| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: E-Mail mit Link bekommen; aus Versehen drauf geklicktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.12.2012, 14:56
| #1 |
 |  E-Mail mit Link bekommen; aus Versehen drauf geklickt Hallo, habe eine E-Mail mit einem Link bekommen (es war nur ein Link, sonst stand nichts drin) und als ich nach unten scrollen wollte, bin ich aus Versehen auf den Link gekommen. Die Seite leitet nach "Google" weiter - bin mir aber eigentlich sicher, dass das irgendwas mit Malware zu tun hat. Was mich wundert: die E-Mail haben noch weitere Leute bekommen. Größtenteils Leute, die auf Amazon angemeldet sind, auch eBay-Mitglieder und Privatpersonen. Ich würde gern mal routinemäßig überprüfen, ob es sich dabei jetzt um Malware handelt oder nicht - einen Scan mit Malwarebytes führe ich gerade schon durch. Wenn Bedarf besteht, kann ich die E-Mail mal an den zuständigen Helfer weiterleiten. Würde mich sehr über Hilfe freuen. Viele Grüße! |
|
28.12.2012, 15:56
| #2 |
| /// Malware-holic   | E-Mail mit Link bekommen; aus Versehen drauf geklickt Hi
__________________evtl. kennt ihr den Absender, der könnte mit Schadsoftware infiziert sein, und soll sich mal melden hier. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
28.12.2012, 16:22
| #3 |
| | E-Mail mit Link bekommen; aus Versehen drauf geklickt Vielen Dank erst mal!
__________________Extra.txt hab ich nicht bekommen? Hier die OTL.txt: Code:
ATTFilter OTL logfile created on: 28.12.2012 16:08:51 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anerose\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 50,56% Memory free 7,99 Gb Paging File | 5,99 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 292,87 Gb Total Space | 245,04 Gb Free Space | 83,67% Space Free | Partition Type: NTFS Drive D: | 638,54 Gb Total Space | 188,17 Gb Free Space | 29,47% Space Free | Partition Type: NTFS Computer Name: ANDI | User Name: Anerose | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Anerose\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () PRC - C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () ========== Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Guard.Mail.ru) -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () SRV - (ICQ Service) -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-748884160-2445454426-2993544468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-748884160-2445454426-2993544468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKU\S-1-5-21-748884160-2445454426-2993544468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-748884160-2445454426-2993544468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 AA 92 87 06 BA CD 01 [binary data] IE - HKU\S-1-5-21-748884160-2445454426-2993544468-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-748884160-2445454426-2993544468-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "forum.germansmash.de" FF - prefs.js..extensions.enabledAddons: linksforms%40queze.net:1.0 FF - prefs.js..extensions.enabledAddons: bug489729%40alice0775:2.1 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Anerose\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Anerose\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anerose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anerose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 10:18:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 10:18:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.05 14:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anerose\AppData\Roaming\mozilla\Extensions [2012.12.12 07:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anerose\AppData\Roaming\mozilla\Firefox\Profiles\shx1pz2y.default\extensions [2012.07.26 15:05:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Anerose\AppData\Roaming\mozilla\Firefox\Profiles\shx1pz2y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.12.09 10:15:20 | 000,000,000 | ---D | M] ("bug489729(Disable detach and tear off tab)") -- C:\Users\Anerose\AppData\Roaming\mozilla\Firefox\Profiles\shx1pz2y.default\extensions\bug489729@alice0775 [2012.08.22 15:47:45 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\Anerose\AppData\Roaming\mozilla\firefox\profiles\shx1pz2y.default\extensions\ciuvo-extension@icq.de.xpi [2012.07.08 19:16:39 | 000,006,007 | ---- | M] () (No name found) -- C:\Users\Anerose\AppData\Roaming\mozilla\firefox\profiles\shx1pz2y.default\extensions\linksforms@queze.net.xpi [2012.12.12 07:43:35 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Anerose\AppData\Roaming\mozilla\firefox\profiles\shx1pz2y.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.09.05 07:54:39 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Anerose\AppData\Roaming\mozilla\firefox\profiles\shx1pz2y.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.11.23 20:05:11 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Anerose\AppData\Roaming\mozilla\firefox\profiles\shx1pz2y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.22 17:55:28 | 000,000,950 | ---- | M] () -- C:\Users\Anerose\AppData\Roaming\mozilla\firefox\profiles\shx1pz2y.default\searchplugins\icqplugin-1.xml [2012.11.10 10:43:02 | 000,000,950 | ---- | M] () -- C:\Users\Anerose\AppData\Roaming\mozilla\firefox\profiles\shx1pz2y.default\searchplugins\icqplugin.xml [2012.12.07 10:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.07 10:18:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.12 09:23:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-748884160-2445454426-2993544468-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-748884160-2445454426-2993544468-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Anerose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anerose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anerose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE789D9C-915C-4196-83B2-601CC1C6096A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.28 16:06:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anerose\Desktop\OTL.exe [2012.12.28 14:43:47 | 000,000,000 | ---D | C] -- C:\Users\Anerose\AppData\Local\Programs [2012.12.25 18:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashFXP 4 [2012.12.25 18:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashFXP [2012.12.25 18:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logox4 Demo [2012.12.25 18:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Logox.4.0 [2012.12.25 18:01:16 | 000,159,744 | ---- | C] (G DATA Software AG) -- C:\Windows\LgxSetup.exe [2012.12.12 18:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maple 14 [2012.12.12 18:06:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry [2012.12.12 18:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Maple 14 [2012.12.12 18:05:57 | 000,000,000 | -H-D | C] -- C:\Users\Anerose\InstallAnywhere [2012.12.07 10:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.12.28 16:06:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anerose\Desktop\OTL.exe [2012.12.28 15:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.28 15:28:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-748884160-2445454426-2993544468-1000UA.job [2012.12.28 14:44:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.28 14:28:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-748884160-2445454426-2993544468-1000Core.job [2012.12.28 11:59:48 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 11:59:48 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 11:58:33 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.28 11:58:33 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.28 11:58:33 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.28 11:58:33 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.28 11:58:33 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.28 11:52:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.28 11:52:16 | 3218,939,904 | -HS- | M] () -- C:\hiberfil.sys [2012.12.27 14:38:06 | 000,003,460 | ---- | M] () -- C:\Users\Anerose\Documents\vbtvcb.axp [2012.12.25 18:30:01 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk [2012.12.25 18:01:16 | 000,159,744 | ---- | M] (G DATA Software AG) -- C:\Windows\LgxSetup.exe [2012.12.21 23:42:08 | 000,318,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.14 16:53:11 | 000,909,671 | ---- | M] () -- C:\Users\Anerose\Documents\zahlentheo.exe [2012.12.14 16:53:10 | 000,001,838 | ---- | M] () -- C:\Users\Anerose\Documents\zahlentheo.o [2012.12.14 16:53:10 | 000,000,761 | ---- | M] () -- C:\Users\Anerose\Documents\zahlentheo.cpp [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.12 18:09:05 | 000,032,768 | ---- | M] () -- C:\Windows\SysNative\maplec.dll [2012.12.12 18:09:05 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Maple 14 Portal.lnk [2012.12.12 18:09:05 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Maple 14.lnk ========== Files Created - No Company Name ========== [2012.12.27 14:38:06 | 000,003,460 | ---- | C] () -- C:\Users\Anerose\Documents\vbtvcb.axp [2012.12.25 18:30:01 | 000,001,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashFXP.lnk [2012.12.25 18:30:01 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\FlashFXP.lnk [2012.12.14 16:48:30 | 000,909,671 | ---- | C] () -- C:\Users\Anerose\Documents\zahlentheo.exe [2012.12.14 16:48:29 | 000,001,838 | ---- | C] () -- C:\Users\Anerose\Documents\zahlentheo.o [2012.12.14 16:41:42 | 000,000,761 | ---- | C] () -- C:\Users\Anerose\Documents\zahlentheo.cpp [2012.12.12 18:09:05 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\maplec.dll [2012.12.12 18:09:05 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Maple 14 Portal.lnk [2012.12.12 18:09:05 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Maple 14.lnk [2012.07.04 14:15:07 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.13 09:39:06 | 000,000,000 | ---D | M] -- C:\Users\Anerose\AppData\Roaming\Audacity [2012.07.13 09:07:37 | 000,000,000 | ---D | M] -- C:\Users\Anerose\AppData\Roaming\Canneverbe Limited [2012.11.12 06:47:04 | 000,000,000 | ---D | M] -- C:\Users\Anerose\AppData\Roaming\DVDVideoSoft [2012.07.13 09:11:32 | 000,000,000 | ---D | M] -- C:\Users\Anerose\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.23 12:44:51 | 000,000,000 | ---D | M] -- C:\Users\Anerose\AppData\Roaming\EditPlus 3 [2012.12.28 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\Anerose\AppData\Roaming\ICQ [2012.07.05 17:23:49 | 000,000,000 | ---D | M] -- C:\Users\Anerose\AppData\Roaming\ICQ Search [2012.07.07 14:52:13 | 000,000,000 | ---D | M] -- C:\Users\Anerose\AppData\Roaming\IrfanView [2012.07.14 01:18:12 | 000,000,000 | ---D | M] -- C:\Users\Anerose\AppData\Roaming\LolClient [2012.08.24 20:14:15 | 000,000,000 | ---D | M] -- C:\Users\Anerose\AppData\Roaming\OpenOffice.org [2012.07.07 12:00:45 | 000,000,000 | ---D | M] -- C:\Users\Anerose\AppData\Roaming\xm1 ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.07.04 11:33:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.07.04 11:32:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.07.16 16:25:56 | 000,000,000 | ---D | M] -- C:\gap4r5 [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.12 18:06:32 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.25 18:29:31 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.25 18:29:31 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.07.04 11:32:46 | 000,000,000 | -HSD | M] -- C:\Programme [2012.07.04 11:32:46 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.07.14 00:48:34 | 000,000,000 | ---D | M] -- C:\Riot Games [2012.12.28 16:09:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.02 17:09:04 | 000,000,000 | R--D | M] -- C:\Users [2012.12.25 18:01:16 | 000,000,000 | ---D | M] -- C:\Windows [2012.11.03 21:53:37 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.04 14:24:06 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.10.27 13:23:56 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748884160-2445454426-2993544468-1000Core.job [2012.10.27 13:23:57 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748884160-2445454426-2993544468-1000UA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.12.28 16:13:37 | 001,572,864 | -HS- | M] () -- C:\Users\Anerose\NTUSER.DAT [2012.12.28 16:13:37 | 000,262,144 | -HS- | M] () -- C:\Users\Anerose\ntuser.dat.LOG1 [2012.07.04 11:32:52 | 000,000,000 | -HS- | M] () -- C:\Users\Anerose\ntuser.dat.LOG2 [2012.07.04 12:27:25 | 000,065,536 | -HS- | M] () -- C:\Users\Anerose\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.07.04 12:27:25 | 000,524,288 | -HS- | M] () -- C:\Users\Anerose\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.07.04 12:27:25 | 000,524,288 | -HS- | M] () -- C:\Users\Anerose\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.07.04 11:32:53 | 000,000,020 | -HS- | M] () -- C:\Users\Anerose\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
28.12.2012, 18:51
| #4 |
| /// Malware-holic | E-Mail mit Link bekommen; aus Versehen drauf geklickt Hi öffne Malwarebytes, poste Logs mit Funden. http://www.trojaner-board.de/125889-...en-posten.html download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.12.2012, 00:41
| #5 |
| | E-Mail mit Link bekommen; aus Versehen drauf geklickt Hier der letzte MBAM Scan, die davor waren nur Routinescans, da wurde überall nix gefunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.28.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anerose :: ANDI [Administrator] 28.12.2012 19:04:49 mbam-log-2012-12-28 (19-04-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 414953 Laufzeit: 32 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter 00:40:54.0283 2828 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:40:54.0483 2828 ============================================================
00:40:54.0483 2828 Current date / time: 2012/12/29 00:40:54.0483
00:40:54.0483 2828 SystemInfo:
00:40:54.0483 2828
00:40:54.0483 2828 OS Version: 6.1.7601 ServicePack: 1.0
00:40:54.0483 2828 Product type: Workstation
00:40:54.0483 2828 ComputerName: ANDI
00:40:54.0483 2828 UserName: Anerose
00:40:54.0483 2828 Windows directory: C:\Windows
00:40:54.0483 2828 System windows directory: C:\Windows
00:40:54.0483 2828 Running under WOW64
00:40:54.0483 2828 Processor architecture: Intel x64
00:40:54.0483 2828 Number of processors: 4
00:40:54.0483 2828 Page size: 0x1000
00:40:54.0483 2828 Boot type: Normal boot
00:40:54.0483 2828 ============================================================
00:40:55.0723 2828 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
00:40:55.0723 2828 ============================================================
00:40:55.0723 2828 \Device\Harddisk0\DR0:
00:40:55.0723 2828 MBR partitions:
00:40:55.0723 2828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:40:55.0723 2828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BD800
00:40:55.0723 2828 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x249F0000, BlocksNum 0x4FD15800
00:40:55.0723 2828 ============================================================
00:40:55.0753 2828 C: <-> \Device\Harddisk0\DR0\Partition2
00:40:55.0833 2828 D: <-> \Device\Harddisk0\DR0\Partition3
00:40:55.0833 2828 ============================================================
00:40:55.0833 2828 Initialize success
00:40:55.0833 2828 ============================================================
|
|
02.01.2013, 21:27
| #6 |
| /// Malware-holic | E-Mail mit Link bekommen; aus Versehen drauf geklickt Hi tdss killer log ist unvollständig. poste noch mal bitte das log, bzw erstelle ein aktuelles mit der Konfiguration von oben.
__________________ --> E-Mail mit Link bekommen; aus Versehen drauf geklickt |
|
04.01.2013, 20:36
| #7 |
| | E-Mail mit Link bekommen; aus Versehen drauf geklickt Hallo, danke, ich hoffe, jetzt passt es: Code:
ATTFilter 20:34:29.0919 3756 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:34:29.0997 3756 ============================================================
20:34:29.0997 3756 Current date / time: 2013/01/04 20:34:29.0997
20:34:29.0997 3756 SystemInfo:
20:34:29.0997 3756
20:34:29.0997 3756 OS Version: 6.1.7601 ServicePack: 1.0
20:34:29.0997 3756 Product type: Workstation
20:34:29.0997 3756 ComputerName: ANDI
20:34:29.0997 3756 UserName: Anerose
20:34:29.0997 3756 Windows directory: C:\Windows
20:34:29.0997 3756 System windows directory: C:\Windows
20:34:29.0997 3756 Running under WOW64
20:34:29.0997 3756 Processor architecture: Intel x64
20:34:29.0997 3756 Number of processors: 4
20:34:29.0997 3756 Page size: 0x1000
20:34:29.0997 3756 Boot type: Normal boot
20:34:29.0997 3756 ============================================================
20:34:31.0183 3756 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
20:34:31.0183 3756 ============================================================
20:34:31.0183 3756 \Device\Harddisk0\DR0:
20:34:31.0183 3756 MBR partitions:
20:34:31.0183 3756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:34:31.0183 3756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BD800
20:34:31.0183 3756 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x249F0000, BlocksNum 0x4FD15800
20:34:31.0183 3756 ============================================================
20:34:31.0214 3756 C: <-> \Device\Harddisk0\DR0\Partition2
20:34:31.0261 3756 D: <-> \Device\Harddisk0\DR0\Partition3
20:34:31.0261 3756 ============================================================
20:34:31.0261 3756 Initialize success
20:34:31.0261 3756 ============================================================
20:34:35.0410 3628 ============================================================
20:34:35.0410 3628 Scan started
20:34:35.0410 3628 Mode: Manual; SigCheck; TDLFS;
20:34:35.0410 3628 ============================================================
20:34:35.0987 3628 ================ Scan system memory ========================
20:34:35.0987 3628 System memory - ok
20:34:35.0987 3628 ================ Scan services =============================
20:34:36.0097 3628 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:34:36.0175 3628 1394ohci - ok
20:34:36.0190 3628 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:34:36.0206 3628 ACPI - ok
20:34:36.0206 3628 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:34:36.0268 3628 AcpiPmi - ok
20:34:36.0346 3628 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:34:36.0377 3628 AdobeARMservice - ok
20:34:36.0440 3628 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:34:36.0471 3628 AdobeFlashPlayerUpdateSvc - ok
20:34:36.0518 3628 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:34:36.0533 3628 adp94xx - ok
20:34:36.0549 3628 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:34:36.0565 3628 adpahci - ok
20:34:36.0580 3628 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:34:36.0580 3628 adpu320 - ok
20:34:36.0611 3628 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:34:36.0721 3628 AeLookupSvc - ok
20:34:36.0767 3628 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:34:36.0861 3628 AFD - ok
20:34:36.0861 3628 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:34:36.0877 3628 agp440 - ok
20:34:36.0892 3628 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:34:36.0908 3628 ALG - ok
20:34:36.0923 3628 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:34:36.0923 3628 aliide - ok
20:34:36.0939 3628 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:34:36.0955 3628 amdide - ok
20:34:36.0970 3628 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:34:37.0001 3628 AmdK8 - ok
20:34:37.0017 3628 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:34:37.0079 3628 AmdPPM - ok
20:34:37.0095 3628 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:34:37.0111 3628 amdsata - ok
20:34:37.0126 3628 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:34:37.0142 3628 amdsbs - ok
20:34:37.0142 3628 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:34:37.0157 3628 amdxata - ok
20:34:37.0189 3628 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:34:37.0235 3628 AppID - ok
20:34:37.0251 3628 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:34:37.0298 3628 AppIDSvc - ok
20:34:37.0313 3628 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:34:37.0360 3628 Appinfo - ok
20:34:37.0376 3628 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:34:37.0376 3628 arc - ok
20:34:37.0391 3628 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:34:37.0407 3628 arcsas - ok
20:34:37.0516 3628 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:34:37.0547 3628 aspnet_state - ok
20:34:37.0547 3628 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:34:37.0594 3628 AsyncMac - ok
20:34:37.0610 3628 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:34:37.0625 3628 atapi - ok
20:34:37.0657 3628 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:34:37.0750 3628 AudioEndpointBuilder - ok
20:34:37.0750 3628 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:34:37.0797 3628 AudioSrv - ok
20:34:37.0828 3628 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:34:37.0859 3628 AxInstSV - ok
20:34:37.0891 3628 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:34:37.0906 3628 b06bdrv - ok
20:34:37.0937 3628 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:34:37.0969 3628 b57nd60a - ok
20:34:37.0984 3628 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:34:38.0000 3628 BDESVC - ok
20:34:38.0047 3628 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:34:38.0187 3628 Beep - ok
20:34:38.0234 3628 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:34:38.0296 3628 BFE - ok
20:34:38.0327 3628 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:34:38.0359 3628 BITS - ok
20:34:38.0374 3628 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:34:38.0390 3628 blbdrive - ok
20:34:38.0421 3628 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:34:38.0452 3628 bowser - ok
20:34:38.0468 3628 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:34:38.0546 3628 BrFiltLo - ok
20:34:38.0561 3628 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:34:38.0577 3628 BrFiltUp - ok
20:34:38.0608 3628 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:34:38.0624 3628 Browser - ok
20:34:38.0639 3628 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:34:38.0655 3628 Brserid - ok
20:34:38.0671 3628 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:34:38.0686 3628 BrSerWdm - ok
20:34:38.0686 3628 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:34:38.0717 3628 BrUsbMdm - ok
20:34:38.0717 3628 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:34:38.0733 3628 BrUsbSer - ok
20:34:38.0749 3628 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:34:38.0764 3628 BTHMODEM - ok
20:34:38.0780 3628 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:34:38.0811 3628 bthserv - ok
20:34:38.0827 3628 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:34:38.0858 3628 cdfs - ok
20:34:38.0889 3628 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:34:38.0905 3628 cdrom - ok
20:34:38.0936 3628 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:34:38.0967 3628 CertPropSvc - ok
20:34:38.0983 3628 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:34:38.0998 3628 circlass - ok
20:34:39.0014 3628 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:34:39.0029 3628 CLFS - ok
20:34:39.0076 3628 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:34:39.0076 3628 clr_optimization_v2.0.50727_32 - ok
20:34:39.0123 3628 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:34:39.0139 3628 clr_optimization_v2.0.50727_64 - ok
20:34:39.0201 3628 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:34:39.0232 3628 clr_optimization_v4.0.30319_32 - ok
20:34:39.0248 3628 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:34:39.0279 3628 clr_optimization_v4.0.30319_64 - ok
20:34:39.0310 3628 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:34:39.0326 3628 CmBatt - ok
20:34:39.0357 3628 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:34:39.0373 3628 cmdide - ok
20:34:39.0404 3628 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:34:39.0435 3628 CNG - ok
20:34:39.0451 3628 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:34:39.0451 3628 Compbatt - ok
20:34:39.0482 3628 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:34:39.0497 3628 CompositeBus - ok
20:34:39.0497 3628 COMSysApp - ok
20:34:39.0529 3628 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:34:39.0544 3628 crcdisk - ok
20:34:39.0560 3628 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:34:39.0575 3628 CryptSvc - ok
20:34:39.0591 3628 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:34:39.0638 3628 DcomLaunch - ok
20:34:39.0669 3628 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:34:39.0700 3628 defragsvc - ok
20:34:39.0731 3628 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:34:39.0794 3628 DfsC - ok
20:34:39.0809 3628 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:34:39.0856 3628 Dhcp - ok
20:34:39.0872 3628 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:34:39.0903 3628 discache - ok
20:34:39.0934 3628 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:34:39.0934 3628 Disk - ok
20:34:39.0981 3628 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:34:40.0028 3628 Dnscache - ok
20:34:40.0059 3628 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:34:40.0106 3628 dot3svc - ok
20:34:40.0121 3628 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:34:40.0168 3628 DPS - ok
20:34:40.0215 3628 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:34:40.0246 3628 drmkaud - ok
20:34:40.0293 3628 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:34:40.0309 3628 DXGKrnl - ok
20:34:40.0324 3628 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:34:40.0355 3628 EapHost - ok
20:34:40.0433 3628 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:34:40.0511 3628 ebdrv - ok
20:34:40.0558 3628 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:34:40.0574 3628 EFS - ok
20:34:40.0636 3628 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:34:40.0667 3628 ehRecvr - ok
20:34:40.0683 3628 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:34:40.0699 3628 ehSched - ok
20:34:40.0714 3628 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:34:40.0730 3628 elxstor - ok
20:34:40.0745 3628 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:34:40.0761 3628 ErrDev - ok
20:34:40.0792 3628 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:34:40.0823 3628 EventSystem - ok
20:34:40.0839 3628 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:34:40.0870 3628 exfat - ok
20:34:40.0886 3628 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:34:40.0917 3628 fastfat - ok
20:34:40.0948 3628 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:34:40.0979 3628 Fax - ok
20:34:40.0995 3628 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:34:41.0011 3628 fdc - ok
20:34:41.0042 3628 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:34:41.0073 3628 fdPHost - ok
20:34:41.0089 3628 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:34:41.0120 3628 FDResPub - ok
20:34:41.0135 3628 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:34:41.0135 3628 FileInfo - ok
20:34:41.0151 3628 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:34:41.0198 3628 Filetrace - ok
20:34:41.0213 3628 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:34:41.0229 3628 flpydisk - ok
20:34:41.0245 3628 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:34:41.0260 3628 FltMgr - ok
20:34:41.0323 3628 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:34:41.0369 3628 FontCache - ok
20:34:41.0401 3628 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:34:41.0432 3628 FontCache3.0.0.0 - ok
20:34:41.0447 3628 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:34:41.0463 3628 FsDepends - ok
20:34:41.0494 3628 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:34:41.0510 3628 Fs_Rec - ok
20:34:41.0541 3628 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:34:41.0557 3628 fvevol - ok
20:34:41.0572 3628 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:34:41.0588 3628 gagp30kx - ok
20:34:41.0635 3628 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:34:41.0666 3628 gpsvc - ok
20:34:41.0713 3628 [ E859CA020ED61899F3C74A8D0032D05C ] Guard.Mail.ru C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
20:34:41.0744 3628 Guard.Mail.ru - ok
20:34:41.0759 3628 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:34:41.0759 3628 hcw85cir - ok
20:34:41.0806 3628 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:34:41.0853 3628 HdAudAddService - ok
20:34:41.0884 3628 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:34:41.0915 3628 HDAudBus - ok
20:34:41.0931 3628 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:34:41.0931 3628 HidBatt - ok
20:34:41.0947 3628 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:34:41.0962 3628 HidBth - ok
20:34:41.0978 3628 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:34:41.0993 3628 HidIr - ok
20:34:42.0009 3628 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:34:42.0071 3628 hidserv - ok
20:34:42.0087 3628 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:34:42.0103 3628 HidUsb - ok
20:34:42.0134 3628 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:34:42.0165 3628 hkmsvc - ok
20:34:42.0181 3628 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:34:42.0212 3628 HomeGroupListener - ok
20:34:42.0227 3628 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:34:42.0243 3628 HomeGroupProvider - ok
20:34:42.0259 3628 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:34:42.0274 3628 HpSAMD - ok
20:34:42.0305 3628 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:34:42.0352 3628 HTTP - ok
20:34:42.0383 3628 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:34:42.0399 3628 hwpolicy - ok
20:34:42.0430 3628 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:34:42.0446 3628 i8042prt - ok
20:34:42.0461 3628 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:34:42.0477 3628 iaStorV - ok
20:34:42.0508 3628 [ 9AC1E19D77BA038F24E2FAB5D95F70D3 ] ICQ Service C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE
20:34:42.0524 3628 ICQ Service - ok
20:34:42.0571 3628 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:34:42.0617 3628 idsvc - ok
20:34:42.0633 3628 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:34:42.0649 3628 iirsp - ok
20:34:42.0664 3628 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:34:42.0711 3628 IKEEXT - ok
20:34:42.0727 3628 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:34:42.0742 3628 intelide - ok
20:34:42.0758 3628 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:34:42.0773 3628 intelppm - ok
20:34:42.0805 3628 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:34:42.0836 3628 IPBusEnum - ok
20:34:42.0851 3628 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:34:42.0883 3628 IpFilterDriver - ok
20:34:42.0929 3628 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:34:42.0976 3628 iphlpsvc - ok
20:34:42.0992 3628 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:34:43.0023 3628 IPMIDRV - ok
20:34:43.0023 3628 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:34:43.0070 3628 IPNAT - ok
20:34:43.0101 3628 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:34:43.0117 3628 IRENUM - ok
20:34:43.0132 3628 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:34:43.0132 3628 isapnp - ok
20:34:43.0163 3628 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:34:43.0179 3628 iScsiPrt - ok
20:34:43.0226 3628 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:34:43.0257 3628 kbdclass - ok
20:34:43.0273 3628 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:34:43.0288 3628 kbdhid - ok
20:34:43.0288 3628 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:34:43.0304 3628 KeyIso - ok
20:34:43.0351 3628 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:34:43.0382 3628 KSecDD - ok
20:34:43.0397 3628 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:34:43.0413 3628 KSecPkg - ok
20:34:43.0429 3628 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:34:43.0460 3628 ksthunk - ok
20:34:43.0491 3628 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:34:43.0522 3628 KtmRm - ok
20:34:43.0553 3628 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:34:43.0585 3628 LanmanServer - ok
20:34:43.0616 3628 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:34:43.0631 3628 LanmanWorkstation - ok
20:34:43.0663 3628 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:34:43.0709 3628 lltdio - ok
20:34:43.0741 3628 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:34:43.0787 3628 lltdsvc - ok
20:34:43.0803 3628 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:34:43.0819 3628 lmhosts - ok
20:34:43.0850 3628 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:34:43.0865 3628 LSI_FC - ok
20:34:43.0865 3628 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:34:43.0881 3628 LSI_SAS - ok
20:34:43.0897 3628 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:34:43.0897 3628 LSI_SAS2 - ok
20:34:43.0912 3628 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:34:43.0928 3628 LSI_SCSI - ok
20:34:43.0943 3628 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:34:43.0975 3628 luafv - ok
20:34:44.0021 3628 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:34:44.0037 3628 MBAMProtector - ok
20:34:44.0084 3628 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:34:44.0131 3628 MBAMScheduler - ok
20:34:44.0162 3628 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:34:44.0177 3628 MBAMService - ok
20:34:44.0193 3628 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:34:44.0209 3628 Mcx2Svc - ok
20:34:44.0224 3628 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:34:44.0240 3628 megasas - ok
20:34:44.0240 3628 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:34:44.0255 3628 MegaSR - ok
20:34:44.0271 3628 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:34:44.0318 3628 MMCSS - ok
20:34:44.0333 3628 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:34:44.0411 3628 Modem - ok
20:34:44.0427 3628 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:34:44.0443 3628 monitor - ok
20:34:44.0458 3628 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:34:44.0474 3628 mouclass - ok
20:34:44.0489 3628 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:34:44.0505 3628 mouhid - ok
20:34:44.0521 3628 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:34:44.0536 3628 mountmgr - ok
20:34:44.0583 3628 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:34:44.0614 3628 MozillaMaintenance - ok
20:34:44.0645 3628 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:34:44.0692 3628 MpFilter - ok
20:34:44.0708 3628 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:34:44.0723 3628 mpio - ok
20:34:44.0739 3628 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:34:44.0786 3628 mpsdrv - ok
20:34:44.0817 3628 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:34:44.0864 3628 MpsSvc - ok
20:34:44.0895 3628 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:34:44.0911 3628 MRxDAV - ok
20:34:44.0942 3628 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:34:44.0989 3628 mrxsmb - ok
20:34:45.0020 3628 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:34:45.0051 3628 mrxsmb10 - ok
20:34:45.0067 3628 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:34:45.0082 3628 mrxsmb20 - ok
20:34:45.0082 3628 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:34:45.0098 3628 msahci - ok
20:34:45.0129 3628 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:34:45.0129 3628 msdsm - ok
20:34:45.0145 3628 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:34:45.0160 3628 MSDTC - ok
20:34:45.0176 3628 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:34:45.0207 3628 Msfs - ok
20:34:45.0223 3628 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:34:45.0269 3628 mshidkmdf - ok
20:34:45.0301 3628 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:34:45.0301 3628 msisadrv - ok
20:34:45.0332 3628 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:34:45.0363 3628 MSiSCSI - ok
20:34:45.0363 3628 msiserver - ok
20:34:45.0394 3628 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:34:45.0425 3628 MSKSSRV - ok
20:34:45.0472 3628 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:34:45.0519 3628 MsMpSvc - ok
20:34:45.0535 3628 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:34:45.0628 3628 MSPCLOCK - ok
20:34:45.0628 3628 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:34:45.0675 3628 MSPQM - ok
20:34:45.0691 3628 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:34:45.0706 3628 MsRPC - ok
20:34:45.0722 3628 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:34:45.0737 3628 mssmbios - ok
20:34:45.0753 3628 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:34:45.0784 3628 MSTEE - ok
20:34:45.0800 3628 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:34:45.0815 3628 MTConfig - ok
20:34:45.0831 3628 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:34:45.0831 3628 Mup - ok
20:34:45.0862 3628 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:34:45.0909 3628 napagent - ok
20:34:45.0925 3628 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:34:45.0940 3628 NativeWifiP - ok
20:34:45.0987 3628 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:34:46.0034 3628 NDIS - ok
20:34:46.0049 3628 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:34:46.0081 3628 NdisCap - ok
20:34:46.0081 3628 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:34:46.0112 3628 NdisTapi - ok
20:34:46.0143 3628 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:34:46.0159 3628 Ndisuio - ok
20:34:46.0190 3628 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:34:46.0221 3628 NdisWan - ok
20:34:46.0252 3628 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:34:46.0283 3628 NDProxy - ok
20:34:46.0299 3628 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:34:46.0330 3628 NetBIOS - ok
20:34:46.0346 3628 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:34:46.0393 3628 NetBT - ok
20:34:46.0393 3628 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:34:46.0408 3628 Netlogon - ok
20:34:46.0439 3628 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:34:46.0486 3628 Netman - ok
20:34:46.0517 3628 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:34:46.0517 3628 NetMsmqActivator - ok
20:34:46.0533 3628 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:34:46.0533 3628 NetPipeActivator - ok
20:34:46.0549 3628 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:34:46.0580 3628 netprofm - ok
20:34:46.0595 3628 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:34:46.0595 3628 NetTcpActivator - ok
20:34:46.0595 3628 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:34:46.0611 3628 NetTcpPortSharing - ok
20:34:46.0627 3628 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:34:46.0627 3628 nfrd960 - ok
20:34:46.0689 3628 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:34:46.0705 3628 NisDrv - ok
20:34:46.0720 3628 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
20:34:46.0736 3628 NisSrv - ok
20:34:46.0751 3628 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:34:46.0783 3628 NlaSvc - ok
20:34:46.0814 3628 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:34:46.0845 3628 Npfs - ok
20:34:46.0861 3628 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:34:46.0892 3628 nsi - ok
20:34:46.0892 3628 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:34:46.0923 3628 nsiproxy - ok
20:34:46.0970 3628 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:34:47.0001 3628 Ntfs - ok
20:34:47.0017 3628 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:34:47.0048 3628 Null - ok
20:34:47.0251 3628 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:34:47.0422 3628 nvlddmkm - ok
20:34:47.0453 3628 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:34:47.0469 3628 nvraid - ok
20:34:47.0485 3628 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:34:47.0485 3628 nvstor - ok
20:34:47.0531 3628 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
20:34:47.0563 3628 nvsvc - ok
20:34:47.0609 3628 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:34:47.0625 3628 nvUpdatusService - ok
20:34:47.0641 3628 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:34:47.0656 3628 nv_agp - ok
20:34:47.0687 3628 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:34:47.0719 3628 ohci1394 - ok
20:34:47.0734 3628 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:34:47.0765 3628 p2pimsvc - ok
20:34:47.0797 3628 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:34:47.0812 3628 p2psvc - ok
20:34:47.0859 3628 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:34:47.0859 3628 Parport - ok
20:34:47.0890 3628 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:34:47.0906 3628 partmgr - ok
20:34:47.0921 3628 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:34:47.0953 3628 PcaSvc - ok
20:34:47.0968 3628 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:34:47.0984 3628 pci - ok
20:34:47.0999 3628 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:34:47.0999 3628 pciide - ok
20:34:48.0046 3628 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:34:48.0109 3628 pcmcia - ok
20:34:48.0140 3628 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:34:48.0155 3628 pcw - ok
20:34:48.0171 3628 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:34:48.0218 3628 PEAUTH - ok
20:34:48.0280 3628 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:34:48.0327 3628 PerfHost - ok
20:34:48.0374 3628 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:34:48.0436 3628 pla - ok
20:34:48.0467 3628 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:34:48.0514 3628 PlugPlay - ok
20:34:48.0530 3628 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:34:48.0561 3628 PNRPAutoReg - ok
20:34:48.0561 3628 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:34:48.0592 3628 PNRPsvc - ok
20:34:48.0623 3628 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
20:34:48.0623 3628 Point64 - ok
20:34:48.0639 3628 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:34:48.0686 3628 PolicyAgent - ok
20:34:48.0701 3628 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:34:48.0748 3628 Power - ok
20:34:48.0779 3628 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:34:48.0857 3628 PptpMiniport - ok
20:34:48.0873 3628 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:34:48.0889 3628 Processor - ok
20:34:48.0935 3628 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:34:48.0951 3628 ProfSvc - ok
20:34:48.0967 3628 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:34:48.0967 3628 ProtectedStorage - ok
20:34:49.0013 3628 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:34:49.0091 3628 Psched - ok
20:34:49.0123 3628 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:34:49.0154 3628 ql2300 - ok
20:34:49.0169 3628 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:34:49.0185 3628 ql40xx - ok
20:34:49.0201 3628 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:34:49.0279 3628 QWAVE - ok
20:34:49.0279 3628 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:34:49.0294 3628 QWAVEdrv - ok
20:34:49.0310 3628 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:34:49.0341 3628 RasAcd - ok
20:34:49.0357 3628 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:34:49.0388 3628 RasAgileVpn - ok
20:34:49.0403 3628 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:34:49.0450 3628 RasAuto - ok
20:34:49.0466 3628 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:34:49.0513 3628 Rasl2tp - ok
20:34:49.0528 3628 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:34:49.0559 3628 RasMan - ok
20:34:49.0575 3628 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:34:49.0606 3628 RasPppoe - ok
20:34:49.0637 3628 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:34:49.0747 3628 RasSstp - ok
20:34:49.0778 3628 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:34:49.0825 3628 rdbss - ok
20:34:49.0840 3628 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:34:49.0856 3628 rdpbus - ok
20:34:49.0871 3628 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:34:49.0903 3628 RDPCDD - ok
20:34:49.0903 3628 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:34:49.0934 3628 RDPENCDD - ok
20:34:49.0949 3628 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:34:49.0981 3628 RDPREFMP - ok
20:34:50.0012 3628 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:34:50.0043 3628 RdpVideoMiniport - ok
20:34:50.0090 3628 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:34:50.0137 3628 RDPWD - ok
20:34:50.0152 3628 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:34:50.0168 3628 rdyboost - ok
20:34:50.0199 3628 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:34:50.0246 3628 RemoteAccess - ok
20:34:50.0261 3628 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:34:50.0339 3628 RemoteRegistry - ok
20:34:50.0371 3628 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:34:50.0417 3628 RpcEptMapper - ok
20:34:50.0417 3628 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:34:50.0433 3628 RpcLocator - ok
20:34:50.0464 3628 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:34:50.0495 3628 RpcSs - ok
20:34:50.0511 3628 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:34:50.0542 3628 rspndr - ok
20:34:50.0573 3628 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:34:50.0605 3628 RTL8167 - ok
20:34:50.0636 3628 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:34:50.0636 3628 SamSs - ok
20:34:50.0667 3628 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:34:50.0667 3628 sbp2port - ok
20:34:50.0698 3628 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:34:50.0729 3628 SCardSvr - ok
20:34:50.0745 3628 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:34:50.0776 3628 scfilter - ok
20:34:50.0823 3628 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:34:50.0901 3628 Schedule - ok
20:34:50.0917 3628 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:34:50.0963 3628 SCPolicySvc - ok
20:34:50.0979 3628 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:34:51.0010 3628 SDRSVC - ok
20:34:51.0026 3628 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:34:51.0073 3628 secdrv - ok
20:34:51.0088 3628 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:34:51.0135 3628 seclogon - ok
20:34:51.0135 3628 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:34:51.0166 3628 SENS - ok
20:34:51.0182 3628 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:34:51.0197 3628 SensrSvc - ok
20:34:51.0213 3628 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:34:51.0229 3628 Serenum - ok
20:34:51.0244 3628 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:34:51.0260 3628 Serial - ok
20:34:51.0260 3628 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:34:51.0291 3628 sermouse - ok
20:34:51.0322 3628 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:34:51.0353 3628 SessionEnv - ok
20:34:51.0369 3628 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:34:51.0400 3628 sffdisk - ok
20:34:51.0416 3628 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:34:51.0431 3628 sffp_mmc - ok
20:34:51.0431 3628 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:34:51.0447 3628 sffp_sd - ok
20:34:51.0478 3628 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:34:51.0494 3628 sfloppy - ok
20:34:51.0525 3628 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:34:51.0556 3628 SharedAccess - ok
20:34:51.0587 3628 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:34:51.0619 3628 ShellHWDetection - ok
20:34:51.0634 3628 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:34:51.0634 3628 SiSRaid2 - ok
20:34:51.0650 3628 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:34:51.0665 3628 SiSRaid4 - ok
20:34:51.0697 3628 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:34:51.0697 3628 SkypeUpdate - ok
20:34:51.0743 3628 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:34:51.0821 3628 Smb - ok
20:34:51.0837 3628 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:34:51.0853 3628 SNMPTRAP - ok
20:34:51.0868 3628 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:34:51.0884 3628 spldr - ok
20:34:51.0915 3628 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:34:51.0946 3628 Spooler - ok
20:34:52.0024 3628 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:34:52.0149 3628 sppsvc - ok
20:34:52.0149 3628 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:34:52.0196 3628 sppuinotify - ok
20:34:52.0227 3628 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:34:52.0243 3628 srv - ok
20:34:52.0258 3628 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:34:52.0289 3628 srv2 - ok
20:34:52.0305 3628 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:34:52.0305 3628 srvnet - ok
20:34:52.0352 3628 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:34:52.0414 3628 SSDPSRV - ok
20:34:52.0430 3628 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:34:52.0461 3628 SstpSvc - ok
20:34:52.0523 3628 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:34:52.0555 3628 Stereo Service - ok
20:34:52.0570 3628 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:34:52.0570 3628 stexstor - ok
20:34:52.0601 3628 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:34:52.0648 3628 stisvc - ok
20:34:52.0664 3628 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:34:52.0664 3628 swenum - ok
20:34:52.0679 3628 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:34:52.0726 3628 swprv - ok
20:34:52.0773 3628 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:34:52.0835 3628 SysMain - ok
20:34:52.0851 3628 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:34:52.0867 3628 TabletInputService - ok
20:34:52.0898 3628 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:34:52.0945 3628 TapiSrv - ok
20:34:52.0976 3628 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:34:53.0007 3628 TBS - ok
20:34:53.0054 3628 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:34:53.0101 3628 Tcpip - ok
20:34:53.0116 3628 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:34:53.0147 3628 TCPIP6 - ok
20:34:53.0179 3628 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:34:53.0210 3628 tcpipreg - ok
20:34:53.0241 3628 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:34:53.0257 3628 TDPIPE - ok
20:34:53.0272 3628 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:34:53.0288 3628 TDTCP - ok
20:34:53.0319 3628 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:34:53.0381 3628 tdx - ok
20:34:53.0397 3628 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:34:53.0397 3628 TermDD - ok
20:34:53.0428 3628 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:34:53.0459 3628 TermService - ok
20:34:53.0475 3628 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:34:53.0506 3628 Themes - ok
20:34:53.0522 3628 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:34:53.0553 3628 THREADORDER - ok
20:34:53.0569 3628 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:34:53.0600 3628 TrkWks - ok
20:34:53.0631 3628 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:34:53.0709 3628 TrustedInstaller - ok
20:34:53.0740 3628 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:34:53.0771 3628 tssecsrv - ok
20:34:53.0787 3628 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:34:53.0803 3628 TsUsbFlt - ok
20:34:53.0849 3628 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:34:53.0927 3628 tunnel - ok
20:34:53.0927 3628 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:34:53.0943 3628 uagp35 - ok
20:34:53.0959 3628 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:34:54.0005 3628 udfs - ok
20:34:54.0021 3628 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:34:54.0037 3628 UI0Detect - ok
20:34:54.0068 3628 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:34:54.0068 3628 uliagpkx - ok
20:34:54.0115 3628 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:34:54.0146 3628 umbus - ok
20:34:54.0161 3628 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:34:54.0193 3628 UmPass - ok
20:34:54.0208 3628 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:34:54.0255 3628 upnphost - ok
20:34:54.0286 3628 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:34:54.0364 3628 usbaudio - ok
20:34:54.0395 3628 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:34:54.0411 3628 usbccgp - ok
20:34:54.0427 3628 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:34:54.0458 3628 usbcir - ok
20:34:54.0473 3628 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:34:54.0473 3628 usbehci - ok
20:34:54.0489 3628 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:34:54.0520 3628 usbhub - ok
20:34:54.0536 3628 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:34:54.0551 3628 usbohci - ok
20:34:54.0583 3628 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:34:54.0598 3628 usbprint - ok
20:34:54.0614 3628 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:34:54.0614 3628 USBSTOR - ok
20:34:54.0629 3628 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:34:54.0676 3628 usbuhci - ok
20:34:54.0707 3628 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:34:54.0754 3628 UxSms - ok
20:34:54.0770 3628 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:34:54.0770 3628 VaultSvc - ok
20:34:54.0785 3628 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:34:54.0801 3628 vdrvroot - ok
20:34:54.0817 3628 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:34:54.0863 3628 vds - ok
20:34:54.0879 3628 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:34:54.0879 3628 vga - ok
20:34:54.0895 3628 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:34:54.0926 3628 VgaSave - ok
20:34:54.0941 3628 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:34:54.0941 3628 vhdmp - ok
20:34:54.0973 3628 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:34:55.0004 3628 viaide - ok
20:34:55.0019 3628 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:34:55.0035 3628 volmgr - ok
20:34:55.0066 3628 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:34:55.0082 3628 volmgrx - ok
20:34:55.0097 3628 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:34:55.0097 3628 volsnap - ok
20:34:55.0113 3628 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:34:55.0129 3628 vsmraid - ok
20:34:55.0160 3628 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:34:55.0222 3628 VSS - ok
20:34:55.0238 3628 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:34:55.0253 3628 vwifibus - ok
20:34:55.0269 3628 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:34:55.0331 3628 W32Time - ok
20:34:55.0331 3628 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:34:55.0363 3628 WacomPen - ok
20:34:55.0378 3628 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:34:55.0409 3628 WANARP - ok
20:34:55.0409 3628 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:34:55.0441 3628 Wanarpv6 - ok
20:34:55.0487 3628 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:34:55.0534 3628 wbengine - ok
20:34:55.0550 3628 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:34:55.0581 3628 WbioSrvc - ok
20:34:55.0597 3628 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:34:55.0628 3628 wcncsvc - ok
20:34:55.0643 3628 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:34:55.0659 3628 WcsPlugInService - ok
20:34:55.0659 3628 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:34:55.0675 3628 Wd - ok
20:34:55.0690 3628 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:34:55.0706 3628 Wdf01000 - ok
20:34:55.0721 3628 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:34:55.0753 3628 WdiServiceHost - ok
20:34:55.0753 3628 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:34:55.0768 3628 WdiSystemHost - ok
20:34:55.0799 3628 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:34:55.0815 3628 WebClient - ok
20:34:55.0831 3628 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:34:55.0877 3628 Wecsvc - ok
20:34:55.0893 3628 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:34:55.0987 3628 wercplsupport - ok
20:34:56.0002 3628 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:34:56.0033 3628 WerSvc - ok
20:34:56.0049 3628 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:34:56.0080 3628 WfpLwf - ok
20:34:56.0080 3628 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:34:56.0096 3628 WIMMount - ok
20:34:56.0111 3628 WinDefend - ok
20:34:56.0111 3628 WinHttpAutoProxySvc - ok
20:34:56.0158 3628 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:34:56.0205 3628 Winmgmt - ok
20:34:56.0252 3628 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:34:56.0314 3628 WinRM - ok
20:34:56.0345 3628 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:34:56.0377 3628 Wlansvc - ok
20:34:56.0392 3628 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:34:56.0392 3628 WmiAcpi - ok
20:34:56.0408 3628 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:34:56.0423 3628 wmiApSrv - ok
20:34:56.0439 3628 WMPNetworkSvc - ok
20:34:56.0455 3628 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:34:56.0470 3628 WPCSvc - ok
20:34:56.0486 3628 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:34:56.0501 3628 WPDBusEnum - ok
20:34:56.0517 3628 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:34:56.0548 3628 ws2ifsl - ok
20:34:56.0564 3628 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:34:56.0595 3628 wscsvc - ok
20:34:56.0595 3628 WSearch - ok
20:34:56.0673 3628 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:34:56.0767 3628 wuauserv - ok
20:34:56.0782 3628 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:34:56.0813 3628 WudfPf - ok
20:34:56.0876 3628 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:34:56.0938 3628 WUDFRd - ok
20:34:56.0954 3628 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:34:56.0985 3628 wudfsvc - ok
20:34:57.0001 3628 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:34:57.0016 3628 WwanSvc - ok
20:34:57.0032 3628 ================ Scan global ===============================
20:34:57.0063 3628 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:34:57.0094 3628 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:34:57.0125 3628 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:34:57.0157 3628 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:34:57.0172 3628 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:34:57.0188 3628 [Global] - ok
20:34:57.0188 3628 ================ Scan MBR ==================================
20:34:57.0188 3628 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:34:57.0422 3628 \Device\Harddisk0\DR0 - ok
20:34:57.0422 3628 ================ Scan VBR ==================================
20:34:57.0437 3628 [ E2A23A0ADAB2CB45E7628F70AC4BE1DB ] \Device\Harddisk0\DR0\Partition1
20:34:57.0437 3628 \Device\Harddisk0\DR0\Partition1 - ok
20:34:57.0469 3628 [ 4CF0D011F03661EC3982E13DC7938E4D ] \Device\Harddisk0\DR0\Partition2
20:34:57.0469 3628 \Device\Harddisk0\DR0\Partition2 - ok
20:34:57.0484 3628 [ 09022E3159CEFB407E35149EAB6DD751 ] \Device\Harddisk0\DR0\Partition3
20:34:57.0500 3628 \Device\Harddisk0\DR0\Partition3 - ok
20:34:57.0500 3628 ============================================================
20:34:57.0500 3628 Scan finished
20:34:57.0500 3628 ============================================================
20:34:57.0515 4428 Detected object count: 0
20:34:57.0515 4428 Actual detected object count: 0
|
|
05.01.2013, 16:03
| #8 | |
| /// Malware-holic | E-Mail mit Link bekommen; aus Versehen drauf geklickt Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 11:55
| #9 |
| | E-Mail mit Link bekommen; aus Versehen drauf geklickt Hi, vielen Dank. Hier das CF Log: Code:
ATTFilter ComboFix 13-01-05.01 - Anerose 06.01.2013 11:49:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4093.2536 [GMT 1:00]
ausgeführt von:: c:\users\Anerose\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-06 bis 2013-01-06 ))))))))))))))))))))))))))))))
.
.
2013-01-06 10:53 . 2013-01-06 10:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-06 10:53 . 2013-01-06 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-05 11:20 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D783E64D-20D0-41F0-926E-5F7B6CFEB247}\mpengine.dll
2013-01-03 14:26 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-28 17:07 . 2012-12-28 17:07 -------- d-----w- c:\programdata\Digipen
2012-12-28 17:07 . 2012-12-28 17:07 -------- d-----w- c:\users\Anerose\AppData\Roaming\NVIDIA
2012-12-28 17:06 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-12-28 17:06 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-12-28 17:06 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-12-28 17:06 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-12-28 17:06 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-12-28 17:06 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-12-28 17:06 . 2007-04-04 17:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2012-12-28 17:06 . 2007-04-04 17:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-12-28 17:06 . 2012-12-28 17:06 -------- d-----w- c:\program files (x86)\DigiPen
2012-12-28 13:43 . 2012-12-28 13:43 -------- d-----w- c:\users\Anerose\AppData\Local\Programs
2012-12-25 17:29 . 2012-12-25 17:30 -------- d-----w- c:\program files (x86)\FlashFXP 4
2012-12-25 17:29 . 2012-12-25 17:29 -------- d-----w- c:\programdata\FlashFXP
2012-12-25 17:01 . 2012-12-25 17:05 -------- d-----w- c:\program files (x86)\Common Files\Logox.4.0
2012-12-25 17:01 . 2012-12-25 17:01 159744 ----a-w- c:\windows\LgxSetup.exe
2012-12-21 17:51 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 17:51 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 17:51 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 17:51 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 17:09 . 2012-12-12 17:09 32768 ----a-w- c:\windows\system32\maplec.dll
2012-12-12 17:06 . 2012-12-12 17:11 -------- d-----w- c:\program files\Maple 14
2012-12-12 17:06 . 2012-12-12 17:09 -------- d--h--w- c:\program files (x86)\Zero G Registry
2012-12-12 17:05 . 2012-12-12 17:05 -------- d--h--w- c:\users\Anerose\InstallAnywhere
2012-12-12 09:32 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-12 09:32 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-12-12 06:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 06:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 06:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2012-07-12 17:56 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 09:33 . 2012-07-04 11:07 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 20:35 . 2012-07-04 13:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 20:35 . 2012-07-04 13:24 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-28 09:15 . 2012-11-28 09:15 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72AE473B-9842-431E-A373-654F4AB6E069}\gapaengine.dll
2012-11-01 21:48 . 2012-11-01 21:49 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-01 21:48 . 2012-11-01 21:49 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-01 21:48 . 2012-11-01 21:49 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-02-09 20:43 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-02-09 20:43 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-02-09 20:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-02-09 20:43 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}]
2011-12-28 12:21 128064 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7M\ICQ.exe" [2012-07-05 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-07-05 1564368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Anerose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-07-05 1564368]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 20:35]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748884160-2445454426-2993544468-1000Core.job
- c:\users\Anerose\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-27 12:23]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748884160-2445454426-2993544468-1000UA.job
- c:\users\Anerose\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-27 12:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Anerose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Anerose\AppData\Roaming\Mozilla\Firefox\Profiles\shx1pz2y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - forum.germansmash.de
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-06 11:55:07
ComboFix-quarantined-files.txt 2013-01-06 10:55
.
Vor Suchlauf: 9 Verzeichnis(se), 258.316.464.128 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 259.477.942.272 Bytes frei
.
- - End Of File - - 69B0360034DFF4242AE72B2F9B015F99
|
|
06.01.2013, 17:32
| #10 |
| /// Malware-holic | E-Mail mit Link bekommen; aus Versehen drauf geklickt Sieht alles gut aus. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 18:31
| #11 |
| | E-Mail mit Link bekommen; aus Versehen drauf geklickt Danke dir! Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.12.2012 6,00MB 11.5.502.135 -> notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.12.2012 6,00MB 11.5.502.135 -> notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 11.09.2012 155MB 10.1.4 -> notwendig Audacity 2.0 Audacity Team 13.07.2012 42,8MB -> notwendig CCleaner Piriform 19.12.2012 3.26 -> notwendig? CDBurnerXP CDBurnerXP 12.11.2012 17,6MB 4.4.2.3442 -> notwendig CodeBlocks The Code::Blocks Team 05.07.2012 10.05 -> notwendig EditPlus 3 ES-Computing 21.09.2012 -> unnötig ESET Online Scanner v3 02.11.2012 -> notwendig? FlashFXP v4.2 OpenSight Software, LLC 25.12.2012 4.2.5.1813 -> notwendig Free YouTube to MP3 Converter version 3.11.35.1031 DVDVideoSoft Ltd. 12.11.2012 61,9MB 3.11.35.1031 -> notwendig G DATA Logox4 Demo G DATA Software AG 25.12.2012 -> unnötig G DATA Logox4 Speechengine G DATA Software AG 25.12.2012 -> unnötig Google Talk Plugin Google 15.12.2012 20,3MB 3.11.7.10909 -> notwendig Guard.ICQ Mail.ru 05.07.2012 -> unbekannt ICQ Sparberater solute gmbh 05.07.2012 375KB 1.3.671 -> unbekannt ICQ Toolbar ICQ 05.07.2012 3.0.0 -> unnötig ICQ7M ICQ 05.07.2012 7.8 -> notwendig IrfanView (remove only) Irfan Skiljan 07.07.2012 1,50MB 4.32 -> unnötig Java 7 Update 9 Oracle 01.11.2012 128MB 7.0.90 -> notwendig League of Legends Riot Games 14.07.2012 1.3 -> notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 28.12.2012 18,4MB 1.70.0.1100 -> notwendig Maple 14 Maplesoft 12.12.2012 14.0.0.0 -> notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 05.07.2012 38,8MB 4.0.30319 -> notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 05.07.2012 2,93MB 4.0.30319 -> notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 08.07.2012 51,9MB 4.0.30319 -> notwendig Microsoft IntelliPoint 8.2 Microsoft Corporation 04.07.2012 8.20.468.0 -> unbekannt Microsoft Security Essentials Microsoft Corporation 02.10.2012 4.1.522.0 -> notwendig Microsoft Silverlight Microsoft Corporation 02.11.2012 50,6MB 5.1.10411.0 -> unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 13.12.2012 300KB 8.0.61001 -> unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 12.12.2012 708KB 8.0.61000 -> unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 24.08.2012 788KB 9.0.30729.6161 -> unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24.08.2012 600KB 9.0.30729.6161 -> unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 09.07.2012 13,8MB 10.0.40219 -> unbekannt MiKTeX 2.9 MiKTeX.org 07.07.2012 2.9 -> notwendig Mozilla Firefox 17.0.1 (x86 de) Mozilla 08.12.2012 41,1MB 17.0.1 -> notwendig Mozilla Maintenance Service Mozilla 08.12.2012 329KB 17.0.1 -> notwendig NVIDIA 3D Vision Treiber 306.97 NVIDIA Corporation 02.11.2012 306.97 -> notwendig NVIDIA Grafiktreiber 306.97 NVIDIA Corporation 02.11.2012 306.97 -> notwendig NVIDIA Update 1.10.8 NVIDIA Corporation 02.11.2012 1.10.8 -> notwendig OpenOffice.org 3.4.1 Apache Software Foundation 24.08.2012 331MB 3.41.9593 -> notwendig Pando Media Booster Pando Networks Inc. 14.07.2012 5,46MB 2.6.0.8 -> unbekannt Perspective 1.0 Widdershins 28.12.2012 1.0 -> notwendig Skype™ 6.0 Skype Technologies S.A. 27.11.2012 20,3MB 6.0.126 -> notwendig Texmaker 07.07.2012 -> notwendig WinRAR 4.20 (64-Bit) win.rar GmbH 21.10.2012 4.20.0 -> notwendig |
|
06.01.2013, 18:55
| #12 |
| /// Malware-holic | E-Mail mit Link bekommen; aus Versehen drauf geklickt deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: EditPlus ESET G DATA : beide Guard.ICQ ICQ Sparberater ICQ Toolbar IrfanView Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 17:56
| #13 |
| | E-Mail mit Link bekommen; aus Versehen drauf geklickt Hi, hat etwas gedauert, sorry. Vielen Dank für deine Bemühungen. Alles erledigt, hier das Log von AdwCleaner: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 09/01/2013 um 17:55:54 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Anerose - ANDI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Anerose\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Anerose\AppData\Roaming\Mozilla\Firefox\Profiles\shx1pz2y.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Anerose\AppData\Roaming\Mozilla\Firefox\Profiles\shx1pz2y.default\searchplugins\icqplugin-1.xml
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\Anerose\AppData\Roaming\Mozilla\Firefox\Profiles\shx1pz2y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Anerose\AppData\Roaming\Mozilla\Firefox\Profiles\shx1pz2y.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1780 octets] - [09/01/2013 17:55:54]
########## EOF - C:\AdwCleaner[R1].txt - [1840 octets] ##########
|
|
09.01.2013, 17:57
| #14 |
| /// Malware-holic | E-Mail mit Link bekommen; aus Versehen drauf geklickt Hi, Downloade Dir bitte AdwCleaner auf deinen Desktop.
Starte neu, teste, wie der PC, + Programme laufen, auch Den internet explorer mit testen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 18:07
| #15 |
| | E-Mail mit Link bekommen; aus Versehen drauf geklickt Danke.  Code:
ATTFilter # AdwCleaner v2.105 - Datei am 09/01/2013 um 18:02:29 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Anerose - ANDI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Anerose\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Anerose\AppData\Roaming\Mozilla\Firefox\Profiles\shx1pz2y.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Anerose\AppData\Roaming\Mozilla\Firefox\Profiles\shx1pz2y.default\searchplugins\icqplugin-1.xml
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Anerose\AppData\Roaming\Mozilla\Firefox\Profiles\shx1pz2y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Anerose\AppData\Roaming\Mozilla\Firefox\Profiles\shx1pz2y.default\prefs.js
C:\Users\Anerose\AppData\Roaming\Mozilla\Firefox\Profiles\shx1pz2y.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1909 octets] - [09/01/2013 17:55:54]
AdwCleaner[S1].txt - [1979 octets] - [09/01/2013 18:02:29]
########## EOF - C:\AdwCleaner[S1].txt - [2039 octets] ##########
|
|
| Themen zu E-Mail mit Link bekommen; aus Versehen drauf geklickt |
| amazon, angemeldet, e-mail, freue, geklickt, gemeldet, google, größte, helfer, leitet, leute, link, malware, malwarebytes, nichts, scan, scrollen, seite, stand, wunder, würde, überprüfe, überprüfen, zuständigen |
Linear-Darstellung
