| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner Sperrung durch Trojaner BundespolizeiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.12.2012, 19:07
| #1 |
| |  Rechner Sperrung durch Trojaner Bundespolizei Hallo, gestern abend hat ein Trojaner meinen Rechner gesperrt mit einem Hinweis "Die Bundespolizei hat Ihren Rechner gesperrt" Auf dieser Seite habe ich die ersten Schritte gefunden. Ich habe Malwarebytes Anti-Malware runtergeladen, aktualisiert und durchgeführt. Es wurde 4 Sachen gefunden und in Quarantäne gesetzt. Was soll ich jetzt noch weiter machen? Danke für Eure Hilfe auf der Seite! Hier das Log dazu: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.17.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 XXX :: XXX-PC [Administrator] Schutz: Aktiviert 19.12.2012 16:45:18 mbam-log-2012-12-19 (18-18-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 431311 Laufzeit: 1 Stunde(n), 23 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\XXX\Downloads\SoftonicDownloader_fuer_nvidia-gpu-temp.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. (Ende) |
|
19.12.2012, 19:08
| #2 |
| /// Malware-holic   | Rechner Sperrung durch Trojaner Bundespolizei Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
19.12.2012, 19:37
| #3 |
| | Rechner Sperrung durch Trojaner Bundespolizei Hallo Markusg,
__________________hier die Logs von OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.12.2012 19:14:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Linger\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,79% Memory free 5,98 Gb Paging File | 4,88 Gb Available in Paging File | 81,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 880,93 Gb Total Space | 660,22 Gb Free Space | 74,95% Space Free | Partition Type: NTFS Drive D: | 25,00 Gb Total Space | 19,00 Gb Free Space | 75,99% Space Free | Partition Type: NTFS Drive K: | 1397,26 Gb Total Space | 1334,57 Gb Free Space | 95,51% Space Free | Partition Type: NTFS Computer Name: LINGER-PC | User Name: Linger | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.19 19:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Linger\Desktop\OTL.exe PRC - [2012.12.17 23:29:50 | 029,428,448 | ---- | M] (Dropbox, Inc.) -- C:\Users\Linger\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.28 14:52:56 | 003,671,904 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe PRC - [2012.08.08 20:06:37 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.12.06 11:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe PRC - [2011.11.11 12:59:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011.11.11 12:59:30 | 001,510,720 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.10.02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE ========== Modules (No Company Name) ========== MOD - [2012.11.16 09:16:34 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll MOD - [2012.11.16 06:32:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.16 06:32:31 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.16 06:32:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.16 06:32:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012.11.16 06:32:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.16 06:32:04 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.16 06:32:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.16 06:31:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2012.12.11 20:38:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.07 12:11:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.05.05 13:38:00 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.11 12:59:30 | 001,510,720 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Linger\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.09 08:26:23 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.11.08 21:25:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.08.17 08:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.07.08 00:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.13 23:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - No CLSID value found IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {D5F9DFA3-301E-4E7A-9958-8553A872E756} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{74BC814E-3CE7-4BB7-A3CC-60292DD9A783}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=C60A5E2A-5712-405A-A803-9784B771B8FD&apn_sauid=4CA689FE-A2B6-4721-B763-5005FAA8D958 IE - HKCU\..\SearchScopes\{76DE1DDB-D807-471D-9B85-85F371026840}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\..\SearchScopes\{D5F9DFA3-301E-4E7A-9958-8553A872E756}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406" FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.159 FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.7.0.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Linger\AppData\Roaming\Mozilla\Firefox\Profiles\klbsbtco.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 12:11:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 12:10:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 12:11:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 12:10:59 | 000,000,000 | ---D | M] [2012.01.14 21:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linger\AppData\Roaming\mozilla\Extensions [2012.12.11 11:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions [2012.01.07 23:15:00 | 000,000,000 | ---D | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2012.11.16 06:34:04 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} [2012.11.18 09:39:03 | 000,000,000 | ---D | M] (BittorrentBar_DE) -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} [2012.01.14 21:35:16 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.12.11 11:44:15 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Linger\AppData\Roaming\mozilla\Firefox\Profiles\klbsbtco.default\extensions\toolbar@ask.com [2012.11.06 19:02:57 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.12.11 11:44:15 | 000,002,308 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\askcom.xml [2012.07.29 12:59:50 | 000,000,925 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\conduit.xml [2011.11.08 17:53:47 | 000,005,604 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\Linkury Smartbar Search.xml [2012.01.14 21:35:14 | 000,002,519 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\Search_Results.xml [2011.11.12 08:30:40 | 000,003,915 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\SweetIM Search.xml [2011.11.12 08:30:34 | 000,003,915 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\mozilla\firefox\profiles\klbsbtco.default\searchplugins\sweetim.xml [2012.12.07 12:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.07 12:11:01 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.01 22:48:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.14 21:35:14 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=48 CHR - Extension: YouTube = C:\Users\Linger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Avanquest App'-Anwendungsleiste = C:\Users\Linger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg\2.3.2.4_0\ CHR - Extension: Google-Suche = C:\Users\Linger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\Linger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent File not found O4 - Startup: C:\Users\Linger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Linger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E493564-5745-4AD0-8493-2D0AB5ABB6AE}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk K:\ O33 - MountPoints2\{8bdccc09-04aa-11e1-9938-4061867cba24}\Shell - "" = AutoRun O33 - MountPoints2\{8bdccc09-04aa-11e1-9938-4061867cba24}\Shell\AutoRun\command - "" = J:\INSTALL.EXE O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\INSTALL.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2012.12.19 19:11:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Linger\Desktop\OTL.exe [2012.12.19 16:44:47 | 000,000,000 | ---D | C] -- C:\Users\Linger\AppData\Local\Programs [2012.12.19 16:44:25 | 000,000,000 | ---D | C] -- C:\Users\Linger\AppData\Roaming\Malwarebytes [2012.12.19 16:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.19 16:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.19 16:44:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.19 16:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.12.19 16:43:35 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Linger\Desktop\mbam-setup-1.65.1.1000.exe [2012.12.19 16:43:32 | 007,105,872 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Linger\Desktop\mbam-rules.exe [2012.12.18 21:58:07 | 000,336,032 | ---- | C] (Microsoft Corporation) -- C:\Users\Linger\wgsdgsdgdsgsd.dll [2012.12.11 11:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.12.11 11:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.12.11 11:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.11 11:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.12.11 11:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.12.09 18:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meine CEWE FOTOWELT [2012.12.09 18:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\corporate benefits [2012.12.07 12:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.25 20:12:19 | 000,000,000 | ---D | C] -- C:\Users\Linger\Documents\gothic3 [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.19 19:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Linger\Desktop\OTL.exe [2012.12.19 18:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.19 18:31:32 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 18:31:32 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 18:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.19 18:24:07 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.12.19 16:44:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.19 16:44:06 | 000,664,618 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.19 16:44:06 | 000,624,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.19 16:44:06 | 000,134,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.19 16:44:06 | 000,110,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.19 08:48:14 | 007,105,872 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Linger\Desktop\mbam-rules.exe [2012.12.19 08:41:42 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Linger\Desktop\mbam-setup-1.65.1.1000.exe [2012.12.19 00:22:56 | 095,023,320 | ---- | M] () -- C:\ProgramData\8F24d!.pad [2012.12.18 21:58:09 | 000,001,079 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.18 21:43:11 | 000,001,016 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.13 20:02:06 | 000,341,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.09 18:46:48 | 000,001,306 | ---- | M] () -- C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk [2012.12.09 18:46:48 | 000,001,281 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk [2012.12.08 18:13:25 | 291,841,609 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.25 20:08:59 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Gothic 3 Spielen!.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.19 16:44:14 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.18 21:58:09 | 000,001,079 | ---- | C] () -- C:\Users\Linger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.18 21:58:07 | 095,023,320 | ---- | C] () -- C:\ProgramData\8F24d!.pad [2012.12.09 18:46:48 | 000,001,306 | ---- | C] () -- C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk [2012.12.09 18:46:48 | 000,001,281 | ---- | C] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk [2012.11.25 20:08:59 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Gothic 3 Spielen!.lnk [2012.03.17 22:06:06 | 000,011,776 | ---- | C] () -- C:\Users\Linger\MagicListe.wps [2012.03.17 21:23:01 | 000,000,756 | ---- | C] () -- C:\Users\Linger\AppData\Roaming\wklnhst.dat [2011.12.01 20:12:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll [2011.11.06 20:09:11 | 000,073,089 | ---- | C] () -- C:\Users\Linger\nebenkostenabrechnung.pdf [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.09.17 16:35:42 | 000,011,264 | ---- | C] () -- C:\Users\Linger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.08 08:31:32 | 001,035,104 | ---- | C] () -- C:\Users\Linger\20110708110554280.pdf [2011.08.28 19:31:53 | 001,824,655 | ---- | C] () -- C:\Users\Linger\001 - 2011_08_18_Ausschreibung_Systemintegration_validation[1].pdf [2011.07.30 14:13:20 | 007,320,097 | ---- | C] () -- C:\Users\Linger\OblivionManual.pdf [2011.03.21 07:27:56 | 000,019,197 | ---- | C] () -- C:\Users\Linger\Telefax_(1_Datei-_Telefax.tif).pdf [2011.02.03 21:08:36 | 000,143,681 | ---- | C] () -- C:\Users\Linger\diplome.pdf [2010.12.22 08:37:37 | 000,005,948 | ---- | C] () -- C:\Users\Linger\Personalienbogen.pdf [2010.12.22 08:37:19 | 000,038,157 | ---- | C] () -- C:\Users\Linger\Linger Strafprozessvollmacht.pdf [2010.11.05 20:22:04 | 000,000,094 | ---- | C] () -- C:\Users\Linger\AppData\Local\fusioncache.dat [2010.07.27 15:56:15 | 000,106,713 | ---- | C] () -- C:\Users\Linger\pralinenbox-faltplan.pdf ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.09.14 18:35:47 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Audacity [2012.12.17 20:53:00 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\BitTorrent [2010.07.26 15:18:04 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\BitZipper [2011.12.31 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Canneverbe Limited [2012.09.09 18:44:02 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\DAEMON Tools Lite [2012.12.19 18:26:42 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Dropbox [2010.09.14 09:46:17 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\EurekaLog [2011.12.04 13:22:49 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\FFSJ [2010.07.19 20:24:55 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\ITTerritory [2012.09.09 08:26:19 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\OpenCandy [2012.02.05 07:52:52 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\PhotoScape [2011.07.29 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\runic games [2012.07.19 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Screenbrush [2010.06.28 11:13:49 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\TablePlanner [2012.03.17 21:23:04 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Template [2011.11.12 08:58:00 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\TuneUp Software [2011.09.10 06:42:30 | 000,000,000 | ---D | M] -- C:\Users\Linger\AppData\Roaming\Wizards of the Coast ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.05.23 18:40:08 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.05.23 18:39:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.08.25 06:33:35 | 000,000,000 | -HSD | M] -- C:\found.000 [2009.12.17 08:16:53 | 000,000,000 | ---D | M] -- C:\Intel [2009.12.17 08:48:34 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.09.15 09:12:30 | 000,000,000 | ---D | M] -- C:\Nebenkostenabrechnung [2010.10.09 16:02:32 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.12.19 16:44:13 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.19 18:23:10 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.05.23 18:39:47 | 000,000,000 | -HSD | M] -- C:\Programme [2010.05.23 18:39:47 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.11.12 08:57:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.10 06:42:07 | 000,000,000 | ---D | M] -- C:\temp [2011.11.05 19:24:03 | 000,000,000 | R--D | M] -- C:\Users [2012.12.18 23:06:01 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2012.06.06 18:35:31 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2009.10.02 12:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\drivers\iaStor.sys [2009.10.02 12:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c08288e6bf102290\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2010.11.20 13:19:18 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll < %USERPROFILE%\*.* > [2011.08.28 19:31:57 | 001,824,655 | ---- | M] () -- C:\Users\Linger\001 - 2011_08_18_Ausschreibung_Systemintegration_validation[1].pdf [2011.09.08 08:31:34 | 001,035,104 | ---- | M] () -- C:\Users\Linger\20110708110554280.pdf [2011.02.03 21:08:36 | 000,143,681 | ---- | M] () -- C:\Users\Linger\diplome.pdf [2010.12.22 08:37:19 | 000,038,157 | ---- | M] () -- C:\Users\Linger\Linger Strafprozessvollmacht.pdf [2011.09.04 18:51:20 | 000,000,542 | ---- | M] () -- C:\Users\Linger\Liste.txt [2012.03.17 22:06:06 | 000,011,776 | ---- | M] () -- C:\Users\Linger\MagicListe.wps [2011.11.06 20:09:11 | 000,073,089 | ---- | M] () -- C:\Users\Linger\nebenkostenabrechnung.pdf [2012.12.19 19:19:27 | 002,883,584 | -HS- | M] () -- C:\Users\Linger\NTUSER.DAT [2012.12.19 19:19:27 | 000,262,144 | -HS- | M] () -- C:\Users\Linger\ntuser.dat.LOG1 [2010.05.23 18:40:04 | 000,000,000 | -HS- | M] () -- C:\Users\Linger\ntuser.dat.LOG2 [2010.05.23 18:44:27 | 000,065,536 | -HS- | M] () -- C:\Users\Linger\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.05.23 18:44:27 | 000,524,288 | -HS- | M] () -- C:\Users\Linger\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.05.23 18:44:27 | 000,524,288 | -HS- | M] () -- C:\Users\Linger\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.05.23 18:40:04 | 000,000,020 | -HS- | M] () -- C:\Users\Linger\ntuser.ini [2010.12.08 17:50:14 | 007,320,097 | ---- | M] () -- C:\Users\Linger\OblivionManual.pdf [2010.12.22 08:37:37 | 000,005,948 | ---- | M] () -- C:\Users\Linger\Personalienbogen.pdf [2010.07.22 11:17:02 | 000,106,713 | ---- | M] () -- C:\Users\Linger\pralinenbox-faltplan.pdf [2010.05.24 10:51:25 | 000,012,264 | ---- | M] () -- C:\Users\Linger\Preisdetails.txt [2011.03.21 07:27:57 | 000,019,197 | ---- | M] () -- C:\Users\Linger\Telefax_(1_Datei-_Telefax.tif).pdf [2012.12.18 21:58:07 | 000,336,032 | ---- | M] (Microsoft Corporation) -- C:\Users\Linger\wgsdgsdgdsgsd.dll < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:59846E5E < End of report > und hier für Extra.txt: Code:
ATTFilter OTL Extras logfile created on: 19.12.2012 19:14:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,79% Memory free
5,98 Gb Paging File | 4,88 Gb Available in Paging File | 81,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 880,93 Gb Total Space | 660,22 Gb Free Space | 74,95% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 19,00 Gb Free Space | 75,99% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 1334,57 Gb Free Space | 95,51% Space Free | Partition Type: NTFS
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\corporate benefits\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [Meine CEWE FOTOWELT] -- "C:\Program Files\corporate benefits\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
|
|
19.12.2012, 20:20
| #4 |
| /// Malware-holic | Rechner Sperrung durch Trojaner Bundespolizei hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.12.18 21:58:07 | 000,336,032 | ---- | C] (Microsoft Corporation) -- C:\Users\Linger\wgsdgsdgdsgsd.dll
[2012.12.19 00:22:56 | 095,023,320 | ---- | M] () -- C:\ProgramData\8F24d!.pad
[2012.12.18 21:58:09 | 000,001,079 | ---- | M] () -- C:\Users\Linger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.12.2012, 09:53
| #5 |
| | Rechner Sperrung durch Trojaner Bundespolizei Hallo markusg, Ich habe OTL mit dem neuen Text ausgeführt. Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\XXX\wgsdgsdgdsgsd.dll moved successfully.
C:\ProgramData\8F24d!.pad moved successfully.
C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: XXX
->Flash cache emptied: 432630 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: XXX
->Temp folder emptied: 201074928 bytes
->Temporary Internet Files folder emptied: 216094902 bytes
->Java cache emptied: 346651 bytes
->FireFox cache emptied: 95470776 bytes
->Google Chrome cache emptied: 6783297 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 133088005 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 623,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12202012_092142
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Danke für eure schnelle und qualifizierte Hilfe! |
|
20.12.2012, 13:29
| #6 |
| /// Malware-holic | Rechner Sperrung durch Trojaner Bundespolizei Hi, danke fürs hochladen, weiter gehts: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Rechner Sperrung durch Trojaner Bundespolizei |
|
20.12.2012, 21:33
| #7 |
| | Rechner Sperrung durch Trojaner Bundespolizei Hi, Es gab keinen Fund. Gibt es noch was zu tun? Gruß Thorini |
|
21.12.2012, 13:57
| #8 |
| /// Malware-holic | Rechner Sperrung durch Trojaner Bundespolizei Das log posten. es ist unter c:\TDSSkiller-Version-Datum.txt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.01.2013, 15:43
| #9 |
| | Rechner Sperrung durch Trojaner Bundespolizei Hallo, ich war die letzte Woche nicht da. Hier das Log. Code:
ATTFilter 21:28:03.0397 0744 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:28:03.0657 0744 ============================================================
21:28:03.0657 0744 Current date / time: 2012/12/20 21:28:03.0657
21:28:03.0657 0744 SystemInfo:
21:28:03.0657 0744
21:28:03.0657 0744 OS Version: 6.1.7601 ServicePack: 1.0
21:28:03.0657 0744 Product type: Workstation
21:28:03.0657 0744 ComputerName: LINGER-PC
21:28:03.0657 0744 UserName: Linger
21:28:03.0657 0744 Windows directory: C:\Windows
21:28:03.0657 0744 System windows directory: C:\Windows
21:28:03.0657 0744 Processor architecture: Intel x86
21:28:03.0657 0744 Number of processors: 4
21:28:03.0657 0744 Page size: 0x1000
21:28:03.0657 0744 Boot type: Normal boot
21:28:03.0657 0744 ============================================================
21:28:04.0047 0744 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:28:04.0047 0744 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F60000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:28:04.0067 0744 ============================================================
21:28:04.0067 0744 \Device\Harddisk0\DR0:
21:28:04.0077 0744 MBR partitions:
21:28:04.0077 0744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:28:04.0077 0744 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E1DB800
21:28:04.0077 0744 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAB686000, BlocksNum 0x3200000
21:28:04.0077 0744 \Device\Harddisk1\DR1:
21:28:04.0077 0744 MBR partitions:
21:28:04.0077 0744 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0xAEA86701
21:28:04.0077 0744 ============================================================
21:28:04.0087 0744 C: <-> \Device\Harddisk0\DR0\Partition2
21:28:04.0107 0744 D: <-> \Device\Harddisk0\DR0\Partition3
21:28:04.0117 0744 K: <-> \Device\Harddisk1\DR1\Partition1
21:28:04.0117 0744 ============================================================
21:28:04.0117 0744 Initialize success
21:28:04.0117 0744 ============================================================
21:28:53.0215 2944 ============================================================
21:28:53.0215 2944 Scan started
21:28:53.0215 2944 Mode: Manual; SigCheck; TDLFS;
21:28:53.0215 2944 ============================================================
21:28:53.0485 2944 ================ Scan system memory ========================
21:28:53.0485 2944 System memory - ok
21:28:53.0485 2944 ================ Scan services =============================
21:28:53.0645 2944 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:28:53.0745 2944 1394ohci - ok
21:28:53.0775 2944 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:28:53.0785 2944 ACPI - ok
21:28:53.0805 2944 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:28:53.0865 2944 AcpiPmi - ok
21:28:53.0945 2944 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:53.0955 2944 AdobeFlashPlayerUpdateSvc - ok
21:28:53.0985 2944 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:28:54.0005 2944 adp94xx - ok
21:28:54.0015 2944 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:28:54.0025 2944 adpahci - ok
21:28:54.0045 2944 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:28:54.0055 2944 adpu320 - ok
21:28:54.0065 2944 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:28:54.0095 2944 AeLookupSvc - ok
21:28:54.0135 2944 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:28:54.0165 2944 AFD - ok
21:28:54.0205 2944 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:28:54.0215 2944 agp440 - ok
21:28:54.0245 2944 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:28:54.0255 2944 aic78xx - ok
21:28:54.0285 2944 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:28:54.0305 2944 ALG - ok
21:28:54.0325 2944 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:28:54.0335 2944 aliide - ok
21:28:54.0345 2944 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:28:54.0345 2944 amdagp - ok
21:28:54.0355 2944 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:28:54.0355 2944 amdide - ok
21:28:54.0385 2944 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:28:54.0415 2944 AmdK8 - ok
21:28:54.0435 2944 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:28:54.0465 2944 AmdPPM - ok
21:28:54.0495 2944 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:28:54.0505 2944 amdsata - ok
21:28:54.0515 2944 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:28:54.0525 2944 amdsbs - ok
21:28:54.0535 2944 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:28:54.0535 2944 amdxata - ok
21:28:54.0655 2944 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:28:54.0675 2944 AntiVirSchedulerService - ok
21:28:54.0715 2944 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:28:54.0725 2944 AntiVirService - ok
21:28:54.0755 2944 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:28:54.0845 2944 AppID - ok
21:28:54.0865 2944 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:28:54.0905 2944 AppIDSvc - ok
21:28:54.0935 2944 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:28:54.0965 2944 Appinfo - ok
21:28:55.0045 2944 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:28:55.0045 2944 Apple Mobile Device - ok
21:28:55.0075 2944 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:28:55.0085 2944 arc - ok
21:28:55.0095 2944 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:28:55.0105 2944 arcsas - ok
21:28:55.0175 2944 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:28:55.0185 2944 aspnet_state - ok
21:28:55.0216 2944 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:55.0294 2944 AsyncMac - ok
21:28:55.0341 2944 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:28:55.0356 2944 atapi - ok
21:28:55.0387 2944 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:28:55.0419 2944 AudioEndpointBuilder - ok
21:28:55.0434 2944 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:28:55.0450 2944 Audiosrv - ok
21:28:55.0528 2944 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:28:55.0543 2944 avgntflt - ok
21:28:55.0575 2944 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:28:55.0590 2944 avipbb - ok
21:28:55.0606 2944 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:28:55.0621 2944 avkmgr - ok
21:28:55.0653 2944 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:28:55.0668 2944 AxInstSV - ok
21:28:55.0699 2944 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:28:55.0715 2944 b06bdrv - ok
21:28:55.0731 2944 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:28:55.0746 2944 b57nd60x - ok
21:28:55.0762 2944 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:28:55.0809 2944 BDESVC - ok
21:28:55.0840 2944 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:28:55.0871 2944 Beep - ok
21:28:55.0918 2944 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:28:55.0933 2944 BFE - ok
21:28:55.0965 2944 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:28:56.0011 2944 BITS - ok
21:28:56.0011 2944 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:28:56.0027 2944 blbdrive - ok
21:28:56.0105 2944 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:28:56.0121 2944 Bonjour Service - ok
21:28:56.0152 2944 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:28:56.0183 2944 bowser - ok
21:28:56.0199 2944 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:28:56.0245 2944 BrFiltLo - ok
21:28:56.0261 2944 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:28:56.0277 2944 BrFiltUp - ok
21:28:56.0308 2944 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:28:56.0339 2944 Browser - ok
21:28:56.0370 2944 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:28:56.0386 2944 Brserid - ok
21:28:56.0401 2944 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:56.0417 2944 BrSerWdm - ok
21:28:56.0433 2944 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:56.0464 2944 BrUsbMdm - ok
21:28:56.0464 2944 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:56.0464 2944 BrUsbSer - ok
21:28:56.0495 2944 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:28:56.0511 2944 BTHMODEM - ok
21:28:56.0542 2944 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:28:56.0573 2944 bthserv - ok
21:28:56.0589 2944 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:28:56.0620 2944 cdfs - ok
21:28:56.0667 2944 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:28:56.0682 2944 cdrom - ok
21:28:56.0713 2944 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:28:56.0745 2944 CertPropSvc - ok
21:28:56.0760 2944 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:28:56.0776 2944 circlass - ok
21:28:56.0807 2944 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:28:56.0823 2944 CLFS - ok
21:28:56.0854 2944 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:56.0869 2944 clr_optimization_v2.0.50727_32 - ok
21:28:56.0947 2944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:56.0947 2944 clr_optimization_v4.0.30319_32 - ok
21:28:56.0963 2944 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:56.0963 2944 CmBatt - ok
21:28:56.0979 2944 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:28:56.0994 2944 cmdide - ok
21:28:57.0025 2944 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:28:57.0041 2944 CNG - ok
21:28:57.0057 2944 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:28:57.0072 2944 Compbatt - ok
21:28:57.0103 2944 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:28:57.0119 2944 CompositeBus - ok
21:28:57.0119 2944 COMSysApp - ok
21:28:57.0213 2944 cpuz132 - ok
21:28:57.0228 2944 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:28:57.0228 2944 crcdisk - ok
21:28:57.0259 2944 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:28:57.0291 2944 CryptSvc - ok
21:28:57.0306 2944 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:28:57.0353 2944 DcomLaunch - ok
21:28:57.0369 2944 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:28:57.0400 2944 defragsvc - ok
21:28:57.0431 2944 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:28:57.0462 2944 DfsC - ok
21:28:57.0493 2944 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:28:57.0509 2944 Dhcp - ok
21:28:57.0525 2944 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:28:57.0556 2944 discache - ok
21:28:57.0603 2944 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:28:57.0603 2944 Disk - ok
21:28:57.0634 2944 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:28:57.0665 2944 Dnscache - ok
21:28:57.0681 2944 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:28:57.0712 2944 dot3svc - ok
21:28:57.0743 2944 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:28:57.0790 2944 DPS - ok
21:28:57.0821 2944 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:28:57.0821 2944 drmkaud - ok
21:28:57.0868 2944 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:28:57.0868 2944 dtsoftbus01 - ok
21:28:57.0899 2944 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:28:57.0915 2944 DXGKrnl - ok
21:28:57.0930 2944 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:28:57.0961 2944 EapHost - ok
21:28:58.0024 2944 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:28:58.0102 2944 ebdrv - ok
21:28:58.0133 2944 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:28:58.0149 2944 EFS - ok
21:28:58.0211 2944 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:28:58.0227 2944 ehRecvr - ok
21:28:58.0242 2944 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:28:58.0258 2944 ehSched - ok
21:28:58.0273 2944 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:28:58.0289 2944 elxstor - ok
21:28:58.0305 2944 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:28:58.0320 2944 ErrDev - ok
21:28:58.0336 2944 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:28:58.0383 2944 EventSystem - ok
21:28:58.0398 2944 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:28:58.0429 2944 exfat - ok
21:28:58.0461 2944 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:28:58.0476 2944 fastfat - ok
21:28:58.0507 2944 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:28:58.0539 2944 Fax - ok
21:28:58.0554 2944 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:28:58.0570 2944 fdc - ok
21:28:58.0585 2944 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:28:58.0617 2944 fdPHost - ok
21:28:58.0632 2944 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:28:58.0663 2944 FDResPub - ok
21:28:58.0679 2944 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:28:58.0679 2944 FileInfo - ok
21:28:58.0695 2944 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:28:58.0726 2944 Filetrace - ok
21:28:58.0726 2944 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:58.0741 2944 flpydisk - ok
21:28:58.0757 2944 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:28:58.0757 2944 FltMgr - ok
21:28:58.0788 2944 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:28:58.0819 2944 FontCache - ok
21:28:58.0866 2944 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:28:58.0866 2944 FontCache3.0.0.0 - ok
21:28:58.0897 2944 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:28:58.0897 2944 FsDepends - ok
21:28:58.0929 2944 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:28:58.0929 2944 Fs_Rec - ok
21:28:58.0960 2944 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:28:58.0975 2944 fvevol - ok
21:28:58.0991 2944 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:28:58.0991 2944 gagp30kx - ok
21:28:59.0022 2944 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:28:59.0022 2944 GEARAspiWDM - ok
21:28:59.0053 2944 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:28:59.0085 2944 gpsvc - ok
21:28:59.0163 2944 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:28:59.0163 2944 gusvc - ok
21:28:59.0178 2944 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:28:59.0209 2944 hcw85cir - ok
21:28:59.0241 2944 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:28:59.0256 2944 HdAudAddService - ok
21:28:59.0287 2944 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:28:59.0319 2944 HDAudBus - ok
21:28:59.0334 2944 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:28:59.0350 2944 HidBatt - ok
21:28:59.0381 2944 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:28:59.0397 2944 HidBth - ok
21:28:59.0428 2944 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:28:59.0459 2944 HidIr - ok
21:28:59.0475 2944 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:28:59.0506 2944 hidserv - ok
21:28:59.0521 2944 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:28:59.0537 2944 HidUsb - ok
21:28:59.0553 2944 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:28:59.0584 2944 hkmsvc - ok
21:28:59.0615 2944 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:28:59.0631 2944 HomeGroupListener - ok
21:28:59.0646 2944 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:28:59.0693 2944 HomeGroupProvider - ok
21:28:59.0709 2944 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:28:59.0724 2944 HpSAMD - ok
21:28:59.0755 2944 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:28:59.0787 2944 HTTP - ok
21:28:59.0802 2944 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:28:59.0802 2944 hwpolicy - ok
21:28:59.0833 2944 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:28:59.0865 2944 i8042prt - ok
21:28:59.0880 2944 [ D5EDB998656E6ECF1A17C78DAB019A3C ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:28:59.0896 2944 iaStor - ok
21:28:59.0943 2944 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:28:59.0958 2944 IAStorDataMgrSvc - ok
21:28:59.0989 2944 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:28:59.0989 2944 iaStorV - ok
21:29:00.0036 2944 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:29:00.0067 2944 idsvc - ok
21:29:00.0083 2944 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:29:00.0099 2944 iirsp - ok
21:29:00.0130 2944 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:29:00.0161 2944 IKEEXT - ok
21:29:00.0177 2944 IntcAzAudAddService - ok
21:29:00.0177 2944 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:29:00.0192 2944 intelide - ok
21:29:00.0208 2944 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:29:00.0223 2944 intelppm - ok
21:29:00.0255 2944 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:29:00.0286 2944 IPBusEnum - ok
21:29:00.0301 2944 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:00.0348 2944 IpFilterDriver - ok
21:29:00.0379 2944 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:29:00.0411 2944 iphlpsvc - ok
21:29:00.0457 2944 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:29:00.0473 2944 IPMIDRV - ok
21:29:00.0489 2944 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:29:00.0520 2944 IPNAT - ok
21:29:00.0567 2944 [ 6E27978A4755F4789F912F5F49392F7C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:29:00.0582 2944 iPod Service - ok
21:29:00.0582 2944 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:29:00.0613 2944 IRENUM - ok
21:29:00.0629 2944 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:29:00.0645 2944 isapnp - ok
21:29:00.0660 2944 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:29:00.0676 2944 iScsiPrt - ok
21:29:00.0691 2944 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:29:00.0707 2944 kbdclass - ok
21:29:00.0738 2944 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:29:00.0754 2944 kbdhid - ok
21:29:00.0769 2944 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:29:00.0785 2944 KeyIso - ok
21:29:00.0801 2944 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:29:00.0816 2944 KSecDD - ok
21:29:00.0832 2944 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:29:00.0847 2944 KSecPkg - ok
21:29:00.0879 2944 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:29:00.0910 2944 KtmRm - ok
21:29:00.0941 2944 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:29:00.0972 2944 LanmanServer - ok
21:29:00.0972 2944 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:29:01.0003 2944 LanmanWorkstation - ok
21:29:01.0050 2944 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:29:01.0097 2944 lltdio - ok
21:29:01.0113 2944 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:29:01.0128 2944 lltdsvc - ok
21:29:01.0144 2944 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:29:01.0159 2944 lmhosts - ok
21:29:01.0175 2944 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:29:01.0191 2944 LSI_FC - ok
21:29:01.0206 2944 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:29:01.0206 2944 LSI_SAS - ok
21:29:01.0222 2944 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:29:01.0222 2944 LSI_SAS2 - ok
21:29:01.0237 2944 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:29:01.0237 2944 LSI_SCSI - ok
21:29:01.0253 2944 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:29:01.0269 2944 luafv - ok
21:29:01.0315 2944 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:29:01.0315 2944 MBAMProtector - ok
21:29:01.0347 2944 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:29:01.0362 2944 MBAMScheduler - ok
21:29:01.0393 2944 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:29:01.0409 2944 MBAMService - ok
21:29:01.0456 2944 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
21:29:01.0471 2944 McComponentHostService - ok
21:29:01.0487 2944 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:29:01.0503 2944 Mcx2Svc - ok
21:29:01.0503 2944 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:29:01.0518 2944 megasas - ok
21:29:01.0534 2944 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:29:01.0549 2944 MegaSR - ok
21:29:01.0565 2944 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:29:01.0596 2944 MMCSS - ok
21:29:01.0612 2944 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:29:01.0627 2944 Modem - ok
21:29:01.0627 2944 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:29:01.0659 2944 monitor - ok
21:29:01.0674 2944 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:29:01.0690 2944 mouclass - ok
21:29:01.0705 2944 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:29:01.0737 2944 mouhid - ok
21:29:01.0783 2944 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:29:01.0799 2944 mountmgr - ok
21:29:01.0877 2944 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:29:01.0893 2944 MozillaMaintenance - ok
21:29:01.0893 2944 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:29:01.0908 2944 mpio - ok
21:29:01.0924 2944 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:29:01.0955 2944 mpsdrv - ok
21:29:01.0971 2944 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:29:02.0017 2944 MpsSvc - ok
21:29:02.0049 2944 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:29:02.0064 2944 MRxDAV - ok
21:29:02.0095 2944 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:02.0142 2944 mrxsmb - ok
21:29:02.0158 2944 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:02.0189 2944 mrxsmb10 - ok
21:29:02.0205 2944 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:02.0220 2944 mrxsmb20 - ok
21:29:02.0220 2944 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:29:02.0236 2944 msahci - ok
21:29:02.0251 2944 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:29:02.0251 2944 msdsm - ok
21:29:02.0283 2944 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:29:02.0298 2944 MSDTC - ok
21:29:02.0314 2944 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:29:02.0329 2944 Msfs - ok
21:29:02.0345 2944 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:29:02.0376 2944 mshidkmdf - ok
21:29:02.0392 2944 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:29:02.0407 2944 msisadrv - ok
21:29:02.0439 2944 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:29:02.0454 2944 MSiSCSI - ok
21:29:02.0470 2944 msiserver - ok
21:29:02.0470 2944 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:29:02.0517 2944 MSKSSRV - ok
21:29:02.0517 2944 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:02.0563 2944 MSPCLOCK - ok
21:29:02.0579 2944 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:29:02.0610 2944 MSPQM - ok
21:29:02.0626 2944 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:29:02.0641 2944 MsRPC - ok
21:29:02.0641 2944 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:29:02.0657 2944 mssmbios - ok
21:29:02.0657 2944 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:29:02.0673 2944 MSTEE - ok
21:29:02.0688 2944 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:29:02.0688 2944 MTConfig - ok
21:29:02.0704 2944 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:29:02.0719 2944 Mup - ok
21:29:02.0751 2944 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:29:02.0782 2944 napagent - ok
21:29:02.0813 2944 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:29:02.0829 2944 NativeWifiP - ok
21:29:02.0860 2944 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:29:02.0875 2944 NDIS - ok
21:29:02.0891 2944 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:02.0922 2944 NdisCap - ok
21:29:02.0938 2944 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:02.0969 2944 NdisTapi - ok
21:29:02.0985 2944 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:03.0000 2944 Ndisuio - ok
21:29:03.0031 2944 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:03.0063 2944 NdisWan - ok
21:29:03.0078 2944 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:29:03.0109 2944 NDProxy - ok
21:29:03.0109 2944 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:29:03.0125 2944 NetBIOS - ok
21:29:03.0156 2944 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:29:03.0172 2944 NetBT - ok
21:29:03.0187 2944 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:29:03.0187 2944 Netlogon - ok
21:29:03.0234 2944 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:29:03.0265 2944 Netman - ok
21:29:03.0281 2944 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:29:03.0297 2944 netprofm - ok
21:29:03.0328 2944 [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
21:29:03.0359 2944 netr28u - ok
21:29:03.0390 2944 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:03.0406 2944 NetTcpPortSharing - ok
21:29:03.0437 2944 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:29:03.0437 2944 nfrd960 - ok
21:29:03.0468 2944 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:29:03.0484 2944 NlaSvc - ok
21:29:03.0531 2944 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
21:29:03.0546 2944 nmwcd - ok
21:29:03.0562 2944 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:29:03.0577 2944 Npfs - ok
21:29:03.0593 2944 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:29:03.0609 2944 nsi - ok
21:29:03.0609 2944 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:29:03.0640 2944 nsiproxy - ok
21:29:03.0687 2944 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:29:03.0702 2944 Ntfs - ok
21:29:03.0718 2944 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:29:03.0733 2944 Null - ok
21:29:03.0765 2944 [ 93C0F383B39B1F5FE7203E3270D4CF52 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:29:03.0765 2944 NVHDA - ok
21:29:05.0559 2944 [ 19F5C4949B2E4CBD2E95B8ECDFC84D25 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:29:05.0668 2944 nvlddmkm - ok
21:29:05.0699 2944 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:29:05.0715 2944 nvraid - ok
21:29:05.0746 2944 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:29:05.0761 2944 nvstor - ok
21:29:05.0808 2944 [ 7A68320FA236ED0479EFF93540391568 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:29:05.0808 2944 nvsvc - ok
21:29:05.0933 2944 [ 003CB0A155568B4A53A301F07C734233 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:29:05.0964 2944 nvUpdatusService - ok
21:29:06.0011 2944 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:29:06.0011 2944 nv_agp - ok
21:29:06.0073 2944 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:29:06.0073 2944 odserv - ok
21:29:06.0120 2944 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:29:06.0136 2944 ohci1394 - ok
21:29:06.0151 2944 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:29:06.0167 2944 ose - ok
21:29:06.0198 2944 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:29:06.0229 2944 p2pimsvc - ok
21:29:06.0245 2944 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:29:06.0261 2944 p2psvc - ok
21:29:06.0292 2944 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:29:06.0307 2944 Parport - ok
21:29:06.0323 2944 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:29:06.0339 2944 partmgr - ok
21:29:06.0339 2944 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:29:06.0370 2944 Parvdm - ok
21:29:06.0370 2944 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:29:06.0385 2944 PcaSvc - ok
21:29:06.0401 2944 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:29:06.0417 2944 pci - ok
21:29:06.0417 2944 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:29:06.0432 2944 pciide - ok
21:29:06.0448 2944 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:29:06.0463 2944 pcmcia - ok
21:29:06.0463 2944 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:29:06.0463 2944 pcw - ok
21:29:06.0479 2944 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:29:06.0526 2944 PEAUTH - ok
21:29:06.0573 2944 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:29:06.0619 2944 pla - ok
21:29:06.0666 2944 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:29:06.0697 2944 PlugPlay - ok
21:29:06.0713 2944 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:29:06.0729 2944 PNRPAutoReg - ok
21:29:06.0744 2944 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:29:06.0760 2944 PNRPsvc - ok
21:29:06.0775 2944 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:29:06.0791 2944 PolicyAgent - ok
21:29:06.0822 2944 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:29:06.0838 2944 Power - ok
21:29:06.0869 2944 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:29:06.0900 2944 PptpMiniport - ok
21:29:06.0900 2944 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:29:06.0931 2944 Processor - ok
21:29:06.0947 2944 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:29:06.0963 2944 ProfSvc - ok
21:29:06.0978 2944 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:29:06.0994 2944 ProtectedStorage - ok
21:29:07.0009 2944 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:29:07.0025 2944 Psched - ok
21:29:07.0072 2944 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:29:07.0087 2944 ql2300 - ok
21:29:07.0119 2944 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:07.0119 2944 ql40xx - ok
21:29:07.0150 2944 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:29:07.0150 2944 QWAVE - ok
21:29:07.0181 2944 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:29:07.0197 2944 QWAVEdrv - ok
21:29:07.0212 2944 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:29:07.0243 2944 RasAcd - ok
21:29:07.0259 2944 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:07.0290 2944 RasAgileVpn - ok
21:29:07.0306 2944 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:29:07.0321 2944 RasAuto - ok
21:29:07.0321 2944 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:07.0353 2944 Rasl2tp - ok
21:29:07.0368 2944 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:29:07.0399 2944 RasMan - ok
21:29:07.0415 2944 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:07.0446 2944 RasPppoe - ok
21:29:07.0477 2944 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:29:07.0493 2944 RasSstp - ok
21:29:07.0524 2944 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:29:07.0555 2944 rdbss - ok
21:29:07.0555 2944 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:07.0571 2944 rdpbus - ok
21:29:07.0587 2944 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:07.0602 2944 RDPCDD - ok
21:29:07.0633 2944 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:29:07.0649 2944 RDPENCDD - ok
21:29:07.0649 2944 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:29:07.0665 2944 RDPREFMP - ok
21:29:07.0696 2944 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:29:07.0711 2944 RDPWD - ok
21:29:07.0743 2944 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:29:07.0743 2944 rdyboost - ok
21:29:07.0774 2944 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:29:07.0805 2944 RemoteAccess - ok
21:29:07.0821 2944 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:29:07.0852 2944 RemoteRegistry - ok
21:29:07.0852 2944 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:29:07.0899 2944 RpcEptMapper - ok
21:29:07.0914 2944 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:29:07.0930 2944 RpcLocator - ok
21:29:07.0930 2944 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:29:07.0961 2944 RpcSs - ok
21:29:07.0961 2944 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:29:07.0992 2944 rspndr - ok
21:29:08.0008 2944 [ 05C2613F661584190C752F6184D1C8EF ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
21:29:08.0055 2944 RTL8167 - ok
21:29:08.0070 2944 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:29:08.0086 2944 SamSs - ok
21:29:08.0101 2944 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:29:08.0101 2944 sbp2port - ok
21:29:08.0133 2944 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:29:08.0148 2944 SCardSvr - ok
21:29:08.0179 2944 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:29:08.0195 2944 scfilter - ok
21:29:08.0257 2944 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:29:08.0289 2944 Schedule - ok
21:29:08.0304 2944 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:29:08.0320 2944 SCPolicySvc - ok
21:29:08.0335 2944 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:29:08.0351 2944 SDRSVC - ok
21:29:08.0398 2944 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:29:08.0413 2944 SeaPort - ok
21:29:08.0445 2944 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:29:08.0460 2944 secdrv - ok
21:29:08.0460 2944 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:29:08.0491 2944 seclogon - ok
21:29:08.0507 2944 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:29:08.0523 2944 SENS - ok
21:29:08.0538 2944 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:29:08.0554 2944 SensrSvc - ok
21:29:08.0569 2944 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:29:08.0601 2944 Serenum - ok
21:29:08.0632 2944 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:29:08.0647 2944 Serial - ok
21:29:08.0663 2944 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:29:08.0679 2944 sermouse - ok
21:29:08.0710 2944 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:29:08.0725 2944 SessionEnv - ok
21:29:08.0741 2944 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:29:08.0772 2944 sffdisk - ok
21:29:08.0788 2944 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:29:08.0803 2944 sffp_mmc - ok
21:29:08.0803 2944 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:29:08.0819 2944 sffp_sd - ok
21:29:08.0819 2944 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:08.0835 2944 sfloppy - ok
21:29:08.0850 2944 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:29:08.0897 2944 SharedAccess - ok
21:29:08.0928 2944 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:29:08.0975 2944 ShellHWDetection - ok
21:29:08.0991 2944 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:29:09.0006 2944 sisagp - ok
21:29:09.0022 2944 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:09.0022 2944 SiSRaid2 - ok
21:29:09.0037 2944 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:09.0053 2944 SiSRaid4 - ok
21:29:09.0069 2944 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:29:09.0084 2944 Smb - ok
21:29:09.0115 2944 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:29:09.0131 2944 SNMPTRAP - ok
21:29:09.0147 2944 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:29:09.0147 2944 spldr - ok
21:29:09.0193 2944 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:29:09.0209 2944 Spooler - ok
21:29:09.0287 2944 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:29:09.0318 2944 sppsvc - ok
21:29:09.0349 2944 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:29:09.0381 2944 sppuinotify - ok
21:29:09.0412 2944 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:29:09.0443 2944 srv - ok
21:29:09.0459 2944 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:29:09.0459 2944 srv2 - ok
21:29:09.0474 2944 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:29:09.0490 2944 srvnet - ok
21:29:09.0505 2944 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:29:09.0552 2944 SSDPSRV - ok
21:29:09.0599 2944 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:29:09.0615 2944 ssmdrv - ok
21:29:09.0615 2944 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:29:09.0646 2944 SstpSvc - ok
21:29:09.0677 2944 Steam Client Service - ok
21:29:09.0693 2944 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:29:09.0693 2944 stexstor - ok
21:29:09.0739 2944 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:29:09.0755 2944 StiSvc - ok
21:29:09.0786 2944 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:29:09.0802 2944 swenum - ok
21:29:09.0817 2944 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:29:09.0849 2944 swprv - ok
21:29:09.0880 2944 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:29:09.0911 2944 SysMain - ok
21:29:09.0927 2944 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:29:09.0958 2944 TabletInputService - ok
21:29:09.0989 2944 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:29:10.0020 2944 TapiSrv - ok
21:29:10.0020 2944 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:29:10.0051 2944 TBS - ok
21:29:10.0114 2944 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:29:10.0129 2944 Tcpip - ok
21:29:10.0145 2944 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:29:10.0176 2944 TCPIP6 - ok
21:29:10.0207 2944 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:29:10.0223 2944 tcpipreg - ok
21:29:10.0254 2944 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:29:10.0270 2944 TDPIPE - ok
21:29:10.0285 2944 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:29:10.0301 2944 TDTCP - ok
21:29:10.0332 2944 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:29:10.0348 2944 tdx - ok
21:29:10.0348 2944 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:29:10.0363 2944 TermDD - ok
21:29:10.0395 2944 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:29:10.0410 2944 TermService - ok
21:29:10.0426 2944 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:29:10.0441 2944 Themes - ok
21:29:10.0457 2944 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:29:10.0473 2944 THREADORDER - ok
21:29:10.0488 2944 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:29:10.0519 2944 TrkWks - ok
21:29:10.0566 2944 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:29:10.0597 2944 TrustedInstaller - ok
21:29:10.0613 2944 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:10.0644 2944 tssecsrv - ok
21:29:10.0675 2944 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:29:10.0691 2944 TsUsbFlt - ok
21:29:10.0785 2944 [ 6CF09C021F4A4D67B2234B53FF0A0B6B ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
21:29:10.0800 2944 TuneUp.UtilitiesSvc - ok
21:29:10.0831 2944 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
21:29:10.0831 2944 TuneUpUtilitiesDrv - ok
21:29:10.0863 2944 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:29:10.0894 2944 tunnel - ok
21:29:10.0909 2944 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:29:10.0925 2944 uagp35 - ok
21:29:10.0941 2944 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:29:10.0972 2944 udfs - ok
21:29:10.0972 2944 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:29:10.0987 2944 UI0Detect - ok
21:29:11.0019 2944 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:29:11.0034 2944 uliagpkx - ok
21:29:11.0050 2944 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:29:11.0050 2944 umbus - ok
21:29:11.0065 2944 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:29:11.0097 2944 UmPass - ok
21:29:11.0128 2944 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:29:11.0175 2944 upnphost - ok
21:29:11.0206 2944 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:11.0253 2944 usbccgp - ok
21:29:11.0284 2944 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:29:11.0315 2944 usbcir - ok
21:29:11.0346 2944 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:29:11.0346 2944 usbehci - ok
21:29:11.0362 2944 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:29:11.0393 2944 usbhub - ok
21:29:11.0409 2944 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:29:11.0424 2944 usbohci - ok
21:29:11.0440 2944 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:29:11.0455 2944 usbprint - ok
21:29:11.0487 2944 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:29:11.0518 2944 usbscan - ok
21:29:11.0533 2944 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:11.0549 2944 USBSTOR - ok
21:29:11.0565 2944 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:29:11.0580 2944 usbuhci - ok
21:29:11.0580 2944 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:29:11.0611 2944 UxSms - ok
21:29:11.0627 2944 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:29:11.0627 2944 VaultSvc - ok
21:29:11.0627 2944 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:29:11.0643 2944 vdrvroot - ok
21:29:11.0674 2944 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:29:11.0721 2944 vds - ok
21:29:11.0721 2944 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:11.0752 2944 vga - ok
21:29:11.0752 2944 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:29:11.0767 2944 VgaSave - ok
21:29:11.0783 2944 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:29:11.0799 2944 vhdmp - ok
21:29:11.0814 2944 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:29:11.0830 2944 viaagp - ok
21:29:11.0830 2944 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:29:11.0845 2944 ViaC7 - ok
21:29:11.0861 2944 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:29:11.0861 2944 viaide - ok
21:29:11.0892 2944 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:29:11.0892 2944 volmgr - ok
21:29:11.0908 2944 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:29:11.0923 2944 volmgrx - ok
21:29:11.0939 2944 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:29:11.0939 2944 volsnap - ok
21:29:11.0955 2944 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:11.0970 2944 vsmraid - ok
21:29:12.0017 2944 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:29:12.0048 2944 VSS - ok
21:29:12.0064 2944 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:29:12.0079 2944 vwifibus - ok
21:29:12.0095 2944 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:29:12.0111 2944 vwififlt - ok
21:29:12.0142 2944 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:29:12.0157 2944 W32Time - ok
21:29:12.0173 2944 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:29:12.0204 2944 WacomPen - ok
21:29:12.0220 2944 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:29:12.0251 2944 WANARP - ok
21:29:12.0251 2944 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:29:12.0267 2944 Wanarpv6 - ok
21:29:12.0313 2944 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:29:12.0360 2944 wbengine - ok
21:29:12.0376 2944 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:29:12.0391 2944 WbioSrvc - ok
21:29:12.0423 2944 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:29:12.0438 2944 wcncsvc - ok
21:29:12.0454 2944 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:29:12.0469 2944 WcsPlugInService - ok
21:29:12.0485 2944 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:29:12.0485 2944 Wd - ok
21:29:12.0516 2944 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:29:12.0532 2944 Wdf01000 - ok
21:29:12.0547 2944 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:29:12.0563 2944 WdiServiceHost - ok
21:29:12.0563 2944 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:29:12.0579 2944 WdiSystemHost - ok
21:29:12.0610 2944 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:29:12.0641 2944 WebClient - ok
21:29:12.0657 2944 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:29:12.0672 2944 Wecsvc - ok
21:29:12.0688 2944 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:29:12.0735 2944 wercplsupport - ok
21:29:12.0766 2944 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:29:12.0797 2944 WerSvc - ok
21:29:12.0813 2944 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:12.0828 2944 WfpLwf - ok
21:29:12.0844 2944 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:29:12.0844 2944 WIMMount - ok
21:29:12.0891 2944 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:29:12.0953 2944 WinDefend - ok
21:29:12.0953 2944 WinHttpAutoProxySvc - ok
21:29:12.0984 2944 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:29:13.0015 2944 Winmgmt - ok
21:29:13.0062 2944 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:29:13.0109 2944 WinRM - ok
21:29:13.0140 2944 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:29:13.0171 2944 WinUsb - ok
21:29:13.0187 2944 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:29:13.0234 2944 Wlansvc - ok
21:29:13.0281 2944 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:13.0312 2944 wlidsvc - ok
21:29:13.0327 2944 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:29:13.0343 2944 WmiAcpi - ok
21:29:13.0343 2944 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:29:13.0359 2944 wmiApSrv - ok
21:29:13.0405 2944 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:29:13.0437 2944 WMPNetworkSvc - ok
21:29:13.0452 2944 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:29:13.0452 2944 WPCSvc - ok
21:29:13.0483 2944 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:29:13.0515 2944 WPDBusEnum - ok
21:29:13.0530 2944 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:29:13.0561 2944 ws2ifsl - ok
21:29:13.0577 2944 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:29:13.0593 2944 wscsvc - ok
21:29:13.0593 2944 WSearch - ok
21:29:13.0780 2944 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:29:13.0811 2944 wuauserv - ok
21:29:13.0827 2944 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:29:13.0842 2944 WudfPf - ok
21:29:13.0873 2944 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:13.0889 2944 WUDFRd - ok
21:29:13.0905 2944 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:29:13.0920 2944 wudfsvc - ok
21:29:13.0936 2944 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:29:13.0967 2944 WwanSvc - ok
21:29:13.0998 2944 ================ Scan global ===============================
21:29:14.0014 2944 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:29:14.0045 2944 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:29:14.0045 2944 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:29:14.0076 2944 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:29:14.0076 2944 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:29:14.0092 2944 [Global] - ok
21:29:14.0092 2944 ================ Scan MBR ==================================
21:29:14.0092 2944 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
21:29:16.0229 2944 \Device\Harddisk0\DR0 - ok
21:29:16.0229 2944 [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR1
21:29:16.0479 2944 \Device\Harddisk1\DR1 - ok
21:29:16.0479 2944 ================ Scan VBR ==================================
21:29:16.0494 2944 [ 685CEB5172EAC80DC897B5F84AA02CAE ] \Device\Harddisk0\DR0\Partition1
21:29:16.0494 2944 \Device\Harddisk0\DR0\Partition1 - ok
21:29:16.0510 2944 [ DF9CD658E5F8CA4D63044E7356099036 ] \Device\Harddisk0\DR0\Partition2
21:29:16.0510 2944 \Device\Harddisk0\DR0\Partition2 - ok
21:29:16.0525 2944 [ 8CAD67ACC50098F6A49CFC1D45189B2F ] \Device\Harddisk0\DR0\Partition3
21:29:16.0541 2944 \Device\Harddisk0\DR0\Partition3 - ok
21:29:16.0541 2944 [ 9E0DE3C72F0EB4000645949AFFE70E4E ] \Device\Harddisk1\DR1\Partition1
21:29:16.0541 2944 \Device\Harddisk1\DR1\Partition1 - ok
21:29:16.0541 2944 ============================================================
21:29:16.0541 2944 Scan finished
21:29:16.0541 2944 ============================================================
21:29:16.0557 2988 Detected object count: 0
21:29:16.0557 2988 Actual detected object count: 0
21:56:24.0023 2004 Deinitialize success
|
|
02.01.2013, 20:25
| #10 | |
| /// Malware-holic | Rechner Sperrung durch Trojaner Bundespolizei Macht nichts, ich auch nicht :d combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 07:53
| #11 |
| | Rechner Sperrung durch Trojaner Bundespolizei Hallo, ich habe es durchgeführt. Combofix Logfile: Code:
ATTFilter ComboFix 13-01-05.01 - XXX 06.01.2013 7:33.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3063.1964 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
K:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-06 bis 2013-01-06 ))))))))))))))))))))))))))))))
.
.
2013-01-04 17:25 . 2013-01-04 17:25 -------- d-----w- c:\program files\AGEIA Technologies
2013-01-04 17:23 . 2012-12-03 15:39 9373032 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-01-04 17:23 . 2012-12-03 15:39 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-01-04 17:23 . 2012-12-03 15:39 7819016 ----a-w- c:\windows\system32\nvcuda.dll
2013-01-04 17:23 . 2012-12-03 15:39 6149904 ----a-w- c:\windows\system32\nvopencl.dll
2013-01-04 17:23 . 2012-12-03 15:39 2606440 ----a-w- c:\windows\system32\nvcuvid.dll
2013-01-04 17:23 . 2012-12-03 15:39 20335976 ----a-w- c:\windows\system32\nvoglv32.dll
2013-01-04 17:23 . 2012-12-03 15:39 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-01-04 17:23 . 2012-12-03 15:39 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2013-01-04 17:23 . 2012-12-03 15:39 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2013-01-04 17:23 . 2012-07-03 15:25 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2013-01-04 17:23 . 2012-07-03 15:25 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-01-04 17:23 . 2012-07-03 07:37 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-12-23 21:37 . 2012-12-23 21:37 -------- d-----w- c:\program files\Common Files\Adobe
2012-12-22 00:16 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 00:16 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-20 08:21 . 2012-12-20 08:38 -------- d-----w- C:\_OTL
2012-12-19 15:44 . 2012-12-19 15:44 -------- d-----w- c:\users\XXX\AppData\Local\Programs
2012-12-19 15:44 . 2012-12-19 15:44 -------- d-----w- c:\users\XXX\AppData\Roaming\Malwarebytes
2012-12-19 15:44 . 2012-12-19 15:44 -------- d-----w- c:\programdata\Malwarebytes
2012-12-19 15:44 . 2013-01-01 01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-19 15:44 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 10:44 . 2012-12-11 10:44 -------- d-----w- c:\program files\Ask.com
2012-12-11 10:33 . 2012-12-11 10:33 -------- d-----w- c:\programdata\Ask
2012-12-11 10:33 . 2012-12-11 10:33 -------- d-----w- c:\program files\Common Files\Java
2012-12-11 10:33 . 2012-12-11 10:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-11 10:33 . 2012-12-11 10:33 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-11 10:33 . 2012-12-11 10:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-11 10:33 . 2012-12-11 10:33 -------- d-----w- c:\program files\Java
2012-12-09 17:42 . 2012-12-09 17:42 -------- d-----w- c:\program files\corporate benefits
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 19:38 . 2012-06-06 17:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 19:38 . 2012-06-06 17:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-03 15:39 . 2010-01-08 07:00 12603960 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-03 15:39 . 2010-01-08 07:00 15122280 ----a-w- c:\windows\system32\nvd3dum.dll
2012-12-03 15:39 . 2010-01-08 07:00 2496976 ----a-w- c:\windows\system32\nvapi.dll
2012-12-01 04:38 . 2009-11-20 19:33 2869608 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-01 04:38 . 2009-11-20 19:33 3984744 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 04:37 . 2009-11-20 19:33 645480 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 04:37 . 2009-11-20 19:33 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 04:37 . 2009-11-20 19:33 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-01 04:37 . 2009-11-20 19:33 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\system32\nvStreaming.exe
2012-10-16 07:39 . 2012-11-28 19:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-15 11:41 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 11:41 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-12-07 11:11 . 2012-12-07 11:10 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-16 1521352]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BittorrentBar_DE\prxtbBitt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-16 1573576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
.
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 19:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\klbsbtco.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
FF - ExtSQL: 2012-12-11 11:44; toolbar@ask.com; c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\klbsbtco.default\extensions\toolbar@ask.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{1d8566bd-f06f-4029-a3be-ba80af5a09f3} - (no file)
Toolbar-10 - (no file)
Toolbar-!{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-06 07:40:44
ComboFix-quarantined-files.txt 2013-01-06 06:40
.
Vor Suchlauf: 9 Verzeichnis(se), 729.344.266.240 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 729.272.909.824 Bytes frei
.
- - End Of File - - 3E0859045AC74ABCFCAAE73968C64909
|
|
06.01.2013, 17:35
| #12 |
| /// Malware-holic | Rechner Sperrung durch Trojaner Bundespolizei Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Rechner Sperrung durch Trojaner Bundespolizei |
| administrator, aktion, anti-malware, autostart, dateien, explorer, gen, gesperrt, hinweis, log, malwarebytes, microsoft, quarantäne, rechner, rechner sperrung durch trojaner bundespolizei, sache, sachen, seite, service, software, speicher, sperrung, test, trojaner, version |
Linear-Darstellung
