\SysWow64\XButton.ocx [2012.10.14 19:38:43 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\Sony Ericsson [2012.10.14 19:38:09 | 000,161,904 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039mdm.sys [2012.10.14 19:38:09 | 000,158,320 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039unic.sys [2012.10.14 19:38:09 | 000,141,424 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039mgmt.sys [2012.10.14 19:38:09 | 000,137,328 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039obex.sys [2012.10.14 19:38:09 | 000,127,600 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039bus.sys [2012.10.14 19:38:09 | 000,034,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039nd5.sys [2012.10.14 19:38:09 | 000,019,568 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039mdfl.sys [2012.10.14 19:38:09 | 000,015,984 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039whnt.sys [2012.10.14 19:38:09 | 000,015,984 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039wh.sys [2012.10.14 19:38:09 | 000,015,472 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039cmnt.sys [2012.10.14 19:38:09 | 000,015,472 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039cm.sys [2012.10.14 19:38:09 | 000,014,960 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1039cr.sys [2012.10.14 19:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2012.10.14 19:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson [2012.10.14 19:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson [2012.10.14 19:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.10.13 15:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jörg\Desktop\Präsentation [2012.10.13 12:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012.10.13 10:51:42 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Malwarebytes [2012.10.13 10:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.13 10:51:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.13 10:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.10 21:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2012.10.03 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin [2012.10.03 17:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hugin [2012.10.03 12:19:12 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Canneverbe Limited [2012.10.03 12:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.10.03 12:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2012.09.30 15:04:24 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\webkit [2012.09.30 14:31:28 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\fontconfig [2012.09.30 14:31:18 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\gegl-0.2 [2012.09.30 14:31:18 | 000,000,000 | ---D | C] -- C:\Users\Jörg\.gimp-2.8 [2012.09.30 14:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.09.29 09:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Behringer FCB1010 MIDI PC Editor [187 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.26 19:58:26 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.26 19:58:26 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.26 19:55:23 | 001,619,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.26 19:55:23 | 000,699,864 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.26 19:55:23 | 000,654,576 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.26 19:55:23 | 000,148,660 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.26 19:55:23 | 000,121,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.26 19:51:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.26 19:50:56 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys [2012.10.26 19:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.24 22:06:52 | 000,000,147 | ---- | M] () -- C:\Windows\OUTSTACKER.INI [2012.10.23 18:48:04 | 000,000,044 | ---- | M] () -- C:\Users\Jörg\advanced_ip_scanner_MAC.bin [2012.10.14 19:46:08 | 000,000,440 | ---- | M] () -- C:\Windows\FCB1010.INI [2012.10.14 19:38:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.10.14 19:34:44 | 000,444,411 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.10.14 18:42:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jörg\Desktop\tdsskiller.exe [2012.10.14 10:14:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe [2012.10.14 10:14:20 | 000,538,327 | ---- | M] () -- C:\Users\Jörg\Desktop\adwcleaner.exe [2012.10.13 12:49:41 | 000,002,971 | ---- | M] () -- C:\Users\Jörg\Desktop\HiJackThis.lnk [2012.10.13 10:56:46 | 000,089,088 | ---- | M] () -- C:\Windows\SysNative\mbr.exe [2012.10.13 10:51:38 | 000,001,137 | ---- | M] () -- C:\Users\Jörg\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.10 16:46:55 | 000,302,592 | ---- | M] () -- C:\Users\Jörg\Desktop\0vbq0mf.exe [2012.10.04 17:18:03 | 000,030,530 | ---- | M] () -- C:\Users\Jörg\Documents\Reg Backup 04.10.12.reg [2012.10.03 16:29:47 | 000,028,884 | ---- | M] () -- C:\Users\Jörg\AppData\Local\recently-used.xbel [2012.09.30 10:43:18 | 000,000,146 | ---- | M] () -- C:\Users\Jörg\Desktop\Sound.lnk [2012.09.29 09:32:55 | 000,002,807 | ---- | M] () -- C:\Users\Jörg\Desktop\FCB1010 PC Editor.lnk [187 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.26 19:41:14 | 000,538,327 | ---- | C] () -- C:\Users\Jörg\Desktop\adwcleaner.exe [2012.10.23 18:48:04 | 000,000,044 | ---- | C] () -- C:\Users\Jörg\advanced_ip_scanner_MAC.bin [2012.10.14 19:38:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.10.13 15:12:47 | 000,001,137 | ---- | C] () -- C:\Users\Jörg\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.13 12:49:41 | 000,002,971 | ---- | C] () -- C:\Users\Jörg\Desktop\HiJackThis.lnk [2012.10.13 11:58:50 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\mbr.exe [2012.10.10 16:46:55 | 000,302,592 | ---- | C] () -- C:\Users\Jörg\Desktop\0vbq0mf.exe [2012.10.04 17:18:02 | 000,030,530 | ---- | C] () -- C:\Users\Jörg\Documents\Reg Backup 04.10.12.reg [2012.10.03 16:29:47 | 000,028,884 | ---- | C] () -- C:\Users\Jörg\AppData\Local\recently-used.xbel [2012.10.03 12:19:08 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.09.30 14:29:34 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.09.30 10:43:18 | 000,000,146 | ---- | C] () -- C:\Users\Jörg\Desktop\Sound.lnk [2012.09.29 09:32:55 | 000,002,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FCB1010 PC Editor.lnk [2012.09.29 09:32:55 | 000,002,807 | ---- | C] () -- C:\Users\Jörg\Desktop\FCB1010 PC Editor.lnk [2012.09.29 09:32:55 | 000,000,440 | ---- | C] () -- C:\Windows\FCB1010.INI [2012.09.29 08:03:11 | 000,000,147 | ---- | C] () -- C:\Windows\OUTSTACKER.INI [2012.09.14 20:15:14 | 000,000,532 | ---- | C] () -- C:\Users\Jörg\AppData\Roaming\All CPU MeterV3_Settings.ini [2012.06.08 10:43:11 | 000,007,633 | ---- | C] () -- C:\Users\Jörg\AppData\Local\Resmon.ResmonCfg [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.03.20 14:31:17 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2012.03.20 14:31:17 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2012.03.19 00:05:18 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.19 00:04:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.18 23:15:15 | 000,000,412 | ---- | C] () -- C:\Users\Jörg\AppData\Roaming\All CPU Meter_Settings.ini [2012.03.18 22:52:32 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.03.18 21:31:41 | 001,648,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.10 17:01:54 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\.purple [2012.03.18 20:37:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Auslogics [2012.10.03 12:19:12 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Canneverbe Limited [2012.10.04 17:17:33 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\DAEMON Tools Lite [2012.10.26 19:56:38 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Dropbox [2012.10.21 14:40:01 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\DVDVideoSoft [2012.09.20 14:12:38 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Foxit Software [2012.05.04 10:40:58 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\FreeFileSync [2012.09.30 13:26:50 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\gtk-2.0 [2012.10.24 22:06:52 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\MediaMonkey [2012.03.18 23:13:56 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Notepad++ [2012.03.18 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Origin [2012.03.24 13:54:51 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\PDF Writer [2012.03.18 23:14:18 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Stardock [2012.09.25 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\TrueCrypt [2012.10.04 17:17:33 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\TS3Client [2012.06.06 15:28:15 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\ts3overlay [2012.10.04 17:17:33 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.13 12:33:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.03.18 19:06:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.03.18 20:28:06 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.03.18 19:15:52 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.09.30 14:28:48 | 000,000,000 | R--D | M] -- C:\Program Files [2012.10.26 19:50:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.10.26 19:50:10 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.03.18 19:06:23 | 000,000,000 | -HSD | M] -- C:\Programme [2012.03.18 19:06:23 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.10.26 20:02:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.13 12:33:12 | 000,000,000 | R--D | M] -- C:\Users [2012.10.14 19:38:09 | 000,000,000 | ---D | M] -- C:\Windows < %SYSTEMDRIVE%\*.* > [2012.10.26 19:43:44 | 000,003,074 | ---- | M] () -- C:\AdwCleaner[R1].txt [2012.10.26 19:50:12 | 000,003,010 | ---- | M] () -- C:\AdwCleaner[S1].txt [2012.10.26 19:50:56 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys [2012.10.26 19:50:59 | 4294,156,288 | -HS- | M] () -- C:\pagefile.sys < %PROGRAMFILES%\*.exe > < %PROGRAMFILES(X86)%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /10 > [2012.10.21 17:22:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} [2012.10.23 18:32:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DA5DEB6B-E108-4652-BFEC-C9B95446F244} < %appdata%\*. > [2012.10.10 17:01:54 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\.purple [2012.03.18 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Adobe [2012.03.18 20:37:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Auslogics [2012.10.03 12:19:12 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Canneverbe Limited [2012.10.04 17:17:33 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\DAEMON Tools Lite [2012.10.26 19:56:38 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Dropbox [2012.10.21 14:40:01 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\DVDVideoSoft [2012.09.20 14:12:38 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Foxit Software [2012.05.04 10:40:58 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\FreeFileSync [2012.09.30 13:26:50 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\gtk-2.0 [2012.03.18 19:06:45 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Identities [2012.03.18 20:46:57 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Macromedia [2012.10.13 10:51:42 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Media Center Programs [2012.10.24 22:06:52 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\MediaMonkey [2012.09.23 10:27:32 | 000,000,000 | --SD | M] -- C:\Users\Jörg\AppData\Roaming\Microsoft [2012.03.18 19:22:24 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Mozilla [2012.03.18 23:13:56 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Notepad++ [2012.03.24 12:51:42 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\NVIDIA [2012.03.18 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Origin [2012.03.24 13:54:51 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\PDF Writer [2012.10.10 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Skype [2012.03.18 23:14:18 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Stardock [2012.09.25 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\TrueCrypt [2012.10.04 17:17:33 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\TS3Client [2012.06.06 15:28:15 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\ts3overlay [2012.10.04 17:17:33 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\uTorrent [2012.03.18 19:45:09 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\WinRAR < %appdata%\*.* > [2012.09.14 20:15:55 | 000,000,532 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\All CPU MeterV3_Settings.ini [2012.03.18 23:17:07 | 000,000,412 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\All CPU Meter_Settings.ini < %appdata%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jörg\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jörg\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.10.13 12:49:41 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Jörg\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2012.09.23 10:27:32 | 000,045,126 | R--- | M] () -- C:\Users\Jörg\AppData\Roaming\Microsoft\Installer\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}\_456E7DB42D3E86C9FA37EB.exe [2012.09.23 10:27:32 | 000,045,126 | R--- | M] () -- C:\Users\Jörg\AppData\Roaming\Microsoft\Installer\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}\_853F67D554F05449430E7E.exe [2012.09.23 10:27:32 | 000,045,126 | R--- | M] () -- C:\Users\Jörg\AppData\Roaming\Microsoft\Installer\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}\_925CC2DD83C5B192FD8874.exe < %localappdata%\*. > [2012.03.18 19:06:37 | 000,000,000 | -HSD | M] -- C:\Users\Jörg\AppData\Local\Anwendungsdaten [2012.04.26 23:15:18 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\DDMSettings [2012.09.24 09:08:16 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\ElevatedDiagnostics [2012.09.30 14:31:28 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\fontconfig [2012.09.30 14:31:18 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\gegl-0.2 [2012.03.19 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\Google [2012.03.26 19:56:41 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\Ironclad Games [2012.03.22 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\javasharedresources [2012.06.10 00:20:29 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\Macromedia [2012.03.19 12:55:04 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\MediaMonkey [2012.09.23 17:43:41 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\MetaGeek,_LLC [2012.06.20 14:20:45 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\Microsoft [2012.03.18 20:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\Microsoft Help [2012.03.18 19:21:52 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\Mozilla [2012.06.18 18:43:17 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\Native Instruments [2012.03.18 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\Origin [2012.03.18 23:13:12 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\PackageAware [2012.03.24 13:54:51 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\PDF Writer [2012.03.19 00:04:50 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\PunkBuster [2012.10.14 19:38:43 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\Sony Ericsson [2012.10.26 19:56:42 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\Temp [2012.03.18 19:06:37 | 000,000,000 | -HSD | M] -- C:\Users\Jörg\AppData\Local\Temporary Internet Files [2012.03.18 19:06:37 | 000,000,000 | -HSD | M] -- C:\Users\Jörg\AppData\Local\Verlauf [2012.03.18 19:06:42 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\VirtualStore [2012.09.30 15:04:24 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Local\webkit < %localappdata%\*.* > [2012.03.24 02:17:18 | 000,087,952 | ---- | M] () -- C:\Users\Jörg\AppData\Local\GDIPFONTCACHEV1.DAT [2012.10.26 19:50:18 | 008,883,888 | -H-- | M] () -- C:\Users\Jörg\AppData\Local\IconCache.db [2012.10.03 16:29:47 | 000,028,884 | ---- | M] () -- C:\Users\Jörg\AppData\Local\recently-used.xbel [2012.06.14 22:02:11 | 000,007,633 | ---- | M] () -- C:\Users\Jörg\AppData\Local\Resmon.ResmonCfg < %localappdata%\*.exe /s > [2012.03.19 00:09:20 | 000,076,888 | ---- | M] () -- C:\Users\Jörg\AppData\Local\PunkBuster\BF3\pb\PnkBstrA.exe [2012.03.22 21:11:38 | 000,282,864 | ---- | M] () -- C:\Users\Jörg\AppData\Local\PunkBuster\BF3\pb\PnkBstrB.exe < %allusersprofile%\*. > [2012.03.18 19:06:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012.04.03 21:57:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net [2012.04.26 20:53:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Blizzard Entertainment [2012.10.03 12:19:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited [2012.03.18 20:10:42 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2012.04.26 23:13:38 | 000,000,000 | ---D | M] -- C:\ProgramData\DivX [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2012.03.18 19:06:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2012.03.19 00:03:47 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core [2012.03.19 15:18:07 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs [2012.03.19 00:03:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts [2012.03.18 19:06:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2012.03.20 20:56:53 | 000,000,000 | ---D | M] -- C:\ProgramData\IObit [2012.10.13 10:51:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2012.03.19 12:54:53 | 000,000,000 | ---D | M] -- C:\ProgramData\MediaMonkey [2012.06.20 14:20:45 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2012.10.09 19:09:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2012.05.03 20:35:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla [2012.06.18 18:40:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments [2012.10.26 19:51:01 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA [2012.03.18 19:15:28 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation [2012.03.19 00:03:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin [2012.05.16 23:03:39 | 000,000,000 | ---D | M] -- C:\ProgramData\PassMark [2012.03.24 13:54:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PDF Writer [2012.03.20 14:59:28 | 000,000,000 | ---D | M] -- C:\ProgramData\SafeNet Sentinel [2012.09.14 20:12:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2012.10.14 19:38:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony Ericsson [2012.10.10 21:57:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Sophos [2012.03.20 14:32:44 | 000,000,000 | ---D | M] -- C:\ProgramData\SPSS [2012.10.14 19:29:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2012.03.18 19:06:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2012.03.18 19:06:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2012.06.18 18:39:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7} [2012.06.18 18:41:21 | 000,000,000 | -H-D | M] -- C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B} [2012.03.18 23:14:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6} [2012.06.18 18:40:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6} < %allusersprofile%\*.* > < %allusersprofile%\*.exe /s > [2011.08.31 17:40:57 | 004,373,360 | ---- | M] (Native Instruments ) -- C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\Service Center Setup PC.exe [2011.10.13 17:00:00 | 004,632,824 | R--- | M] (Native Instruments ) -- C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.exe [2010.06.22 21:49:15 | 003,349,784 | ---- | M] (Stardock Corporation ) -- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe [2011.04.07 18:20:39 | 004,322,560 | ---- | M] (Native Instruments ) -- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.exe [2012.09.22 16:29:02 | 000,533,184 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.exe [2012.04.03 21:57:08 | 000,499,712 | ---- | M] (Blizzard Entertainment, Inc.) -- C:\ProgramData\Battle.net\Agent\ErrorReporter.exe [2012.09.14 20:28:40 | 006,002,880 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe [2012.09.22 16:29:02 | 006,011,072 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe [2012.09.22 16:29:09 | 000,533,184 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Client\Blizzard Launcher.exe [2012.09.14 20:29:24 | 017,651,392 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Client\Blizzard Launcher.1845\Blizzard Launcher.exe [2012.09.22 16:29:09 | 017,672,896 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Client\Blizzard Launcher.1857\Blizzard Launcher.exe [2012.04.12 18:51:03 | 001,862,224 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Setup\diablo3_beta_enus\Diablo III Beta Setup.exe [2012.05.14 17:41:47 | 001,865,296 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Setup\diablo3_dede\Diablo III Setup.exe [2012.04.26 23:13:32 | 000,065,783 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\ControlPanel\Uninstaller.exe [2012.04.26 23:13:32 | 000,063,144 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DesktopService\Uninstaller.exe [2012.04.26 23:13:38 | 000,064,957 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DivXPlusShortcuts\Uninstaller.exe [2012.04.26 23:13:31 | 000,061,667 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\MSVC80CRTRedist\Uninstaller.exe [2012.04.26 23:13:34 | 000,063,228 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\OVSHelper\Uninstaller.exe [2012.04.26 23:13:26 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Qt4.5\Uninstaller.exe [2012.04.26 23:12:12 | 000,932,704 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\Setup\DivXSetup.exe [2012.04.26 23:13:35 | 000,061,792 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\Update\Uninstaller.exe [2012.04.26 23:13:38 | 000,066,441 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\WebPlayer\Uninstaller.exe [2012.03.01 02:02:00 | 000,190,272 | ---- | M] (NVIDIA Corporation) -- C:\ProgramData\NVIDIA\Updatus\WLMerger.exe [1970.01.01 02:00:00 | 000,120,773 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\33020A60\drsupdate.12601159_RUNASUSER.exe [2012.05.23 12:06:28 | 000,120,773 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000000\drsupdate.12601159_RUNASUSER.exe [2012.05.24 11:46:45 | 000,342,145 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\000002b4\drsupdate.12941764_RUNASUSER.exe [2012.05.25 11:47:03 | 000,342,213 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000548\drsupdate.13114128_RUNASUSER.exe [2012.05.31 13:53:42 | 000,342,215 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000553\drsupdate.13143727_RUNASUSER.exe < > [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.01 23:55:32 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < End of report > |
|
| Themen zu T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? |
| 0x0000001f, administrator, adobe, application/pdf:, bho, black, build 7601, cdburnerxp, classpnp.sys, computer, desktop, explorer, firefox, flash player, google, hal.dll, helper, hijack, hängen, launch, log file, logfile, mozilla, mp3, nvidia, nvidia update, pc infiziert, physicaldrive1, realtek, registry, safer networking, security, senden, software, temp, unknown mbr, windows, windows xp |
Button.
.
und speichere das Logfile als ESET.txt auf dem Desktop.
+ R Taste und kopiere den folgenden Text Ausführen-Fenster und klicke OK.
Textbox.
Linear-Darstellung
