| |
| |||||||
Log-Analyse und Auswertung: Polizei Trojaner(Österreich) Log auswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.11.2012, 18:54
| #1 |
| |  Polizei Trojaner(Österreich) Log auswertung Hallo erstmal ! Will gleich zur Sache kommen, habe wie im Titel schon angegeben einen Trojaner und hoffe mit eurer Hilfe das nervende Pferd los zu werden! Bitte um weitere Instruktionen !?  Hier die OTL Log: Code:
ATTFilter OTL logfile created on: 13.11.2012 18:21:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Exodus\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,57% Memory free 4,24 Gb Paging File | 3,22 Gb Available in Paging File | 75,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,16 Gb Total Space | 58,21 Gb Free Space | 52,84% Space Free | Partition Type: NTFS Drive D: | 216,40 Gb Total Space | 81,02 Gb Free Space | 37,44% Space Free | Partition Type: NTFS Drive L: | 5,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: EXODUS-PC | User Name: Exodus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Exodus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\JDownloader\jre\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Desura Install Service) -- C:\Programme\Common Files\Desura\desura_service.exe (Desura Pty Ltd) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121005.002\BHDrvx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys () DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVENG.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121027.002\IDSvix86.sys (Symantec Corporation) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1309000.009\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1309000.009\srtspx.sys (Symantec Corporation) DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1309000.009\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1309000.009\symefa.sys (Symantec Corporation) DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NAV\1309000.009\symtdiv.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1309000.009\ironx86.sys (Symantec Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1309000.009\symds.sys (Symantec Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D B1 68 3E BC C1 CD 01 [binary data] IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={E8AEDDE5-5128-4F3E-8D4F-52B1CB04808E}&mid=d9ceb2f73dc847d0aef2d168c3e36fef-06ce4fc639803a2e3563922518183d8e94088cb9&lang=de&ds=AVG&pr=pr&d=2012-10-01 13:21:05&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2028157852-3969067451-341249778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.145.0 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012.11.12 00:05:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 01:53:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.30 01:53:30 | 000,000,000 | ---D | M] [2012.07.27 19:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exodus\AppData\Roaming\mozilla\Extensions [2012.10.23 16:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exodus\AppData\Roaming\mozilla\Firefox\Profiles\qmfgr1kj.default\extensions [2012.08.19 20:06:39 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Exodus\AppData\Roaming\mozilla\Firefox\Profiles\qmfgr1kj.default\extensions\battlefieldheroespatcher@ea.com [2012.10.30 01:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.30 01:53:28 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2012.10.30 01:53:37 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.16 01:03:52 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.10.01 12:21:00 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.04 21:46:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.26 20:10:26 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbyond.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2028157852-3969067451-341249778-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Exodus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{369B177D-2325-4961-8CCF-0552EA4B77F7}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Exodus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Exodus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.10.10 13:01:08 | 000,000,051 | R--- | M] () - L:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.13 18:20:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Exodus\Desktop\OTL.exe [2012.11.13 17:30:46 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.12 00:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.11 22:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.11.11 22:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.11.11 22:20:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.11.09 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\BitTorrent [2012.11.07 23:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Skype [2012.11.01 17:50:48 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Local\Arktos [2012.11.01 17:50:46 | 000,000,000 | ---D | C] -- C:\Users\Exodus\Documents\Arktos [2012.11.01 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Local\CrashRpt [2012.10.30 18:15:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2012.10.30 18:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z [2012.10.30 01:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.27 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\uTorrent [2012.10.21 01:41:57 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\DwarfsF2P [2012.10.21 01:41:55 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\Dwarfs ========== Files - Modified Within 30 Days ========== [2012.11.13 18:20:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Exodus\Desktop\OTL.exe [2012.11.13 18:12:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.13 17:57:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000UA.job [2012.11.13 17:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.13 17:31:10 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.13 17:30:48 | 000,000,774 | ---- | M] () -- C:\Users\Exodus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.13 17:30:46 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.13 17:23:52 | 000,002,337 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2012.11.13 17:23:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.13 17:23:45 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.13 17:23:45 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.13 17:23:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.13 17:23:39 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys [2012.11.12 22:54:37 | 000,051,712 | ---- | M] () -- C:\Users\Exodus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.12 13:57:03 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000Core.job [2012.11.12 00:28:29 | 001,642,787 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1309000.009\Cat.DB [2012.11.11 22:11:13 | 000,000,680 | ---- | M] () -- C:\Users\Exodus\AppData\Local\d3d9caps.dat [2012.11.11 14:37:17 | 005,946,014 | ---- | M] () -- C:\Users\Exodus\Documents\Imagine Dragons, Radioactive HD.mp3 [2012.11.09 19:23:07 | 094,721,516 | ---- | M] () -- C:\Users\Exodus\Documents\[HQ] Hans Zimmer - Inception Soundtrack - OST (complete).mp3 [2012.11.06 19:21:28 | 007,605,312 | ---- | M] () -- C:\Users\Exodus\Documents\Borderlands 2 Intro Song - Soundtrack (The Heavy - Short Change Hero).mp3 [2012.11.06 19:18:13 | 005,683,669 | ---- | M] () -- C:\Users\Exodus\Documents\The Borderlands Theme Song- Aint No Rest For the Wicked.mp3 [2012.10.28 00:51:11 | 000,000,104 | ---- | M] () -- C:\Users\Exodus\Documents\Papierkorb - Verknüpfung.lnk [2012.10.26 17:26:57 | 186,464,390 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.16 11:29:46 | 000,010,074 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1309000.009\VT20121008.022 ========== Files Created - No Company Name ========== [2012.11.13 17:30:48 | 000,000,774 | ---- | C] () -- C:\Users\Exodus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.12 00:08:54 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys [2012.11.11 22:00:45 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.11 14:37:00 | 005,946,014 | ---- | C] () -- C:\Users\Exodus\Documents\Imagine Dragons, Radioactive HD.mp3 [2012.11.09 19:18:14 | 094,721,516 | ---- | C] () -- C:\Users\Exodus\Documents\[HQ] Hans Zimmer - Inception Soundtrack - OST (complete).mp3 [2012.11.06 19:21:15 | 007,605,312 | ---- | C] () -- C:\Users\Exodus\Documents\Borderlands 2 Intro Song - Soundtrack (The Heavy - Short Change Hero).mp3 [2012.11.06 19:18:05 | 005,683,669 | ---- | C] () -- C:\Users\Exodus\Documents\The Borderlands Theme Song- Aint No Rest For the Wicked.mp3 [2012.10.28 00:51:11 | 000,000,104 | ---- | C] () -- C:\Users\Exodus\Documents\Papierkorb - Verknüpfung.lnk [2012.10.13 17:29:01 | 000,086,704 | ---- | C] () -- C:\Users\Exodus\tumblr_m1nwebxpUq1r5u0t3.png [2012.10.07 09:53:09 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012.10.03 18:50:27 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2012.10.03 13:04:28 | 000,071,372 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.09.03 19:44:33 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe [2012.09.03 19:44:10 | 000,216,158 | ---- | C] () -- C:\Users\Exodus\AppData\Local\census.cache [2012.09.03 19:43:54 | 000,149,652 | ---- | C] () -- C:\Users\Exodus\AppData\Local\ars.cache [2012.09.03 19:34:52 | 000,000,036 | ---- | C] () -- C:\Users\Exodus\AppData\Local\housecall.guid.cache [2012.08.30 08:20:09 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\windrv32.sys [2012.08.25 10:38:54 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\winbros.sys [2012.08.24 12:13:02 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\ztddttud.sys [2012.08.21 11:38:45 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\winbras.sys [2012.08.20 02:28:25 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.08.20 02:28:25 | 000,138,056 | ---- | C] () -- C:\Users\Exodus\AppData\Roaming\PnkBstrK.sys [2012.08.20 02:28:07 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.08.20 02:28:02 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.08.06 12:07:09 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.07.28 23:11:47 | 000,051,712 | ---- | C] () -- C:\Users\Exodus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.28 15:04:28 | 003,495,784 | ---- | C] () -- C:\Windows\System32\d3dx9_33.dll [2012.07.28 12:19:16 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.07.27 19:49:44 | 000,000,680 | ---- | C] () -- C:\Users\Exodus\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2011.11.18 21:23:34 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\@ [2012.10.01 14:11:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\L [2012.10.01 15:29:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\U [2012.10.01 15:06:33 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\L\00000004.@ [2012.10.01 12:42:26 | 000,002,048 | -HS- | M] () -- C:\Users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\@ [2011.11.18 21:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\L [2011.11.18 21:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\U [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "ThreadingModel" = Apartment "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 14:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll\system32\wbem\wbemess.dll "ThreadingModel" = Apartment ========== LOP Check ========== [2012.10.06 13:13:25 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\.minecraft [2012.09.19 23:30:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Audacity [2012.07.30 00:52:30 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\avidemux [2012.08.06 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Awesomium [2012.07.27 20:02:04 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Babylon [2012.11.11 22:48:42 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\BitTorrent [2012.11.11 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DAEMON Tools Pro [2012.08.02 18:59:51 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DVDVideoSoft [2012.11.03 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Dwarfs [2012.10.21 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DwarfsF2P [2012.10.01 15:20:51 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\FixZeroAccess [2012.09.02 23:44:28 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\FRITZ! [2012.08.22 01:50:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Gyazo [2012.09.24 12:35:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\LS [2012.09.04 16:22:36 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Mount&Blade Warband [2012.10.02 17:04:17 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\OnLive App [2012.08.23 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\RotMG.Production [2012.08.04 11:24:28 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\TEdit [2012.08.20 18:45:11 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Unity [2012.11.12 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.11.2012 18:21:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Exodus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,57% Memory free
4,24 Gb Paging File | 3,22 Gb Available in Paging File | 75,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,16 Gb Total Space | 58,21 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 216,40 Gb Total Space | 81,02 Gb Free Space | 37,44% Space Free | Partition Type: NTFS
Drive L: | 5,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: EXODUS-PC | User Name: Exodus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Exodus\M-10-7960-8588-3464\winsvc.exe" = C:\Users\Exodus\M-10-7960-8588-3464\winsvc.exe:*:Enabled:Microsoft Windows Service
"C:\Users\Exodus\M-50-8964-7854-4678\winmgr.exe" = C:\Users\Exodus\M-50-8964-7854-4678\winmgr.exe:*:Enabled:Microsoft Windows Manager
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B}" = Nero Burning ROM 11
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{77D5EF75-EB85-4C19-879B-D997E80FF40E}" = UPC Konfigurator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.2.0.9
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB87D276-2F4A-453A-A2D8-D597927C59A0}" = Tabellenbuch Metall digital 6.0
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BYOND" = BYOND
"DAEMON Tools Pro" = DAEMON Tools Pro
"Desura" = Desura
"Desura_18829136625680" = Desura: Black Mesa
"Desura_40965398069264" = Desura: Half-Life 2: Wars
"Deus Ex" = Deus Ex
"Fraps" = Fraps (remove only)
"HDTP" = Deus Ex - HDTP
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"NAV" = Norton AntiVirus
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OnLive" = OnLive
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Rechenbuch Metall_is1" = Bilder-CD für Rechenbuch Metall, 30. Aufl - Einzellizenz
"Steam App 105600" = Terraria
"Steam App 17700" = Insurgency
"Steam App 17740" = Empires
"Steam App 200210" = Realm of the Mad God
"Steam App 212800" = Super Crate Box
"Steam App 213650" = Dwarfs F2P
"Steam App 214850" = GameMaker: Studio
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 31270" = Puzzle Agent
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 6100" = Eets
"Steam App 630" = Alien Swarm
"Steam App 70" = Half-Life
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 99900" = Spiral Knights
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Walking Dead Episode 3 (c) TellTale Games_is1" = The Walking Dead Episode 3 (c) TellTale Games version 1
"The Walking Dead Episode 4 (c) Telltale Games_is1" = The Walking Dead Episode 4 (c) Telltale Games version 1
"UPC Konfigurator" = UPC Konfigurator
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2028157852-3969067451-341249778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.11.2012 19:12:16 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 12.11.2012 08:57:36 | Computer Name = Exodus-PC | Source = WinMgmt | ID = 28
Description =
Error - 12.11.2012 08:59:09 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 12.11.2012 13:21:04 | Computer Name = Exodus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Steam.exe, Version 1.0.1446.623, Zeitstempel
0x5004ae1a, fehlerhaftes Modul steamclient.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x509d88e5, Ausnahmecode 0xc0000005, Fehleroffset 0x38128865, Prozess-ID 0x22c0,
Anwendungsstartzeit 01cdc0f40a07445d.
Error - 12.11.2012 13:21:08 | Computer Name = Exodus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Steam.exe, Version 1.0.1446.623, Zeitstempel
0x5004ae1a, fehlerhaftes Modul steamservice.dll, Version 1.57.74.6, Zeitstempel
0x509d888a, Ausnahmecode 0xc0000005, Fehleroffset 0x000072d6, Prozess-ID 0x22c0,
Anwendungsstartzeit 01cdc0f40a07445d.
Error - 12.11.2012 14:12:02 | Computer Name = Exodus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_RpcSs, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel
0x49f05bcc, Ausnahmecode 0xc0000005, Fehleroffset 0x000132f3, Prozess-ID 0x3b4, Anwendungsstartzeit
01cdc0d5180d4ef9.
Error - 12.11.2012 14:14:47 | Computer Name = Exodus-PC | Source = WinMgmt | ID = 28
Description =
Error - 12.11.2012 14:16:47 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
Error - 13.11.2012 12:24:09 | Computer Name = Exodus-PC | Source = WinMgmt | ID = 28
Description =
Error - 13.11.2012 12:26:06 | Computer Name = Exodus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
[ System Events ]
Error - 11.11.2012 18:54:49 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:00:07 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:05:44 | Computer Name = Exodus-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 11.11.2012 19:07:05 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:15 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:17 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:21 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 11.11.2012 19:07:22 | Computer Name = Exodus-PC | Source = DCOM | ID = 10005
Description =
Error - 12.11.2012 11:54:29 | Computer Name = Exodus-PC | Source = bowser | ID = 8003
Description =
Error - 12.11.2012 14:12:22 | Computer Name = Exodus-PC | Source = WinHttpAutoProxySvc | ID = 12506
Description = Der WinHTTP-Web Proxy Auto-Discovery-Dienst ist auf einen Systemfehler
von RpcEpRegisterW() gestoßen: (Fehlercode = 1752) Der Serverendpunkt kann den
Vorgang nicht ausführen.
< End of report >
|
|
13.11.2012, 19:46
| #2 |
| /// Selecta Jahrusso   | Polizei Trojaner(Österreich) Log auswertung Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Du hast da ein paar mehr Probleme. Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
13.11.2012, 23:38
| #3 |
| | Polizei Trojaner(Österreich) Log auswertung Hi Daniel,
__________________Erstmal danke für deine schnelle Antwort ! Hoffe das sind nicht allzuschlimme Problme, hier die Log's Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-13 23:24:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3360320AS rev.3.AAM
Running: vo4eteg0.exe; Driver: C:\Users\Exodus\AppData\Local\Temp\pwdiypob.sys
---- System - GMER 1.0.15 ----
SSDT 85FE70E0 ZwAlpcConnectPort
SSDT 85FC1C38 ZwLoadDriver
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!KeInsertQueue + 32D 82083964 4 Bytes [E0, 70, FE, 85]
.text ntoskrnl.exe!KeInsertQueue + 56D 82083BA4 4 Bytes [38, 1C, FC, 85]
? System32\drivers\etbgjpxd.sys Das System kann den angegebenen Pfad nicht finden. !
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9C70B69D]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[900] USER32.dll!GetWindowInfo 764B428E 5 Bytes JMP 67634559 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[900] USER32.dll!SetMenuItemBitmaps + 71 764C14EE 7 Bytes JMP 67634BB1 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] ntdll.dll!LdrLoadDll 77769378 5 Bytes JMP 674D5B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] kernel32.dll!HeapSetInformation + 26 75FEA8C0 7 Bytes JMP 674DEF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] kernel32.dll!LockResource + C 76006B0B 7 Bytes JMP 67717B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] kernel32.dll!VirtualAllocEx + 54 7600AF70 7 Bytes JMP 67717B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] USER32.dll!GetWindowInfo 764B428E 5 Bytes JMP 6763BBA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2924] GDI32.dll!SetStretchBltMode + 256 760A745C 7 Bytes JMP 67717AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateFile + 6 777A424A 4 Bytes [28, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateFile + B 777A424F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateKey + 6 777A428A 4 Bytes [68, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateKey + B 777A428F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateMutant + 6 777A42BA 4 Bytes [28, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateMutant + B 777A42BF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateSection + 6 777A433A 4 Bytes [68, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtCreateSection + B 777A433F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtMapViewOfSection + 6 777A499A 4 Bytes [A8, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtMapViewOfSection + B 777A499F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenFile + 6 777A4A2A 4 Bytes [68, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenFile + B 777A4A2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenKey + 6 777A4A5A 4 Bytes [A8, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenKey + B 777A4A5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenMutant + 6 777A4A7A 4 Bytes CALL 767A5080 C:\Windows\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenMutant + B 777A4A7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcess + 6 777A4AAA 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcess + 6 777A4AAA 4 Bytes [28, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcess + B 777A4AAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcessToken + 6 777A4ABA 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcessToken + 6 777A4ABA 4 Bytes [68, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcessToken + B 777A4ABF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcessTokenEx + 6 777A4ACA 4 Bytes [28, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenProcessTokenEx + B 777A4ACF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenSection + 6 777A4ADA 4 Bytes [A8, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenSection + B 777A4ADF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThread + 6 777A4B1A 4 Bytes CALL 767A5121 C:\Windows\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThread + B 777A4B1F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThreadToken + 6 777A4B2A 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThreadToken + 6 777A4B2A 4 Bytes CALL 767A5132 C:\Windows\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThreadToken + B 777A4B2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThreadTokenEx + 6 777A4B3A 4 Bytes [68, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtOpenThreadTokenEx + B 777A4B3F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtQueryAttributesFile + 6 777A4BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtQueryAttributesFile + B 777A4BCF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtQueryFullAttributesFile + 6 777A4C7A 4 Bytes CALL 767A527F C:\Windows\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtQueryFullAttributesFile + B 777A4C7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtSetInformationFile + 6 777A515A 4 Bytes [28, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtSetInformationFile + B 777A515F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtSetInformationThread + 6 777A51AA 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtSetInformationThread + 6 777A51AA 4 Bytes [A8, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtSetInformationThread + B 777A51AF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 777A544A 4 Bytes CALL 767A5A53 C:\Windows\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ntdll.dll!NtUnmapViewOfSection + B 777A544F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] kernel32.dll!CreateProcessW 75FC1BF3 5 Bytes JMP 000100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] kernel32.dll!CreateProcessA 75FC1C28 5 Bytes JMP 000100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] kernel32.dll!OpenEventW 75FDC033 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] kernel32.dll!CreateEventW 7600B87E 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!DeleteObject 760A5A37 5 Bytes JMP 000801B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetDeviceCaps 760A617F 5 Bytes JMP 000803B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SelectObject 760A62A0 5 Bytes JMP 000805F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetTextColor 760A666B 5 Bytes JMP 00080A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetBkMode 760A6716 5 Bytes JMP 000808F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!DeleteDC 760A68CD 5 Bytes JMP 00080170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetCurrentObject 760A6B58 5 Bytes JMP 00080370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetStretchBltMode 760A7206 5 Bytes JMP 000806B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SaveDC 760A75BA 5 Bytes JMP 00080570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!RestoreDC 760A7675 5 Bytes JMP 00080530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!StretchDIBits 760A78CF 5 Bytes JMP 00080770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!ExtSelectClipRgn 760A79F8 5 Bytes JMP 000802F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SelectClipRgn 760A7AF9 5 Bytes JMP 000805B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!MoveToEx 760A7C33 5 Bytes JMP 00080470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!Rectangle 760A7EA9 5 Bytes JMP 000809B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextAlign 760A82E0 5 Bytes JMP 00080D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetTextAlign 760A85CB 5 Bytes JMP 000809F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!ExtTextOutW 760A872B 5 Bytes JMP 00080970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextMetricsW 760A8A81 5 Bytes JMP 00080E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!IntersectClipRect 760A8B64 5 Bytes JMP 000803F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetClipBox 760A9071 5 Bytes JMP 00080330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetICMMode 760A94E7 5 Bytes JMP 00080DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!CreateDCW 760AA91D 5 Bytes JMP 000800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!CreateDCA 760AAA49 5 Bytes JMP 000800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!CreateICW 760AB2E9 5 Bytes JMP 00080130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextFaceW 760AB637 5 Bytes JMP 00080D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetFontData 760ABA6C 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetFontData 760ABA6C 5 Bytes JMP 00080C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextExtentPoint32W 760AC01A 5 Bytes JMP 00080670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetWorldTransform 760AC46A 5 Bytes JMP 000806F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!LineTo 760AC65E 5 Bytes JMP 00080430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextMetricsA 760ACCEB 5 Bytes JMP 00080DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!ExtTextOutA 760B00A5 5 Bytes JMP 00080930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextExtentPoint32A 760B0E58 5 Bytes JMP 00080630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!ExtEscape 760B22A7 5 Bytes JMP 000802B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!Escape 760B27F1 5 Bytes JMP 00080270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!ResetDCW 760B3132 5 Bytes JMP 00080AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!EndPage 760B375E 5 Bytes JMP 00080230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetPolyFillMode 760B61D3 5 Bytes JMP 00080B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SetMiterLimit 760B62E2 5 Bytes JMP 00080B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetTextFaceA 760BF4C5 5 Bytes JMP 00080CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!GetGlyphOutlineW 760CA41F 5 Bytes JMP 00080CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!CreateScalableFontResourceW 760CC88B 5 Bytes JMP 00080BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!AddFontResourceW 760CCC93 5 Bytes JMP 00080BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!RemoveFontResourceW 760CD129 5 Bytes JMP 00080C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!AbortDoc 760D2CC4 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!EndDoc 760D30D8 5 Bytes JMP 000801F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!StartPage 760D31C3 5 Bytes JMP 00080730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!StartDocW 760D3CA7 5 Bytes JMP 000807F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!BeginPath 760D4465 5 Bytes JMP 00080830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!SelectClipPath 760D44BC 5 Bytes JMP 00080AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!CloseFigure 760D4517 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!EndPath 760D456E 5 Bytes JMP 00080A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!StrokePath 760D47A0 5 Bytes JMP 000807B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!FillPath 760D482C 5 Bytes JMP 00080870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!PolylineTo 760D4C95 5 Bytes JMP 000804F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!PolyBezierTo 760D4D25 5 Bytes JMP 000804B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] GDI32.dll!PolyDraw 760D4DD6 5 Bytes JMP 000808B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!SetCursor 764AD37D 5 Bytes JMP 00090530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!RegisterClipboardFormatW 764AD6AC 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!RegisterClipboardFormatW 764AD6AC 5 Bytes JMP 000902B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!ActivateKeyboardLayout 764B478C 5 Bytes JMP 000904F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!IsWindowVisible 764B878A 7 Bytes JMP 000906B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!MonitorFromWindow 764B88D4 4 Bytes JMP 00090630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!MonitorFromWindow + 5 764B88D9 2 Bytes [CC, CC] {INT 3 ; INT 3 }
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!ScreenToClient 764B8C56 7 Bytes JMP 00090670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClientRect 764B8F0D 7 Bytes JMP 000905B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetParent 764B90AA 7 Bytes JMP 000906F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!RegisterClipboardFormatA 764BA111 5 Bytes JMP 000902F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!PostMessageW 764BA175 5 Bytes JMP 000905F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!MapWindowPoints 764BA30D 5 Bytes JMP 00090570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardFormatNameA 764BA552 5 Bytes JMP 00090270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetOpenClipboardWindow 764C26A6 5 Bytes JMP 000903F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!SetClipboardViewer 764CBA2D 5 Bytes JMP 000904B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!IsClipboardFormatAvailable 764CC2E3 5 Bytes JMP 000900F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!CloseClipboard 764CC2F7 5 Bytes JMP 000900B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!OpenClipboard 764CC31D 5 Bytes JMP 00090070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetTopWindow 764CCE0A 7 Bytes JMP 00090730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardSequenceNumber 764CD8B7 5 Bytes JMP 00090330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!ChangeClipboardChain 764CDF83 5 Bytes JMP 00090430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!CountClipboardFormats 764D0048 5 Bytes JMP 000901F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardOwner 764D26EF 5 Bytes JMP 00090370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!SetClipboardData 764E6410 5 Bytes JMP 00090170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!EnumClipboardFormats 764E6D16 5 Bytes JMP 000901B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!SetCursorPos 764E6FB2 5 Bytes JMP 00090770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardData 764E715A 5 Bytes JMP 00090030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardFormatNameW 764EA99F 5 Bytes JMP 00090230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!EmptyClipboard 7650398B 5 Bytes JMP 00090130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetClipboardViewer 765039ED 5 Bytes JMP 00090470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] USER32.dll!GetPriorityClipboardFormat 76503AEF 5 Bytes JMP 000903B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ole32.dll!OleGetClipboard 763C74C9 5 Bytes JMP 000A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ole32.dll!OleSetClipboard 763F11E3 5 Bytes JMP 000A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] ole32.dll!OleIsCurrentClipboard 763FA8F9 5 Bytes JMP 000A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!FreeContextBuffer 75C92D83 5 Bytes JMP 000C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!DeleteSecurityContext 75C92F18 5 Bytes JMP 000C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!FreeCredentialsHandle 75C93598 5 Bytes JMP 000C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!EncryptMessage 75C93745 5 Bytes JMP 000C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!DecryptMessage 75C93813 5 Bytes JMP 000C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!InitializeSecurityContextA 75C987DF 5 Bytes JMP 000C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!AcquireCredentialsHandleA 75C98A43 5 Bytes JMP 000C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!QueryContextAttributesA 75C98E77 5 Bytes JMP 000C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!ApplyControlToken 75C9DE4F 5 Bytes JMP 000C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2988] Secur32.dll!QueryCredentialsAttributesA 75C9E052 5 Bytes JMP 000C00B0
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter 23:25:11.0767 2908 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:25:11.0860 2908 ============================================================
23:25:11.0860 2908 Current date / time: 2012/11/13 23:25:11.0860
23:25:11.0860 2908 SystemInfo:
23:25:11.0860 2908
23:25:11.0860 2908 OS Version: 6.0.6002 ServicePack: 2.0
23:25:11.0860 2908 Product type: Workstation
23:25:11.0860 2908 ComputerName: EXODUS-PC
23:25:11.0860 2908 UserName: Exodus
23:25:11.0860 2908 Windows directory: C:\Windows
23:25:11.0860 2908 System windows directory: C:\Windows
23:25:11.0860 2908 Processor architecture: Intel x86
23:25:11.0860 2908 Number of processors: 2
23:25:11.0860 2908 Page size: 0x1000
23:25:11.0860 2908 Boot type: Normal boot
23:25:11.0860 2908 ============================================================
23:25:12.0375 2908 Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:25:12.0484 2908 ============================================================
23:25:12.0484 2908 \Device\Harddisk0\DR0:
23:25:12.0484 2908 MBR partitions:
23:25:12.0484 2908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0xDC50000
23:25:12.0484 2908 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEDE4800, BlocksNum 0x1B0CEDB0
23:25:12.0484 2908 ============================================================
23:25:12.0515 2908 C: <-> \Device\Harddisk0\DR0\Partition1
23:25:12.0562 2908 D: <-> \Device\Harddisk0\DR0\Partition2
23:25:12.0562 2908 ============================================================
23:25:12.0562 2908 Initialize success
23:25:12.0562 2908 ============================================================
23:25:24.0106 3168 ============================================================
23:25:24.0106 3168 Scan started
23:25:24.0106 3168 Mode: Manual;
23:25:24.0106 3168 ============================================================
23:25:24.0730 3168 ================ Scan system memory ========================
23:25:24.0730 3168 System memory - ok
23:25:24.0730 3168 ================ Scan services =============================
23:25:24.0902 3168 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
23:25:24.0902 3168 acedrv11 - ok
23:25:24.0933 3168 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:25:24.0933 3168 ACPI - ok
23:25:24.0964 3168 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:25:24.0964 3168 AdobeARMservice - ok
23:25:25.0027 3168 [ E827F15D53A7F79C635DBF6A155C5E1B ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:25:25.0027 3168 AdobeFlashPlayerUpdateSvc - ok
23:25:25.0058 3168 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:25:25.0073 3168 adp94xx - ok
23:25:25.0151 3168 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:25:25.0167 3168 adpahci - ok
23:25:25.0183 3168 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:25:25.0214 3168 adpu160m - ok
23:25:25.0245 3168 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:25:25.0245 3168 adpu320 - ok
23:25:25.0292 3168 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:25:25.0292 3168 AeLookupSvc - ok
23:25:25.0307 3168 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
23:25:25.0323 3168 AFD - ok
23:25:25.0339 3168 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:25:25.0354 3168 agp440 - ok
23:25:25.0385 3168 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:25:25.0385 3168 aic78xx - ok
23:25:25.0401 3168 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:25:25.0401 3168 ALG - ok
23:25:25.0417 3168 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
23:25:25.0417 3168 aliide - ok
23:25:25.0432 3168 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:25:25.0432 3168 amdagp - ok
23:25:25.0479 3168 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
23:25:25.0479 3168 amdide - ok
23:25:25.0510 3168 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:25:25.0510 3168 AmdK7 - ok
23:25:25.0526 3168 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:25:25.0526 3168 AmdK8 - ok
23:25:25.0573 3168 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:25:25.0573 3168 Appinfo - ok
23:25:25.0635 3168 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:25:25.0635 3168 Apple Mobile Device - ok
23:25:25.0666 3168 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
23:25:25.0666 3168 arc - ok
23:25:25.0697 3168 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:25:25.0697 3168 arcsas - ok
23:25:25.0775 3168 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:25:25.0775 3168 aspnet_state - ok
23:25:25.0807 3168 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:25:25.0807 3168 AsyncMac - ok
23:25:25.0822 3168 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:25:25.0822 3168 atapi - ok
23:25:25.0853 3168 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:25:25.0853 3168 AudioEndpointBuilder - ok
23:25:25.0869 3168 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:25:25.0885 3168 Audiosrv - ok
23:25:25.0900 3168 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:25:25.0900 3168 Beep - ok
23:25:25.0931 3168 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:25:25.0947 3168 BFE - ok
23:25:26.0025 3168 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121005.002\BHDrvx86.sys
23:25:26.0056 3168 BHDrvx86 - ok
23:25:26.0103 3168 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
23:25:26.0119 3168 BITS - ok
23:25:26.0150 3168 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:25:26.0150 3168 blbdrive - ok
23:25:26.0197 3168 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:25:26.0197 3168 Bonjour Service - ok
23:25:26.0228 3168 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:25:26.0228 3168 bowser - ok
23:25:26.0259 3168 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:25:26.0259 3168 BrFiltLo - ok
23:25:26.0275 3168 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:25:26.0275 3168 BrFiltUp - ok
23:25:26.0306 3168 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:25:26.0306 3168 Browser - ok
23:25:26.0321 3168 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:25:26.0321 3168 Brserid - ok
23:25:26.0337 3168 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:25:26.0337 3168 BrSerWdm - ok
23:25:26.0353 3168 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:25:26.0353 3168 BrUsbMdm - ok
23:25:26.0353 3168 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:25:26.0368 3168 BrUsbSer - ok
23:25:26.0384 3168 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:25:26.0384 3168 BTHMODEM - ok
23:25:26.0431 3168 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NAV C:\Windows\system32\drivers\NAV\1309000.009\ccSetx86.sys
23:25:26.0431 3168 ccSet_NAV - ok
23:25:26.0446 3168 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:25:26.0446 3168 cdfs - ok
23:25:26.0477 3168 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:25:26.0477 3168 cdrom - ok
23:25:26.0509 3168 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:25:26.0509 3168 CertPropSvc - ok
23:25:26.0524 3168 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
23:25:26.0524 3168 circlass - ok
23:25:26.0540 3168 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:25:26.0555 3168 CLFS - ok
23:25:26.0587 3168 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:25:26.0587 3168 clr_optimization_v2.0.50727_32 - ok
23:25:26.0633 3168 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:25:26.0633 3168 clr_optimization_v4.0.30319_32 - ok
23:25:26.0649 3168 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:25:26.0649 3168 cmdide - ok
23:25:26.0649 3168 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:25:26.0649 3168 Compbatt - ok
23:25:26.0665 3168 COMSysApp - ok
23:25:26.0696 3168 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:25:26.0696 3168 crcdisk - ok
23:25:26.0696 3168 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:25:26.0696 3168 Crusoe - ok
23:25:26.0743 3168 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:25:26.0743 3168 CryptSvc - ok
23:25:26.0789 3168 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:25:26.0805 3168 DcomLaunch - ok
23:25:26.0836 3168 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files\Common Files\Desura\desura_service.exe
23:25:26.0836 3168 Desura Install Service - ok
23:25:26.0867 3168 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:25:26.0867 3168 DfsC - ok
23:25:26.0945 3168 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:25:26.0992 3168 DFSR - ok
23:25:27.0023 3168 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:25:27.0039 3168 Dhcp - ok
23:25:27.0070 3168 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:25:27.0070 3168 disk - ok
23:25:27.0101 3168 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:25:27.0101 3168 Dnscache - ok
23:25:27.0117 3168 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:25:27.0133 3168 dot3svc - ok
23:25:27.0148 3168 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:25:27.0148 3168 DPS - ok
23:25:27.0179 3168 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:25:27.0179 3168 drmkaud - ok
23:25:27.0211 3168 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:25:27.0211 3168 dtsoftbus01 - ok
23:25:27.0257 3168 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:25:27.0257 3168 DXGKrnl - ok
23:25:27.0289 3168 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:25:27.0304 3168 E1G60 - ok
23:25:27.0304 3168 EagleXNt - ok
23:25:27.0335 3168 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:25:27.0335 3168 EapHost - ok
23:25:27.0351 3168 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:25:27.0351 3168 Ecache - ok
23:25:27.0398 3168 [ 788C8ED8978E848095A64F3F54D714C7 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:25:27.0413 3168 eeCtrl - ok
23:25:27.0460 3168 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:25:27.0476 3168 ehRecvr - ok
23:25:27.0476 3168 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:25:27.0491 3168 ehSched - ok
23:25:27.0507 3168 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:25:27.0507 3168 ehstart - ok
23:25:27.0538 3168 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:25:27.0538 3168 elxstor - ok
23:25:27.0585 3168 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:25:27.0585 3168 EMDMgmt - ok
23:25:27.0616 3168 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:25:27.0616 3168 EraserUtilRebootDrv - ok
23:25:27.0647 3168 [ A81AB23EDDB4693612014D87367D014C ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:25:27.0647 3168 ErrDev - ok
23:25:27.0679 3168 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:25:27.0679 3168 EventSystem - ok
23:25:27.0710 3168 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:25:27.0710 3168 exfat - ok
23:25:27.0725 3168 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:25:27.0725 3168 fastfat - ok
23:25:27.0741 3168 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:25:27.0741 3168 fdc - ok
23:25:27.0757 3168 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:25:27.0757 3168 fdPHost - ok
23:25:27.0772 3168 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:25:27.0772 3168 FDResPub - ok
23:25:27.0788 3168 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:25:27.0788 3168 FileInfo - ok
23:25:27.0803 3168 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:25:27.0803 3168 Filetrace - ok
23:25:27.0835 3168 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:25:27.0835 3168 flpydisk - ok
23:25:27.0850 3168 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:25:27.0850 3168 FltMgr - ok
23:25:27.0897 3168 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:25:27.0928 3168 FontCache - ok
23:25:27.0975 3168 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:25:27.0975 3168 FontCache3.0.0.0 - ok
23:25:27.0991 3168 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:25:27.0991 3168 Fs_Rec - ok
23:25:28.0022 3168 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:25:28.0022 3168 gagp30kx - ok
23:25:28.0053 3168 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:25:28.0053 3168 GEARAspiWDM - ok
23:25:28.0084 3168 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:25:28.0100 3168 gpsvc - ok
23:25:28.0178 3168 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:25:28.0178 3168 gupdate - ok
23:25:28.0193 3168 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:25:28.0193 3168 gupdatem - ok
23:25:28.0240 3168 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
23:25:28.0240 3168 hamachi - ok
23:25:28.0256 3168 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:25:28.0271 3168 HdAudAddService - ok
23:25:28.0303 3168 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:25:28.0303 3168 HDAudBus - ok
23:25:28.0318 3168 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:25:28.0318 3168 HidBth - ok
23:25:28.0334 3168 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:25:28.0334 3168 HidIr - ok
23:25:28.0365 3168 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
23:25:28.0365 3168 hidserv - ok
23:25:28.0396 3168 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:25:28.0396 3168 HidUsb - ok
23:25:28.0412 3168 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:25:28.0412 3168 hkmsvc - ok
23:25:28.0443 3168 [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:25:28.0443 3168 HpCISSs - ok
23:25:28.0474 3168 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:25:28.0474 3168 HTTP - ok
23:25:28.0490 3168 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:25:28.0490 3168 i2omp - ok
23:25:28.0521 3168 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:25:28.0521 3168 i8042prt - ok
23:25:28.0537 3168 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:25:28.0537 3168 iaStorV - ok
23:25:28.0583 3168 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:25:28.0615 3168 idsvc - ok
23:25:28.0661 3168 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121027.002\IDSvix86.sys
23:25:28.0661 3168 IDSVix86 - ok
23:25:28.0708 3168 [ 506801C7D47BE8CD1CF342BF28EB17EC ] IGDCTRL C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
23:25:28.0708 3168 IGDCTRL - ok
23:25:28.0724 3168 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:25:28.0724 3168 iirsp - ok
23:25:28.0755 3168 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:25:28.0771 3168 IKEEXT - ok
23:25:28.0880 3168 [ F2C17D2C3D70C389193D9954E375E5E3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:25:28.0911 3168 IntcAzAudAddService - ok
23:25:28.0927 3168 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
23:25:28.0927 3168 intelide - ok
23:25:28.0958 3168 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:25:28.0958 3168 intelppm - ok
23:25:28.0989 3168 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:25:28.0989 3168 IPBusEnum - ok
23:25:29.0005 3168 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:25:29.0005 3168 IpFilterDriver - ok
23:25:29.0005 3168 IpInIp - ok
23:25:29.0020 3168 [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:25:29.0020 3168 IPMIDRV - ok
23:25:29.0036 3168 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:25:29.0036 3168 IPNAT - ok
23:25:29.0067 3168 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:25:29.0083 3168 iPod Service - ok
23:25:29.0098 3168 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:25:29.0098 3168 IRENUM - ok
23:25:29.0129 3168 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:25:29.0129 3168 isapnp - ok
23:25:29.0149 3168 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:25:29.0149 3168 iScsiPrt - ok
23:25:29.0159 3168 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:25:29.0159 3168 iteatapi - ok
23:25:29.0179 3168 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:25:29.0189 3168 iteraid - ok
23:25:29.0209 3168 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:25:29.0209 3168 kbdclass - ok
23:25:29.0219 3168 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:25:29.0229 3168 kbdhid - ok
23:25:29.0259 3168 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
23:25:29.0259 3168 KeyIso - ok
23:25:29.0299 3168 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:25:29.0299 3168 KSecDD - ok
23:25:29.0339 3168 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:25:29.0359 3168 KtmRm - ok
23:25:29.0379 3168 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
23:25:29.0389 3168 LanmanServer - ok
23:25:29.0419 3168 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:25:29.0429 3168 LanmanWorkstation - ok
23:25:29.0449 3168 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:25:29.0449 3168 lltdio - ok
23:25:29.0469 3168 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:25:29.0479 3168 lltdsvc - ok
23:25:29.0489 3168 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:25:29.0489 3168 lmhosts - ok
23:25:29.0509 3168 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:25:29.0509 3168 LSI_FC - ok
23:25:29.0529 3168 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:25:29.0529 3168 LSI_SAS - ok
23:25:29.0559 3168 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:25:29.0559 3168 LSI_SCSI - ok
23:25:29.0579 3168 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:25:29.0579 3168 luafv - ok
23:25:29.0609 3168 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:25:29.0609 3168 MBAMProtector - ok
23:25:29.0649 3168 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:25:29.0659 3168 MBAMScheduler - ok
23:25:29.0699 3168 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:25:29.0709 3168 MBAMService - ok
23:25:29.0729 3168 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:25:29.0739 3168 Mcx2Svc - ok
23:25:29.0769 3168 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
23:25:29.0769 3168 megasas - ok
23:25:29.0809 3168 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:25:29.0819 3168 MegaSR - ok
23:25:29.0849 3168 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:25:29.0849 3168 MMCSS - ok
23:25:29.0869 3168 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:25:29.0869 3168 Modem - ok
23:25:29.0889 3168 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:25:29.0889 3168 monitor - ok
23:25:29.0899 3168 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:25:29.0909 3168 mouclass - ok
23:25:29.0929 3168 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:25:29.0929 3168 mouhid - ok
23:25:29.0939 3168 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:25:29.0939 3168 MountMgr - ok
23:25:29.0979 3168 [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:25:29.0979 3168 mpio - ok
23:25:29.0999 3168 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:25:29.0999 3168 mpsdrv - ok
23:25:30.0029 3168 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:25:30.0049 3168 MpsSvc - ok
23:25:30.0059 3168 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:25:30.0059 3168 Mraid35x - ok
23:25:30.0069 3168 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:25:30.0069 3168 MRxDAV - ok
23:25:30.0099 3168 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:25:30.0099 3168 mrxsmb - ok
23:25:30.0109 3168 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:25:30.0109 3168 mrxsmb10 - ok
23:25:30.0129 3168 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:25:30.0129 3168 mrxsmb20 - ok
23:25:30.0139 3168 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
23:25:30.0139 3168 msahci - ok
23:25:30.0159 3168 [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:25:30.0159 3168 msdsm - ok
23:25:30.0179 3168 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:25:30.0179 3168 MSDTC - ok
23:25:30.0199 3168 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:25:30.0199 3168 Msfs - ok
23:25:30.0219 3168 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:25:30.0219 3168 msisadrv - ok
23:25:30.0239 3168 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:25:30.0239 3168 MSiSCSI - ok
23:25:30.0239 3168 msiserver - ok
23:25:30.0259 3168 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:25:30.0259 3168 MSKSSRV - ok
23:25:30.0279 3168 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:25:30.0279 3168 MSPCLOCK - ok
23:25:30.0299 3168 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:25:30.0299 3168 MSPQM - ok
23:25:30.0319 3168 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:25:30.0319 3168 MsRPC - ok
23:25:30.0329 3168 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:25:30.0329 3168 mssmbios - ok
23:25:30.0349 3168 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:25:30.0359 3168 MSTEE - ok
23:25:30.0369 3168 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:25:30.0369 3168 Mup - ok
23:25:30.0399 3168 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:25:30.0399 3168 napagent - ok
23:25:30.0429 3168 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:25:30.0429 3168 NativeWifiP - ok
23:25:30.0589 3168 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
23:25:30.0619 3168 NAUpdate - ok
23:25:30.0649 3168 [ F2840DBFE9322F35557219AE82CC4597 ] NAV C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
23:25:30.0649 3168 NAV - ok
23:25:30.0679 3168 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVENG.SYS
23:25:30.0689 3168 NAVENG - ok
23:25:30.0729 3168 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVEX15.SYS
23:25:30.0769 3168 NAVEX15 - ok
23:25:30.0809 3168 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:25:30.0809 3168 NDIS - ok
23:25:30.0829 3168 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:25:30.0829 3168 NdisTapi - ok
23:25:30.0849 3168 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:25:30.0849 3168 Ndisuio - ok
23:25:30.0879 3168 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:25:30.0879 3168 NdisWan - ok
23:25:30.0889 3168 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:25:30.0899 3168 NDProxy - ok
23:25:30.0909 3168 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:25:30.0909 3168 NetBIOS - ok
23:25:30.0939 3168 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:25:30.0939 3168 netbt - ok
23:25:30.0959 3168 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
23:25:30.0959 3168 Netlogon - ok
23:25:31.0009 3168 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:25:31.0019 3168 Netman - ok
23:25:31.0030 3168 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:31.0034 3168 NetMsmqActivator - ok
23:25:31.0041 3168 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:31.0043 3168 NetPipeActivator - ok
23:25:31.0066 3168 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:25:31.0070 3168 netprofm - ok
23:25:31.0087 3168 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:31.0089 3168 NetTcpActivator - ok
23:25:31.0109 3168 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:31.0111 3168 NetTcpPortSharing - ok
23:25:31.0184 3168 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:25:31.0184 3168 nfrd960 - ok
23:25:31.0215 3168 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:25:31.0215 3168 NlaSvc - ok
23:25:31.0230 3168 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:25:31.0230 3168 Npfs - ok
23:25:31.0246 3168 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:25:31.0246 3168 nsi - ok
23:25:31.0262 3168 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:25:31.0262 3168 nsiproxy - ok
23:25:31.0308 3168 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:25:31.0308 3168 Ntfs - ok
23:25:31.0340 3168 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:25:31.0355 3168 ntrigdigi - ok
23:25:31.0371 3168 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:25:31.0371 3168 Null - ok
23:25:32.0776 3168 [ F452E6AD3EDA2852F44BE492E283C40F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:25:32.0885 3168 nvlddmkm - ok
23:25:32.0901 3168 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:25:32.0916 3168 nvraid - ok
23:25:32.0916 3168 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:25:32.0916 3168 nvstor - ok
23:25:32.0932 3168 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:25:32.0947 3168 nv_agp - ok
23:25:32.0947 3168 NwlnkFlt - ok
23:25:32.0947 3168 NwlnkFwd - ok
23:25:32.0979 3168 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:25:32.0979 3168 ohci1394 - ok
23:25:33.0010 3168 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:25:33.0025 3168 p2pimsvc - ok
23:25:33.0057 3168 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:25:33.0057 3168 p2psvc - ok
23:25:33.0088 3168 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:25:33.0088 3168 Parport - ok
23:25:33.0119 3168 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:25:33.0119 3168 partmgr - ok
23:25:33.0135 3168 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:25:33.0135 3168 Parvdm - ok
23:25:33.0135 3168 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:25:33.0135 3168 PcaSvc - ok
23:25:33.0166 3168 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:25:33.0166 3168 pci - ok
23:25:33.0181 3168 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
23:25:33.0181 3168 pciide - ok
23:25:33.0197 3168 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:25:33.0213 3168 pcmcia - ok
23:25:33.0228 3168 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:25:33.0244 3168 PEAUTH - ok
23:25:33.0279 3168 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:25:33.0319 3168 pla - ok
23:25:33.0339 3168 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:25:33.0339 3168 PlugPlay - ok
23:25:33.0379 3168 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
23:25:33.0379 3168 PnkBstrA - ok
23:25:33.0419 3168 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:25:33.0419 3168 PNRPAutoReg - ok
23:25:33.0439 3168 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:25:33.0449 3168 PNRPsvc - ok
23:25:33.0469 3168 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:25:33.0479 3168 PolicyAgent - ok
23:25:33.0499 3168 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:25:33.0499 3168 PptpMiniport - ok
23:25:33.0519 3168 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
23:25:33.0519 3168 Processor - ok
23:25:33.0549 3168 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:25:33.0549 3168 ProfSvc - ok
23:25:33.0559 3168 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:25:33.0569 3168 ProtectedStorage - ok
23:25:33.0589 3168 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:25:33.0589 3168 PSched - ok
23:25:33.0629 3168 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:25:33.0659 3168 ql2300 - ok
23:25:33.0669 3168 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:25:33.0669 3168 ql40xx - ok
23:25:33.0689 3168 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:25:33.0699 3168 QWAVE - ok
23:25:33.0709 3168 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:25:33.0709 3168 QWAVEdrv - ok
23:25:33.0729 3168 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:25:33.0729 3168 RasAcd - ok
23:25:33.0739 3168 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:25:33.0739 3168 RasAuto - ok
23:25:33.0749 3168 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:25:33.0749 3168 Rasl2tp - ok
23:25:33.0769 3168 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:25:33.0769 3168 RasMan - ok
23:25:33.0789 3168 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:25:33.0799 3168 RasPppoe - ok
23:25:33.0799 3168 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:25:33.0799 3168 RasSstp - ok
23:25:33.0829 3168 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:25:33.0829 3168 rdbss - ok
23:25:33.0839 3168 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:25:33.0839 3168 RDPCDD - ok
23:25:33.0859 3168 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:25:33.0869 3168 rdpdr - ok
23:25:33.0869 3168 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:25:33.0879 3168 RDPENCDD - ok
23:25:33.0909 3168 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:25:33.0909 3168 RDPWD - ok
23:25:33.0929 3168 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:25:33.0939 3168 RemoteAccess - ok
23:25:33.0969 3168 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:25:33.0969 3168 RemoteRegistry - ok
23:25:33.0979 3168 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:25:33.0989 3168 RpcLocator - ok
23:25:34.0019 3168 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
23:25:34.0019 3168 RpcSs - ok
23:25:34.0049 3168 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:25:34.0049 3168 rspndr - ok
23:25:34.0079 3168 [ 959EF612D2CCFDB6D9E443F8E3655013 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
23:25:34.0079 3168 RTL8023xp - ok
23:25:34.0099 3168 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
23:25:34.0099 3168 RTL8169 - ok
23:25:34.0109 3168 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
23:25:34.0119 3168 SamSs - ok
23:25:34.0129 3168 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:25:34.0139 3168 sbp2port - ok
23:25:34.0159 3168 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:25:34.0169 3168 SCardSvr - ok
23:25:34.0199 3168 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:25:34.0219 3168 Schedule - ok
23:25:34.0229 3168 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:25:34.0229 3168 SCPolicySvc - ok
23:25:34.0239 3168 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:25:34.0249 3168 SDRSVC - ok
23:25:34.0279 3168 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:25:34.0279 3168 secdrv - ok
23:25:34.0289 3168 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:25:34.0299 3168 seclogon - ok
23:25:34.0329 3168 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
23:25:34.0339 3168 SENS - ok
23:25:34.0349 3168 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:25:34.0349 3168 Serenum - ok
23:25:34.0369 3168 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:25:34.0369 3168 Serial - ok
23:25:34.0379 3168 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:25:34.0389 3168 sermouse - ok
23:25:34.0409 3168 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:25:34.0419 3168 SessionEnv - ok
23:25:34.0429 3168 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:25:34.0429 3168 sffdisk - ok
23:25:34.0449 3168 [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:25:34.0449 3168 sffp_mmc - ok
23:25:34.0459 3168 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:25:34.0459 3168 sffp_sd - ok
23:25:34.0469 3168 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:25:34.0469 3168 sfloppy - ok
23:25:34.0499 3168 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:25:34.0509 3168 SharedAccess - ok
23:25:34.0519 3168 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:25:34.0529 3168 ShellHWDetection - ok
23:25:34.0549 3168 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:25:34.0549 3168 sisagp - ok
23:25:34.0559 3168 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:25:34.0559 3168 SiSRaid2 - ok
23:25:34.0569 3168 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:25:34.0569 3168 SiSRaid4 - ok
23:25:34.0789 3168 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:25:34.0869 3168 slsvc - ok
23:25:34.0889 3168 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:25:34.0899 3168 SLUINotify - ok
23:25:34.0909 3168 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:25:34.0909 3168 Smb - ok
23:25:34.0929 3168 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:25:34.0929 3168 SNMPTRAP - ok
23:25:34.0959 3168 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:25:34.0959 3168 spldr - ok
23:25:34.0979 3168 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:25:34.0989 3168 Spooler - ok
23:25:35.0019 3168 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NAV\1309000.009\SRTSP.SYS
23:25:35.0039 3168 SRTSP - ok
23:25:35.0039 3168 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NAV\1309000.009\SRTSPX.SYS
23:25:35.0039 3168 SRTSPX - ok
23:25:35.0059 3168 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:25:35.0069 3168 srv - ok
23:25:35.0099 3168 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:25:35.0099 3168 srv2 - ok
23:25:35.0109 3168 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:25:35.0109 3168 srvnet - ok
23:25:35.0139 3168 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:25:35.0149 3168 SSDPSRV - ok
23:25:35.0169 3168 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:25:35.0169 3168 SstpSvc - ok
23:25:35.0199 3168 Steam Client Service - ok
23:25:35.0239 3168 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:25:35.0259 3168 stisvc - ok
23:25:35.0289 3168 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:25:35.0289 3168 swenum - ok
23:25:35.0319 3168 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:25:35.0345 3168 swprv - ok
23:25:35.0361 3168 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:25:35.0361 3168 Symc8xx - ok
23:25:35.0392 3168 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NAV\1309000.009\SYMDS.SYS
23:25:35.0392 3168 SymDS - ok
23:25:35.0423 3168 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NAV\1309000.009\SYMEFA.SYS
23:25:35.0439 3168 SymEFA - ok
23:25:35.0470 3168 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
23:25:35.0470 3168 SymEvent - ok
23:25:35.0485 3168 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NAV\1309000.009\Ironx86.SYS
23:25:35.0485 3168 SymIRON - ok
23:25:35.0517 3168 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\NAV\1309000.009\SYMTDIV.SYS
23:25:35.0517 3168 SYMTDIv - ok
23:25:35.0532 3168 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:25:35.0532 3168 Sym_hi - ok
23:25:35.0532 3168 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:25:35.0532 3168 Sym_u3 - ok
23:25:35.0563 3168 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:25:35.0579 3168 SysMain - ok
23:25:35.0579 3168 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:25:35.0595 3168 TabletInputService - ok
23:25:35.0610 3168 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:25:35.0610 3168 TapiSrv - ok
23:25:35.0626 3168 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:25:35.0626 3168 TBS - ok
23:25:35.0657 3168 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:25:35.0673 3168 Tcpip - ok
23:25:35.0704 3168 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:25:35.0704 3168 Tcpip6 - ok
23:25:35.0719 3168 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:25:35.0719 3168 tcpipreg - ok
23:25:35.0751 3168 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:25:35.0751 3168 TDPIPE - ok
23:25:35.0751 3168 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:25:35.0766 3168 TDTCP - ok
23:25:35.0766 3168 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:25:35.0766 3168 tdx - ok
23:25:35.0782 3168 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:25:35.0782 3168 TermDD - ok
23:25:35.0829 3168 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:25:35.0844 3168 TermService - ok
23:25:35.0860 3168 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:25:35.0860 3168 Themes - ok
23:25:35.0875 3168 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:25:35.0875 3168 THREADORDER - ok
23:25:35.0875 3168 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:25:35.0891 3168 TrkWks - ok
23:25:35.0938 3168 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:25:35.0938 3168 TrustedInstaller - ok
23:25:35.0953 3168 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:35.0953 3168 tssecsrv - ok
23:25:35.0969 3168 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:25:35.0969 3168 tunmp - ok
23:25:35.0969 3168 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:25:35.0985 3168 tunnel - ok
23:25:36.0000 3168 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:25:36.0000 3168 uagp35 - ok
23:25:36.0016 3168 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:25:36.0016 3168 udfs - ok
23:25:36.0047 3168 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:25:36.0047 3168 UI0Detect - ok
23:25:36.0063 3168 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:25:36.0063 3168 uliagpkx - ok
23:25:36.0078 3168 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:25:36.0094 3168 uliahci - ok
23:25:36.0094 3168 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:25:36.0094 3168 UlSata - ok
23:25:36.0109 3168 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:25:36.0125 3168 ulsata2 - ok
23:25:36.0125 3168 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:25:36.0125 3168 umbus - ok
23:25:36.0141 3168 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:25:36.0156 3168 upnphost - ok
23:25:36.0172 3168 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:25:36.0172 3168 USBAAPL - ok
23:25:36.0203 3168 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:25:36.0203 3168 usbccgp - ok
23:25:36.0219 3168 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:25:36.0219 3168 usbcir - ok
23:25:36.0234 3168 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:25:36.0234 3168 usbehci - ok
23:25:36.0250 3168 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:25:36.0250 3168 usbhub - ok
23:25:36.0281 3168 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:25:36.0281 3168 usbohci - ok
23:25:36.0281 3168 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:25:36.0297 3168 usbprint - ok
23:25:36.0312 3168 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:25:36.0312 3168 USBSTOR - ok
23:25:36.0328 3168 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:25:36.0328 3168 usbuhci - ok
23:25:36.0359 3168 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:25:36.0359 3168 UxSms - ok
23:25:36.0375 3168 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:25:36.0390 3168 vds - ok
23:25:36.0406 3168 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:36.0406 3168 vga - ok
23:25:36.0421 3168 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:25:36.0421 3168 VgaSave - ok
23:25:36.0437 3168 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:25:36.0437 3168 viaagp - ok
23:25:36.0453 3168 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:25:36.0453 3168 ViaC7 - ok
23:25:36.0468 3168 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
23:25:36.0468 3168 viaide - ok
23:25:36.0499 3168 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:25:36.0499 3168 volmgr - ok
23:25:36.0593 3168 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:25:36.0593 3168 volmgrx - ok
23:25:36.0671 3168 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:25:36.0671 3168 volsnap - ok
23:25:36.0702 3168 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:25:36.0702 3168 vsmraid - ok
23:25:36.0749 3168 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:25:36.0827 3168 VSS - ok
23:25:36.0843 3168 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:25:36.0858 3168 W32Time - ok
23:25:36.0874 3168 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:25:36.0874 3168 WacomPen - ok
23:25:36.0889 3168 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:25:36.0889 3168 Wanarp - ok
23:25:36.0905 3168 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:25:36.0905 3168 Wanarpv6 - ok
23:25:36.0921 3168 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:25:36.0936 3168 wcncsvc - ok
23:25:36.0952 3168 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:25:36.0952 3168 WcsPlugInService - ok
23:25:36.0983 3168 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
23:25:36.0983 3168 Wd - ok
23:25:37.0014 3168 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:25:37.0014 3168 Wdf01000 - ok
23:25:37.0030 3168 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:25:37.0045 3168 WdiServiceHost - ok
23:25:37.0045 3168 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:25:37.0061 3168 WdiSystemHost - ok
23:25:37.0077 3168 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:25:37.0077 3168 WebClient - ok
23:25:37.0108 3168 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:25:37.0108 3168 Wecsvc - ok
23:25:37.0123 3168 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:25:37.0123 3168 wercplsupport - ok
23:25:37.0139 3168 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:25:37.0155 3168 WerSvc - ok
23:25:37.0155 3168 WinHttpAutoProxySvc - ok
23:25:37.0217 3168 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:25:37.0217 3168 Winmgmt - ok
23:25:37.0264 3168 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:25:37.0295 3168 WinRM - ok
23:25:37.0342 3168 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:25:37.0342 3168 Wlansvc - ok
23:25:37.0373 3168 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:25:37.0373 3168 WmiAcpi - ok
23:25:37.0389 3168 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:25:37.0404 3168 wmiApSrv - ok
23:25:37.0467 3168 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:25:37.0482 3168 WMPNetworkSvc - ok
23:25:37.0498 3168 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:25:37.0513 3168 WPCSvc - ok
23:25:37.0529 3168 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:25:37.0545 3168 WPDBusEnum - ok
23:25:37.0560 3168 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:25:37.0560 3168 WpdUsb - ok
23:25:37.0607 3168 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:25:37.0638 3168 WPFFontCache_v0400 - ok
23:25:37.0654 3168 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:25:37.0654 3168 ws2ifsl - ok
23:25:37.0685 3168 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
23:25:37.0685 3168 wscsvc - ok
23:25:37.0685 3168 WSearch - ok
23:25:37.0763 3168 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:25:37.0810 3168 wuauserv - ok
23:25:37.0841 3168 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:37.0841 3168 WUDFRd - ok
23:25:37.0872 3168 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:25:37.0872 3168 wudfsvc - ok
23:25:37.0888 3168 ================ Scan global ===============================
23:25:37.0903 3168 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:25:37.0935 3168 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:25:37.0966 3168 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:25:37.0981 3168 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:25:37.0997 3168 [Global] - ok
23:25:37.0997 3168 ================ Scan MBR ==================================
23:25:38.0013 3168 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:25:38.0231 3168 \Device\Harddisk0\DR0 - ok
23:25:38.0231 3168 ================ Scan VBR ==================================
23:25:38.0247 3168 [ D01B867BE080E9AAD1C024861E8AE0F3 ] \Device\Harddisk0\DR0\Partition1
23:25:38.0247 3168 \Device\Harddisk0\DR0\Partition1 - ok
23:25:38.0262 3168 [ DD39AD06903F685253A10C53010D748B ] \Device\Harddisk0\DR0\Partition2
23:25:38.0262 3168 \Device\Harddisk0\DR0\Partition2 - ok
23:25:38.0262 3168 ============================================================
23:25:38.0262 3168 Scan finished
23:25:38.0262 3168 ============================================================
23:25:38.0278 3376 Detected object count: 0
23:25:38.0278 3376 Actual detected object count: 0
23:27:05.0658 0460 Deinitialize success
Mfg Max |
|
14.11.2012, 07:34
| #4 | |
| /// Selecta Jahrusso | Polizei Trojaner(Österreich) Log auswertungCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
14.11.2012, 12:18
| #5 |
| | Polizei Trojaner(Österreich) Log auswertung Hey... danke nochmal für die schnelle hilfe !  Code:
ATTFilter ComboFix 12-11-13.03 - Exodus 14.11.2012 11:45:32.1.2 - x86
ausgeführt von:: c:\users\Exodus\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-14 bis 2012-11-14 ))))))))))))))))))))))))))))))
.
.
2012-11-13 17:59 . 2012-11-13 17:59 -------- d-----w- c:\users\Exodus\AppData\Roaming\Malwarebytes
2012-11-13 17:59 . 2012-11-13 17:59 -------- d-----w- c:\programdata\Malwarebytes
2012-11-13 17:59 . 2012-11-13 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-13 17:59 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-11 23:27 . 2012-11-12 18:01 -------- d-----w- c:\programdata\Avira
2012-11-11 21:40 . 2012-11-11 21:40 -------- d-----w- c:\program files\MSECache
2012-11-07 22:27 . 2012-11-07 22:27 -------- d-----w- c:\program files\Skype
2012-11-01 16:50 . 2012-11-01 16:50 -------- d-----w- c:\users\Exodus\AppData\Local\Arktos
2012-11-01 16:50 . 2012-11-01 16:50 -------- d-----w- c:\users\Exodus\AppData\Local\CrashRpt
2012-10-21 00:41 . 2012-11-03 14:30 -------- d-----w- c:\users\Exodus\AppData\Roaming\Dwarfs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 15:53 . 2012-07-27 18:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 15:53 . 2012-07-27 18:53 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 17:16 . 2012-10-08 17:16 119808 ----a-r- c:\users\Exodus\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-10-03 17:51 . 2012-10-03 17:51 65536 ----a-r- c:\users\Exodus\AppData\Roaming\Microsoft\Installer\{CB87D276-2F4A-453A-A2D8-D597927C59A0}\NewShortcut2_CB09F557482146D0BF868D1389AA6BC7_1.exe
2012-10-03 17:51 . 2012-10-03 17:51 65536 ----a-r- c:\users\Exodus\AppData\Roaming\Microsoft\Installer\{CB87D276-2F4A-453A-A2D8-D597927C59A0}\NewShortcut1_CB09F557482146D0BF868D1389AA6BC7_2.exe
2012-10-01 15:51 . 2012-10-01 11:52 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-01 14:12 . 2009-04-11 13:18 279552 ----a-w- c:\windows\system32\services.exe
2012-09-22 11:40 . 2012-09-22 11:40 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-22 11:40 . 2012-07-29 13:17 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-22 11:40 . 2012-07-29 13:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28 . 2012-10-10 13:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-03 18:52 . 2012-09-03 18:44 102400 ----a-w- c:\windows\RegBootClean.exe
2012-09-01 09:23 . 2012-08-30 07:20 0 ---ha-w- c:\users\Exodus\AppData\Roaming\windrv32.sys
2012-08-29 11:27 . 2012-10-10 13:49 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 13:49 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-26 01:51 . 2012-08-25 09:38 0 ---ha-w- c:\users\Exodus\AppData\Roaming\winbros.sys
2012-08-24 15:53 . 2012-10-10 13:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 11:13 . 2012-08-24 11:13 0 ---ha-w- c:\users\Exodus\AppData\Roaming\ztddttud.sys
2012-08-24 11:13 . 2012-08-21 10:38 0 ---ha-w- c:\users\Exodus\AppData\Roaming\winbras.sys
2012-08-24 06:59 . 2012-10-01 23:02 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-10-01 23:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-10-01 23:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-10-01 23:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-10-01 23:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-10-01 23:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-20 22:47 . 2012-08-20 01:28 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-20 22:47 . 2012-08-20 10:13 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-20 22:47 . 2012-08-20 01:28 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-20 13:20 . 2012-08-20 01:28 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-20 01:28 . 2012-08-20 01:28 138056 ----a-w- c:\users\Exodus\AppData\Roaming\PnkBstrK.sys
2012-08-20 01:28 . 2012-08-20 01:28 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-10-30 00:53 . 2012-10-30 00:53 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"Steam"="d:\steam\steam.exe" [2012-09-22 1353080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe [2012-8-20 29184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 15:53]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-13 18:07]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-13 18:07]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000Core.job
- c:\users\Exodus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 15:47]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000UA.job
- c:\users\Exodus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 15:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Exodus\AppData\Roaming\Mozilla\Firefox\Profiles\qmfgr1kj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-23 14:12; quickstores@quickstores.de; c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
HKU-Default-Run-FRITZ!protect - FwebProt.exe
MSConfigStartUp-Microsoft Windows Manager - c:\users\Exodus\M-50-8964-7854-4678\winmgr.exe
AddRemove-{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1 - d:\warz\The War Z\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-14 11:51
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FRITZ!DSL\IGDCTRL.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Nero\Update\NASvc.exe
c:\program files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-14 11:54:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-11-14 10:54
.
Vor Suchlauf: 13 Verzeichnis(se), 65.723.535.360 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 67.822.837.760 Bytes frei
.
- - End Of File - - CA881FEAC5BEAFECE8DE0B8958EC1E40
Mfg Max |
|
14.11.2012, 15:10
| #6 |
| /// Selecta Jahrusso | Polizei Trojaner(Österreich) Log auswertung Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter: BleepingComputer.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter File::
C:\Windows\assembly\Desktop.ini
C:\Users\Exodus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
C:\ProgramData\lsass.exe
Folder::
C:\Users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}
C:\Windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}
ClearJavaCache::
Wichtig:
Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread.
__________________ --> Polizei Trojaner(Österreich) Log auswertung |
|
14.11.2012, 16:06
| #7 |
| | Polizei Trojaner(Österreich) Log auswertung Okei fertig.  Kannst du vielleicht noch kurz erklären was da genau gemacht wurde bzw. wo es Probleme gab ? Mfg Max Code:
ATTFilter ComboFix 12-11-14.01 - Exodus 14.11.2012 15:42:51.3.2 - x86
ausgeführt von:: c:\users\Exodus\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Exodus\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\programdata\lsass.exe"
"c:\users\Exodus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk"
"c:\windows\assembly\Desktop.ini"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}
c:\users\Exodus\AppData\Local\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\@
c:\windows\assembly\Desktop.ini
c:\windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}
c:\windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\@
c:\windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\L\00000004.@
c:\windows\Installer\{408e2103-96a8-3843-cbcb-43d2c3973cd2}\L\201d3dde
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-14 bis 2012-11-14 ))))))))))))))))))))))))))))))
.
.
2012-11-14 14:48 . 2012-11-14 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-14 14:36 . 2012-11-14 14:48 -------- d-----w- c:\users\Exodus\AppData\Local\temp
2012-11-13 17:59 . 2012-11-13 17:59 -------- d-----w- c:\users\Exodus\AppData\Roaming\Malwarebytes
2012-11-13 17:59 . 2012-11-13 17:59 -------- d-----w- c:\programdata\Malwarebytes
2012-11-13 17:59 . 2012-11-13 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-13 17:59 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-11 23:27 . 2012-11-12 18:01 -------- d-----w- c:\programdata\Avira
2012-11-11 21:40 . 2012-11-11 21:40 -------- d-----w- c:\program files\MSECache
2012-11-07 22:27 . 2012-11-07 22:27 -------- d-----w- c:\program files\Skype
2012-11-01 16:50 . 2012-11-01 16:50 -------- d-----w- c:\users\Exodus\AppData\Local\Arktos
2012-11-01 16:50 . 2012-11-01 16:50 -------- d-----w- c:\users\Exodus\AppData\Local\CrashRpt
2012-10-21 00:41 . 2012-11-03 14:30 -------- d-----w- c:\users\Exodus\AppData\Roaming\Dwarfs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 15:53 . 2012-07-27 18:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 15:53 . 2012-07-27 18:53 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 17:16 . 2012-10-08 17:16 119808 ----a-r- c:\users\Exodus\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-10-03 17:51 . 2012-10-03 17:51 65536 ----a-r- c:\users\Exodus\AppData\Roaming\Microsoft\Installer\{CB87D276-2F4A-453A-A2D8-D597927C59A0}\NewShortcut2_CB09F557482146D0BF868D1389AA6BC7_1.exe
2012-10-03 17:51 . 2012-10-03 17:51 65536 ----a-r- c:\users\Exodus\AppData\Roaming\Microsoft\Installer\{CB87D276-2F4A-453A-A2D8-D597927C59A0}\NewShortcut1_CB09F557482146D0BF868D1389AA6BC7_2.exe
2012-10-01 15:51 . 2012-10-01 11:52 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-01 14:12 . 2009-04-11 13:18 279552 ----a-w- c:\windows\system32\services.exe
2012-09-22 11:40 . 2012-09-22 11:40 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-22 11:40 . 2012-07-29 13:17 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-22 11:40 . 2012-07-29 13:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28 . 2012-10-10 13:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-03 18:52 . 2012-09-03 18:44 102400 ----a-w- c:\windows\RegBootClean.exe
2012-09-01 09:23 . 2012-08-30 07:20 0 ---ha-w- c:\users\Exodus\AppData\Roaming\windrv32.sys
2012-08-29 11:27 . 2012-10-10 13:49 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 13:49 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-26 01:51 . 2012-08-25 09:38 0 ---ha-w- c:\users\Exodus\AppData\Roaming\winbros.sys
2012-08-24 15:53 . 2012-10-10 13:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 11:13 . 2012-08-24 11:13 0 ---ha-w- c:\users\Exodus\AppData\Roaming\ztddttud.sys
2012-08-24 11:13 . 2012-08-21 10:38 0 ---ha-w- c:\users\Exodus\AppData\Roaming\winbras.sys
2012-08-24 06:59 . 2012-10-01 23:02 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-10-01 23:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-10-01 23:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-10-01 23:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-10-01 23:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-10-01 23:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-20 22:47 . 2012-08-20 01:28 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-20 22:47 . 2012-08-20 10:13 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-20 22:47 . 2012-08-20 01:28 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-20 13:20 . 2012-08-20 01:28 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-20 01:28 . 2012-08-20 01:28 138056 ----a-w- c:\users\Exodus\AppData\Roaming\PnkBstrK.sys
2012-08-20 01:28 . 2012-08-20 01:28 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-10-30 00:53 . 2012-10-30 00:53 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"Steam"="d:\steam\steam.exe" [2012-09-22 1353080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe [2012-8-20 29184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 15:53]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-13 18:07]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-13 18:07]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000Core.job
- c:\users\Exodus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 15:47]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000UA.job
- c:\users\Exodus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 15:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Exodus\AppData\Roaming\Mozilla\Firefox\Profiles\qmfgr1kj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-23 14:12; quickstores@quickstores.de; c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-14 15:48
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Zeit der Fertigstellung: 2012-11-14 15:49:42
ComboFix-quarantined-files.txt 2012-11-14 14:49
ComboFix2.txt 2012-11-14 14:36
ComboFix3.txt 2012-11-14 10:54
.
Vor Suchlauf: 15 Verzeichnis(se), 64.863.936.512 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 64.599.572.480 Bytes frei
.
- - End Of File - - 2651DE51DA43BA69C49580D31E2B1C10
Code:
ATTFilter OTL logfile created on: 14.11.2012 15:53:15 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Exodus\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,04% Memory free 4,23 Gb Paging File | 3,27 Gb Available in Paging File | 77,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,16 Gb Total Space | 62,47 Gb Free Space | 56,71% Space Free | Partition Type: NTFS Drive D: | 216,40 Gb Total Space | 81,00 Gb Free Space | 37,43% Space Free | Partition Type: NTFS Drive L: | 5,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: EXODUS-PC | User Name: Exodus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Exodus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SoftwareDistribution\Download\Install\mpas-fe.exe (Microsoft Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ccsvchst.exe (Symantec Corporation) PRC - d:\26ec2d79e0983e1c9813fc453e911c\MPSigStub.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe () SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Desura Install Service) -- C:\Programme\Common Files\Desura\desura_service.exe (Desura Pty Ltd) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (mbr) -- C:\ComboFix\mbr.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (catchme) -- C:\Users\Exodus\AppData\Local\Temp\catchme.sys File not found DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121005.002\BHDrvx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys () DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVENG.SYS (Symantec Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121027.002\IDSvix86.sys (Symantec Corporation) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1309000.009\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1309000.009\srtspx.sys (Symantec Corporation) DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1309000.009\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1309000.009\symefa.sys (Symantec Corporation) DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NAV\1309000.009\symtdiv.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1309000.009\ironx86.sys (Symantec Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1309000.009\symds.sys (Symantec Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D B1 68 3E BC C1 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={E8AEDDE5-5128-4F3E-8D4F-52B1CB04808E}&mid=d9ceb2f73dc847d0aef2d168c3e36fef-06ce4fc639803a2e3563922518183d8e94088cb9&lang=de&ds=AVG&pr=pr&d=2012-10-01 13:21:05&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.145.0 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012.11.12 00:05:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 01:53:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.30 01:53:30 | 000,000,000 | ---D | M] [2012.07.27 19:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exodus\AppData\Roaming\mozilla\Extensions [2012.10.23 16:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exodus\AppData\Roaming\mozilla\Firefox\Profiles\qmfgr1kj.default\extensions [2012.08.19 20:06:39 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Exodus\AppData\Roaming\mozilla\Firefox\Profiles\qmfgr1kj.default\extensions\battlefieldheroespatcher@ea.com [2012.10.30 01:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.30 01:53:28 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2012.10.30 01:53:37 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.16 01:03:52 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.10.01 12:21:00 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.04 21:46:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.26 20:10:26 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Exodus\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbyond.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Exodus\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2012.11.14 15:48:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{369B177D-2325-4961-8CCF-0552EA4B77F7}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Exodus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Exodus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.10.10 13:01:08 | 000,000,051 | R--- | M] () - L:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 15:49:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.14 15:49:44 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.14 15:49:44 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Local\temp [2012.11.14 15:27:38 | 005,001,537 | R--- | C] (Swearware) -- C:\Users\Exodus\Desktop\ComboFix.exe [2012.11.14 11:44:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.14 11:44:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.14 11:44:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.14 11:44:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.14 11:43:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.13 18:59:36 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\Malwarebytes [2012.11.13 18:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.13 18:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.13 18:59:26 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.13 18:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.13 18:20:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Exodus\Desktop\OTL.exe [2012.11.12 00:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.11 22:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.11.11 22:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.11.11 22:20:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.11.09 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\BitTorrent [2012.11.07 23:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Skype [2012.11.01 17:50:48 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Local\Arktos [2012.11.01 17:50:46 | 000,000,000 | ---D | C] -- C:\Users\Exodus\Documents\Arktos [2012.11.01 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Local\CrashRpt [2012.10.30 18:15:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2012.10.30 18:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z [2012.10.30 01:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.27 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\uTorrent [2012.10.21 01:41:57 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\DwarfsF2P [2012.10.21 01:41:55 | 000,000,000 | ---D | C] -- C:\Users\Exodus\AppData\Roaming\Dwarfs ========== Files - Modified Within 30 Days ========== [2012.11.14 15:49:04 | 001,644,197 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1309000.009\Cat.DB [2012.11.14 15:48:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.14 15:48:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.14 15:38:06 | 000,002,337 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2012.11.14 15:38:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.14 15:38:04 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 15:38:04 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 15:38:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.14 15:37:59 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 15:26:26 | 005,001,537 | R--- | M] (Swearware) -- C:\Users\Exodus\Desktop\ComboFix.exe [2012.11.14 15:12:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.14 14:57:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000UA.job [2012.11.14 13:57:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2028157852-3969067451-341249778-1000Core.job [2012.11.13 18:58:34 | 000,541,569 | ---- | M] () -- C:\Users\Exodus\Desktop\adwcleaner.exe [2012.11.13 18:20:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Exodus\Desktop\OTL.exe [2012.11.12 22:54:37 | 000,051,712 | ---- | M] () -- C:\Users\Exodus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.11 22:11:13 | 000,000,680 | ---- | M] () -- C:\Users\Exodus\AppData\Local\d3d9caps.dat [2012.11.11 14:37:17 | 005,946,014 | ---- | M] () -- C:\Users\Exodus\Documents\Imagine Dragons, Radioactive HD.mp3 [2012.11.09 19:23:07 | 094,721,516 | ---- | M] () -- C:\Users\Exodus\Documents\[HQ] Hans Zimmer - Inception Soundtrack - OST (complete).mp3 [2012.11.06 19:21:28 | 007,605,312 | ---- | M] () -- C:\Users\Exodus\Documents\Borderlands 2 Intro Song - Soundtrack (The Heavy - Short Change Hero).mp3 [2012.11.06 19:18:13 | 005,683,669 | ---- | M] () -- C:\Users\Exodus\Documents\The Borderlands Theme Song- Aint No Rest For the Wicked.mp3 [2012.10.28 00:51:11 | 000,000,104 | ---- | M] () -- C:\Users\Exodus\Documents\Papierkorb - Verknüpfung.lnk [2012.10.26 17:26:57 | 186,464,390 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.16 11:29:46 | 000,010,074 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1309000.009\VT20121008.022 ========== Files Created - No Company Name ========== [2012.11.14 11:44:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.14 11:44:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.14 11:44:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.14 11:44:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.14 11:44:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.13 18:58:33 | 000,541,569 | ---- | C] () -- C:\Users\Exodus\Desktop\adwcleaner.exe [2012.11.12 00:08:54 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys [2012.11.11 14:37:00 | 005,946,014 | ---- | C] () -- C:\Users\Exodus\Documents\Imagine Dragons, Radioactive HD.mp3 [2012.11.09 19:18:14 | 094,721,516 | ---- | C] () -- C:\Users\Exodus\Documents\[HQ] Hans Zimmer - Inception Soundtrack - OST (complete).mp3 [2012.11.06 19:21:15 | 007,605,312 | ---- | C] () -- C:\Users\Exodus\Documents\Borderlands 2 Intro Song - Soundtrack (The Heavy - Short Change Hero).mp3 [2012.11.06 19:18:05 | 005,683,669 | ---- | C] () -- C:\Users\Exodus\Documents\The Borderlands Theme Song- Aint No Rest For the Wicked.mp3 [2012.10.28 00:51:11 | 000,000,104 | ---- | C] () -- C:\Users\Exodus\Documents\Papierkorb - Verknüpfung.lnk [2012.10.13 17:29:01 | 000,086,704 | ---- | C] () -- C:\Users\Exodus\tumblr_m1nwebxpUq1r5u0t3.png [2012.10.07 09:53:09 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012.10.03 18:50:27 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2012.10.03 13:04:28 | 000,071,372 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.09.03 19:44:33 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe [2012.09.03 19:44:10 | 000,216,158 | ---- | C] () -- C:\Users\Exodus\AppData\Local\census.cache [2012.09.03 19:43:54 | 000,149,652 | ---- | C] () -- C:\Users\Exodus\AppData\Local\ars.cache [2012.09.03 19:34:52 | 000,000,036 | ---- | C] () -- C:\Users\Exodus\AppData\Local\housecall.guid.cache [2012.08.30 08:20:09 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\windrv32.sys [2012.08.25 10:38:54 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\winbros.sys [2012.08.24 12:13:02 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\ztddttud.sys [2012.08.21 11:38:45 | 000,000,000 | -H-- | C] () -- C:\Users\Exodus\AppData\Roaming\winbras.sys [2012.08.20 02:28:25 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.08.20 02:28:25 | 000,138,056 | ---- | C] () -- C:\Users\Exodus\AppData\Roaming\PnkBstrK.sys [2012.08.20 02:28:07 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.08.20 02:28:02 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.08.06 12:07:09 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.07.28 23:11:47 | 000,051,712 | ---- | C] () -- C:\Users\Exodus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.28 15:04:28 | 003,495,784 | ---- | C] () -- C:\Windows\System32\d3dx9_33.dll [2012.07.28 12:19:16 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.07.27 19:49:44 | 000,000,680 | ---- | C] () -- C:\Users\Exodus\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "ThreadingModel" = Apartment "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 14:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 14:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment ========== LOP Check ========== [2012.10.06 13:13:25 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\.minecraft [2012.09.19 23:30:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Audacity [2012.07.30 00:52:30 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\avidemux [2012.08.06 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Awesomium [2012.07.27 20:02:04 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Babylon [2012.11.11 22:48:42 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\BitTorrent [2012.11.11 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DAEMON Tools Pro [2012.08.02 18:59:51 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DVDVideoSoft [2012.11.03 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Dwarfs [2012.10.21 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\DwarfsF2P [2012.10.01 15:20:51 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\FixZeroAccess [2012.09.02 23:44:28 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\FRITZ! [2012.08.22 01:50:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Gyazo [2012.09.24 12:35:09 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\LS [2012.09.04 16:22:36 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Mount&Blade Warband [2012.10.02 17:04:17 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\OnLive App [2012.08.23 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\RotMG.Production [2012.08.04 11:24:28 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\TEdit [2012.08.20 18:45:11 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\Unity [2012.11.12 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Exodus\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > |
|
14.11.2012, 21:36
| #8 |
| /// Selecta Jahrusso | Polizei Trojaner(Österreich) Log auswertung Kurz ? Ja Die Malware wurde gelöscht  Update bitte Malwarebytes und lass einen QuickScan laufen. Entferne alle Funde und poste die Logfile hier. ESET Online Scanner
Downloade Dir bitte SecurityCheck
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
15.11.2012, 04:26
| #9 |
| | Polizei Trojaner(Österreich) Log auswertung Kurz und Knapp ^^ ! Echt nett das du dir die zeit nimmst um mir zu helfen Thx!! Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.14.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Exodus :: EXODUS-PC [Administrator] Schutz: Aktiviert 15.11.2012 00:53:41 mbam-log-2012-11-15 (00-53-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 193468 Laufzeit: 5 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=545164fa10007b409d38cff846f362b5
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-15 12:58:13
# local_time=2012-11-15 01:58:13 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777214 60 39 266371 45558261 0 0
# compatibility_mode=5892 16776574 100 100 36538 190470631 0 0
# compatibility_mode=8192 67108863 100 0 3819 3819 0 0
# scanned=114040
# found=0
# cleaned=0
# scan_time=3189
Code:
ATTFilter Results of screen317's Security Check version 0.99.54 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 JavaFX 2.0.3 Java 7 Update 7 Java version out of Date! Adobe Flash Player 11.4.402.287 Adobe Reader X (10.1.4) Mozilla Firefox (16.0.2) Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
15.11.2012, 07:50
| #10 | |
| /// Selecta Jahrusso | Polizei Trojaner(Österreich) Log auswertung Hy. Macht der Rechner noch irgendwelche Probleme ? Zitat:
Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter @echo off
>look.txt (
net start winmgmt
sc qc winmgmt
sc query winmgmt
)
notepad look.txt
del %0
Es wird sich ein Textdokument ( look.txt ) öffnen. Poste den Inhalt bitte hier.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
16.11.2012, 00:14
| #11 |
| | Polizei Trojaner(Österreich) Log auswertung Hey, Nein macht er zum glück nicht mehr, dank deiner hilfe! Hab's unter Systemsteuerung versucht, ist nur die Aktuelle Version drin hab auch unter C: gesucht aber nichts gefunden aber stört auch nicht wenns oben ist... aja hier noch die Log Code:
ATTFilter [SC] QueryServiceConfig ERFOLG
SERVICE_NAME: winmgmt
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows-Verwaltungsinstrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME : localSystem
SERVICE_NAME: winmgmt
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
|
|
16.11.2012, 09:37
| #12 |
| /// Selecta Jahrusso | Polizei Trojaner(Österreich) Log auswertung Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Wenn sonst nichts mehr ansteht, sind wir hier durch. Wenn du mit Defogger irgendwelche Treiber deaktiviert hast, starte bitte Defogger und klicke den Re-enable Button. Defogger wir gegebenfalls einen Neustart verlangen. Dies bitte zulassen. Wichtig: Sollte es eine Fehlermeldung geben, poste bitte die Defogger_reenable Log hier. Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Downloade dir bitte OTC Starte das Tool mit Doppelklick. Dies wird die meisten Logfiles, Tools usw die wir benötigt haben, entfernen. Sollte etwas bestehen bleiben, bitte manuell löschen. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
16.11.2012, 11:32
| #13 |
| | Polizei Trojaner(Österreich) Log auswertung Okei alles erledigt! Ich möchte mich bei dem Forum bedanken und ganz besonders bei dir Daniel! Hast mir sehr geholfen! Ich werde mir auch deine Tipps zu Herzen nehmen ! Mfg Max |
|
17.11.2012, 03:52
| #14 |
| /// Selecta Jahrusso | Polizei Trojaner(Österreich) Log auswertung Froh das wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Polizei Trojaner(Österreich) Log auswertung |
| antivirus, autorun, avg secure search, bho, black, bonjour, clipgrab, dsl, error, firefox, flash player, google, helper, home, install.exe, jdownloader, logfile, mozilla, plug-in, realtek, registry, rundll, scan, secure search, security, software, soundtrack, super, svchost.exe, symantec, teamspeak, trojaner, vista |
Linear-Darstellung
