| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer ist gesperrt - GVUWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.12.2012, 18:07
| #1 |
 |  Computer ist gesperrt - GVU Hallo liebe Community, wie scheinbar viele andere, habe auch ich das Problem GVU-Trojaner am Hals. Vielleicht kann mir jemand helfen, diesen Schädling zu entfernen. Vielen Dank! Nachtrag: Was ich noch vergessen habe zu sagen: In meiner ersten Verzweiflung habe ich den Computer runtergefahren, im abgesicherten Modus gestartet und Malwarebytes drüberlaufen lassen. Er fand 3 infizierte Dateien (Exploit.Drop.GS, Expolit.Drop.GSA und Trojan.Ransom.SUGen). Geändert von Andi_LA (28.12.2012 um 18:19 Uhr) |
|
28.12.2012, 18:22
| #2 |
| /// Malware-holic   | Computer ist gesperrt - GVU Hi
__________________das nächste Mal nicht einfach wild drauf los löschen. poste mMalwarebytes Logs mit Funden: http://www.trojaner-board.de/125889-...en-posten.html Danach: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
28.12.2012, 18:28
| #3 |
| | Computer ist gesperrt - GVU Hallo Markus,
__________________danke für die schnelle Antwort. Nach dem Fund von Malwarebytes habe ich nichts weiter unternommen. Ich hab dann schnellstens die Finger von meinem infizierten Laptop genommen. Das Logfile von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.28.09 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Andreas :: AL [Administrator] 28.12.2012 17:41:37 MBAM-log-2012-12-28 (18-23-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 336529 Laufzeit: 15 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Andreas\wgsdgsdgdsgsd.dll (Exploit.Drop.GS) -> Keine Aktion durchgeführt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Keine Aktion durchgeführt. (Ende) OTL werde ich nun gleich erledigen. |
|
28.12.2012, 18:31
| #4 |
| /// Malware-holic | Computer ist gesperrt - GVU Hi die Funde kannst du löschen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 18:53
| #5 |
| | Computer ist gesperrt - GVU Hallo Markus, anbei die OTL Inhalte: Extras.Txt: Code:
ATTFilter OTL Extras logfile created on: 28.12.2012 18:31:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,48% Memory free
4,00 Gb Paging File | 3,57 Gb Available in Paging File | 89,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,80 Gb Total Space | 24,02 Gb Free Space | 43,04% Space Free | Partition Type: NTFS
Computer Name: AL | User Name: Andreas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9370DA-3BC1-40C5-8969-A28668FE16EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B09C1E0-6C2D-44C9-B2AD-CF16B602EEB7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28F8EAA9-B98F-4925-8450-F16B1EF8B427}" = rport=138 | protocol=17 | dir=out | app=system |
"{2E42D866-EF6D-4511-B445-3C8F71229B5E}" = lport=137 | protocol=17 | dir=in | app=system |
"{34077668-C2CD-434E-8D4C-EBF6BD6A544B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4AAF7001-86B5-46A5-996F-BB07E2100275}" = lport=139 | protocol=6 | dir=in | app=system |
"{5B366C53-FE52-43CF-90FC-9FE8CB26F2E4}" = rport=445 | protocol=6 | dir=out | app=system |
"{631F06CD-32A9-419C-8B5B-981FBAF9ACAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{657AD9F7-B513-4E83-82E0-A32212AD8AB1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C10D2AB-3D63-4CBC-A5EE-F4AF2C78A103}" = lport=445 | protocol=6 | dir=in | app=system |
"{87A336DB-8131-4453-9932-8B783D3DAA2D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8861A9C7-21F1-491F-8042-BE869CA3CC1D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9877E05A-0600-43B4-96CE-75E096F9F1FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0F23B2E-3181-40EC-AF5A-B6B666EB3B06}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B21985B6-6F2A-4DA8-B440-45CEE51B94A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B47B36CE-6EF7-4DFB-8B45-B8069FB9DDCA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C0CBA233-E1AC-44B1-8260-9E7B03EFD645}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C427A65F-5F3D-4348-9C22-B3C555E6569A}" = lport=138 | protocol=17 | dir=in | app=system |
"{D23FAFCC-3009-495A-B428-7E02004EF7B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6845991-F5C0-4E82-9E2C-2D441F974092}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D9082A4D-978F-47A0-8991-DE3620317E50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE78E36B-8EF7-4DAC-8EC9-4EB9B48F741B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFD145D6-5D32-4D06-9AB2-CA45FC97F8F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E17B30F4-3B28-4575-80E6-D9548542C078}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ED0F3F32-6B34-4DA7-A996-35E85A623BAF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F32D7792-F2DA-4D5F-906E-0D7DC6D62E32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6E26891-60A1-43C3-9464-11FBDA6B88D5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FA876EB6-7993-4DA5-9B9B-8A5C050A5421}" = rport=137 | protocol=17 | dir=out | app=system |
"{FAF5D81D-73EF-4D09-8F9A-AE1D85464CE9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FDD743A2-EEB1-44D7-A855-4EEEF42E092E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFE0307F-1B31-4E1A-BE69-667616351362}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1765C9E0-231A-4AD0-9E84-EC50DE7A6A26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2290F40A-CC88-4F89-8CB4-21EC07A92607}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31D8BB1B-0FF8-4199-A655-683BB1C9FF6A}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{439F218A-C5DB-4B87-BA92-4B7D703AD91C}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{535ABD48-CACA-4351-AE68-6867E7FED8A5}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{585E0EFB-230F-42A3-ADB9-18FB45EEACE8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7273BC92-0651-43AA-87C0-7D6C6738F8F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72908349-AACD-4FE6-BBFE-A1BD347B4387}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DB520EC-275A-44FA-9CEA-5A8F78EE0BEC}" = protocol=17 | dir=in | app=c:\users\andreas\desktop\download\sweetimsetup.exe |
"{856B0EB2-1502-427C-A845-92E30B639CD2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{85E26858-F2F8-40F5-8EAC-972D7C8F98A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8D24BDED-2548-43DE-8941-DEC183583D95}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{92B18330-2AA3-4B6A-9C50-FF42BBB8BE0B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3F1E8ED-1B03-4EE6-A322-7A34FAD7327C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B942B47F-958F-4F14-8580-11DC9C4F25DF}" = protocol=6 | dir=out | app=system |
"{C713C8C3-4542-4636-9BE5-8994C9214D4C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C9FE0060-0A23-44CD-93BC-A0CFBF912B77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4142614-AC4A-4BCA-AB89-DDE44C296F20}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DC2E54E5-E38B-48A7-8299-D69DE91849D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E11B6610-A5B0-44B5-8669-D9591AE16EF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F22BF934-8CDE-4FDB-BE36-179A962051CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC6BCFC2-1246-454B-ABDD-A2940EF93AB1}" = protocol=6 | dir=in | app=c:\users\andreas\desktop\download\sweetimsetup.exe |
"{FC7C9AD1-E79F-447B-B9B7-9F24EB1AD423}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{F4543487-3F3B-4AD8-A04F-38918AD21FE4}C:\users\andreas\desktop\download\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\andreas\desktop\download\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe |
"UDP Query User{D1F7A37A-234F-40E7-B5CA-EE6BFBF3D0DD}C:\users\andreas\desktop\download\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\andreas\desktop\download\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{32A3A4F4-B792-11D6-A78A-00B0D0150040}" = J2SE Development Kit 5.0 Update 4
"{32A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}" = NHL® 08
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader_is1" = Foxit Reader 5.1
"GetSolar_is1" = GetSolar 8.2
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20110822 code)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Sweet Home 3D_is1" = Sweet Home 3D version 3.6
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WinSchafkopf XP" = WinSchafkopf XP
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"5006ead68dbe7de2" = EnEV-Rechner
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.12.2012 05:51:58 | Computer Name = AL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 09.12.2012 05:51:58 | Computer Name = AL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.12.2012 16:19:25 | Computer Name = AL | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
0x4e51d89c Name des fehlerhaften Moduls: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
0x4e51d89c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00075dd0 ID des fehlerhaften Prozesses:
0x950 Startzeit der fehlerhaften Anwendung: 0x01cdd7126d19b7f4 Pfad der fehlerhaften
Anwendung: C:\Program Files\gnubg\gnubg.exe Pfad des fehlerhaften Moduls: C:\Program
Files\gnubg\gnubg.exe Berichtskennung: e3a8f45e-4306-11e2-8559-001a6bbcc305
Error - 10.12.2012 17:47:39 | Computer Name = AL | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 12.3.0.48 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d80 Startzeit:
01cdd71c14230c8e Endzeit: 1779 Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe
Berichts-ID:
2b94c9de-4313-11e2-b1b9-001a6bbcc305
Error - 15.12.2012 04:47:00 | Computer Name = AL | Source = System Restore | ID = 8193
Description =
Error - 17.12.2012 15:59:56 | Computer Name = AL | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
0x4e51d89c Name des fehlerhaften Moduls: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
0x4e51d89c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00075dd0 ID des fehlerhaften Prozesses:
0xe78 Startzeit der fehlerhaften Anwendung: 0x01cddc90c49008f5 Pfad der fehlerhaften
Anwendung: C:\Program Files\gnubg\gnubg.exe Pfad des fehlerhaften Moduls: C:\Program
Files\gnubg\gnubg.exe Berichtskennung: 53cb6457-4884-11e2-a36c-001a6bbcc305
Error - 23.12.2012 05:57:37 | Computer Name = AL | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
0x4e51d89c Name des fehlerhaften Moduls: gnubg.exe, Version: 0.0.0.0, Zeitstempel:
0x4e51d89c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00075dd0 ID des fehlerhaften Prozesses:
0x4a8 Startzeit der fehlerhaften Anwendung: 0x01cde0f2eb98b4cf Pfad der fehlerhaften
Anwendung: C:\Program Files\gnubg\gnubg.exe Pfad des fehlerhaften Moduls: C:\Program
Files\gnubg\gnubg.exe Berichtskennung: 2dafb95d-4ce7-11e2-a36c-001a6bbcc305
Error - 24.12.2012 08:09:47 | Computer Name = AL | Source = System Restore | ID = 8193
Description =
Error - 28.12.2012 12:38:14 | Computer Name = AL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2012 12:38:14 | Computer Name = AL | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 17.11.2012 12:21:31 | Computer Name = AL | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 23.11.2012 08:42:45 | Computer Name = AL | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 25.11.2012 05:47:53 | Computer Name = AL | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 26.11.2012 12:10:37 | Computer Name = AL | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 01.12.2012 05:15:06 | Computer Name = AL | Source = volsnap | ID = 393283
Description = Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert
werden.
Error - 02.12.2012 05:05:26 | Computer Name = AL | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 04.12.2012 14:51:02 | Computer Name = AL | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.108 registriert werden. Der Computer mit IP-Adresse 192.168.2.10
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 08.12.2012 07:29:19 | Computer Name = AL | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 09.12.2012 16:41:27 | Computer Name = AL | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?12.?2012 um 21:40:09 unerwartet heruntergefahren.
Error - 10.12.2012 17:14:56 | Computer Name = AL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147014874
< End of report >
OTL.Txt: Code:
ATTFilter OTL logfile created on: 28.12.2012 18:31:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,48% Memory free 4,00 Gb Paging File | 3,57 Gb Available in Paging File | 89,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,80 Gb Total Space | 24,02 Gb Free Space | 43,04% Space Free | Partition Type: NTFS Computer Name: AL | User Name: Andreas | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.28 18:30:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2012.11.01 10:48:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.12 08:27:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.12 08:27:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.12 08:27:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2012.05.12 08:27:49 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.12 08:27:49 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.11.22 14:20:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey) DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009.10.03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.13 23:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.04.29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006.11.14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 63 F7 EF 19 02 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3C5A2A44-2396-4015-A903-159399DD95EE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=86ac460f-9def-41c7-97a8-f4664ddeb3b0&apn_sauid=0528A373-6525-4D6D-B3D6-B7BB53F5C7F9 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: status4evar@caligonstudios.com:2012.07.08.17 FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}:7.0.01 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=86ac460f-9def-41c7-97a8-f4664ddeb3b0&apn_ptnrs=%5EABT&apn_sauid=0528A373-6525-4D6D-B3D6-B7BB53F5C7F9&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 10:49:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 10:48:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.03 09:59:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.12.07 18:45:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 10:49:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 10:48:58 | 000,000,000 | ---D | M] [2011.09.24 10:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2012.11.05 17:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\7la9zzwz.default\extensions [2012.10.25 22:04:25 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\7la9zzwz.default\extensions\firefox@ghostery.com [2012.09.15 07:58:11 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\7la9zzwz.default\extensions\toolbar@ask.com [2012.06.29 14:04:48 | 000,811,915 | ---- | M] () (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\7la9zzwz.default\extensions\ffe_ff3ff4@game-point.net.xpi [2012.07.10 20:48:03 | 000,163,080 | ---- | M] () (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\7la9zzwz.default\extensions\status4evar@caligonstudios.com.xpi [2012.11.05 17:36:43 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\7la9zzwz.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.09.15 07:58:10 | 000,002,344 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\7la9zzwz.default\searchplugins\askcom.xml [2012.08.15 09:46:19 | 000,003,915 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\7la9zzwz.default\searchplugins\sweetim.xml [2012.11.01 10:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.01 10:49:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.28 20:51:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} hxxp://www.mediapromote.de/download/o2cplayerAC/o2cplayerac.cab (O2C-Player - area constructor view (ELECO Software GmbH)) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02C08FDB-AB6C-4CBA-9A7B-D48547FBCB76}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2012.12.28 18:30:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2012.12.28 17:40:59 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Programs [2012.12.28 17:32:53 | 000,204,712 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Andreas\wgsdgsdgdsgsd.dll [2012.12.23 16:25:02 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\IsolatedStorage [2012.12.23 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bundesverband Leichtbeton e.V [2012.12.23 16:24:29 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Deployment [2012.12.10 22:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.10 21:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe ========== Files - Modified Within 30 Days ========== [2012.12.28 18:30:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2012.12.28 17:43:53 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.28 17:43:53 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.28 17:43:53 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.28 17:43:53 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.28 17:41:09 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.28 17:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.28 17:38:07 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys [2012.12.28 17:34:23 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.28 17:32:54 | 000,002,939 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.28 17:32:54 | 000,001,053 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.28 17:32:53 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Andreas\wgsdgsdgdsgsd.dll [2012.12.25 10:57:52 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.25 10:57:52 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.24 13:28:24 | 000,294,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.23 16:24:59 | 000,000,418 | ---- | M] () -- C:\Users\Andreas\Desktop\EnEV-Rechner.appref-ms [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.10 22:14:38 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.06 20:08:50 | 000,953,897 | ---- | M] () -- C:\Users\Andreas\Desktop\4. Vorentwurf-5.pdf ========== Files Created - No Company Name ========== [2012.12.28 17:32:54 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.28 17:32:54 | 000,002,939 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.28 17:32:54 | 000,001,053 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.23 16:24:59 | 000,000,418 | ---- | C] () -- C:\Users\Andreas\Desktop\EnEV-Rechner.appref-ms [2012.12.07 13:38:58 | 000,953,897 | ---- | C] () -- C:\Users\Andreas\Desktop\4. Vorentwurf-5.pdf [2012.10.05 17:10:51 | 000,000,218 | ---- | C] () -- C:\Users\Andreas\.recently-used.xbel [2011.11.15 19:22:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.10.16 20:02:44 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2011.09.25 19:58:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.19 22:39:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software [2012.07.24 20:25:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0 [2011.10.16 21:06:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org [2011.11.15 19:51:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.09.24 10:53:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.09.24 10:53:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.20 21:41:33 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.28 17:32:54 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.09.24 10:53:03 | 000,000,000 | -HSD | M] -- C:\Programme [2011.09.24 10:53:03 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.12.28 14:30:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.24 10:53:11 | 000,000,000 | R--D | M] -- C:\Users [2012.12.28 17:38:07 | 000,000,000 | ---D | M] -- C:\Windows [2011.09.24 11:16:28 | 000,000,000 | ---D | M] -- C:\Windows.old < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 05:53:46 | 000,024,064 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\System32\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.10.05 17:10:51 | 000,000,218 | ---- | M] () -- C:\Users\Andreas\.recently-used.xbel [2012.12.28 18:33:51 | 001,835,008 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT [2012.12.28 18:33:51 | 000,262,144 | -HS- | M] () -- C:\Users\Andreas\ntuser.dat.LOG1 [2011.09.24 10:53:14 | 000,000,000 | -HS- | M] () -- C:\Users\Andreas\ntuser.dat.LOG2 [2011.09.24 12:00:41 | 000,065,536 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2011.09.24 12:00:41 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2011.09.24 12:00:41 | 000,524,288 | -HS- | M] () -- C:\Users\Andreas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2011.09.24 10:53:14 | 000,000,020 | -HS- | M] () -- C:\Users\Andreas\ntuser.ini [2012.12.28 17:32:53 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Andreas\wgsdgsdgdsgsd.dll < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
28.12.2012, 19:07
| #6 |
| /// Malware-holic | Computer ist gesperrt - GVU hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.12.28 17:32:54 | 000,002,939 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ --> Computer ist gesperrt - GVU |
|
28.12.2012, 19:14
| #7 |
| | Computer ist gesperrt - GVU Hallo Markus, Neustart hat geklappt, nur wegen Malwarebytes hat er gleich rumgemeckert, dass er da was nicht ausführen kann. Hier die Txt Datei von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Andreas
->Flash cache emptied: 515 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Andreas
->Temp folder emptied: 335133309 bytes
->Temporary Internet Files folder emptied: 200078302 bytes
->Java cache emptied: 15602039 bytes
->FireFox cache emptied: 392794506 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88775379 bytes
RecycleBin emptied: 11322786 bytes
Total Files Cleaned = 995,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12282012_190947
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Nachtrag: Der Flash Player will aktualisiert werden. Darf ich das jetzt schon machen? Rein aus Interesse gleich noch ne Frage: reicht avira als Schutz oder sollten noch weitere Maßnahmen ergriffen werden? Geändert von Andi_LA (28.12.2012 um 19:36 Uhr) |
|
30.12.2012, 14:14
| #8 |
| | Computer ist gesperrt - GVU Hallo Markus, ich weiß es ist erst der zweite Tag nach deiner letzten Antwort, aber ich wollte schon mal kurz nachfragen, wie es nun aussieht mit meinem System  |
|
02.01.2013, 20:52
| #9 |
| /// Malware-holic | Computer ist gesperrt - GVU War im Urlaub, steht eig ja auch in meiner Signatur... download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.01.2013, 21:02
| #10 |
| | Computer ist gesperrt - GVU Hallo Markus, danke für die Antwort. Funde tauchten keine auf. Hier der Report vom TDSSKiller: Code:
ATTFilter 20:58:11.0871 5564 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:58:12.0230 5564 ============================================================
20:58:12.0230 5564 Current date / time: 2013/01/02 20:58:12.0230
20:58:12.0230 5564 SystemInfo:
20:58:12.0230 5564
20:58:12.0230 5564 OS Version: 6.1.7601 ServicePack: 1.0
20:58:12.0230 5564 Product type: Workstation
20:58:12.0230 5564 ComputerName: AL
20:58:12.0230 5564 UserName: Andreas
20:58:12.0230 5564 Windows directory: C:\Windows
20:58:12.0230 5564 System windows directory: C:\Windows
20:58:12.0230 5564 Processor architecture: Intel x86
20:58:12.0230 5564 Number of processors: 2
20:58:12.0230 5564 Page size: 0x1000
20:58:12.0230 5564 Boot type: Normal boot
20:58:12.0230 5564 ============================================================
20:58:12.0589 5564 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:58:12.0589 5564 ============================================================
20:58:12.0589 5564 \Device\Harddisk0\DR0:
20:58:12.0589 5564 MBR partitions:
20:58:12.0589 5564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:58:12.0589 5564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
20:58:12.0589 5564 ============================================================
20:58:12.0589 5564 C: <-> \Device\Harddisk0\DR0\Partition2
20:58:12.0589 5564 ============================================================
20:58:12.0589 5564 Initialize success
20:58:12.0589 5564 ============================================================
20:58:36.0785 5664 ============================================================
20:58:36.0785 5664 Scan started
20:58:36.0785 5664 Mode: Manual; SigCheck; TDLFS;
20:58:36.0785 5664 ============================================================
20:58:36.0894 5664 ================ Scan system memory ========================
20:58:36.0894 5664 System memory - ok
20:58:36.0894 5664 ================ Scan services =============================
20:58:36.0956 5664 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:58:37.0003 5664 1394ohci - ok
20:58:37.0019 5664 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:58:37.0034 5664 ACPI - ok
20:58:37.0050 5664 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:58:37.0066 5664 AcpiPmi - ok
20:58:37.0081 5664 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:58:37.0112 5664 adp94xx - ok
20:58:37.0112 5664 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:58:37.0144 5664 adpahci - ok
20:58:37.0159 5664 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:58:37.0175 5664 adpu320 - ok
20:58:37.0190 5664 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:58:37.0206 5664 AeLookupSvc - ok
20:58:37.0222 5664 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:58:37.0237 5664 AFD - ok
20:58:37.0237 5664 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:58:37.0268 5664 agp440 - ok
20:58:37.0268 5664 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:58:37.0284 5664 aic78xx - ok
20:58:37.0300 5664 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:58:37.0315 5664 ALG - ok
20:58:37.0331 5664 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:58:37.0346 5664 aliide - ok
20:58:37.0346 5664 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:58:37.0362 5664 amdagp - ok
20:58:37.0378 5664 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:58:37.0393 5664 amdide - ok
20:58:37.0393 5664 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:58:37.0424 5664 AmdK8 - ok
20:58:37.0424 5664 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:58:37.0456 5664 AmdPPM - ok
20:58:37.0456 5664 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:58:37.0471 5664 amdsata - ok
20:58:37.0487 5664 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:58:37.0502 5664 amdsbs - ok
20:58:37.0502 5664 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:58:37.0534 5664 amdxata - ok
20:58:37.0534 5664 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:58:37.0549 5664 AntiVirSchedulerService - ok
20:58:37.0565 5664 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:58:37.0565 5664 AntiVirService - ok
20:58:37.0580 5664 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:58:37.0596 5664 AntiVirWebService - ok
20:58:37.0612 5664 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:58:37.0658 5664 AppID - ok
20:58:37.0658 5664 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:58:37.0690 5664 AppIDSvc - ok
20:58:37.0705 5664 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:58:37.0736 5664 Appinfo - ok
20:58:37.0736 5664 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
20:58:37.0768 5664 AppMgmt - ok
20:58:37.0768 5664 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:58:37.0783 5664 arc - ok
20:58:37.0799 5664 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:58:37.0814 5664 arcsas - ok
20:58:37.0814 5664 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:58:37.0877 5664 AsyncMac - ok
20:58:37.0877 5664 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:58:37.0892 5664 atapi - ok
20:58:37.0908 5664 [ BEFE54E9BC648A3C79C917A63B6EE7DA ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
20:58:37.0939 5664 ATSwpWDF - ok
20:58:37.0955 5664 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:58:38.0002 5664 AudioEndpointBuilder - ok
20:58:38.0017 5664 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:58:38.0048 5664 Audiosrv - ok
20:58:38.0048 5664 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:58:38.0064 5664 avgntflt - ok
20:58:38.0080 5664 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:58:38.0095 5664 avipbb - ok
20:58:38.0111 5664 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:58:38.0126 5664 avkmgr - ok
20:58:38.0126 5664 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:58:38.0173 5664 AxInstSV - ok
20:58:38.0173 5664 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:58:38.0204 5664 b06bdrv - ok
20:58:38.0220 5664 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:58:38.0236 5664 b57nd60x - ok
20:58:38.0251 5664 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:58:38.0267 5664 BDESVC - ok
20:58:38.0282 5664 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:58:38.0314 5664 Beep - ok
20:58:38.0314 5664 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:58:38.0360 5664 BFE - ok
20:58:38.0376 5664 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:58:38.0423 5664 BITS - ok
20:58:38.0423 5664 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:58:38.0438 5664 blbdrive - ok
20:58:38.0454 5664 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:58:38.0470 5664 bowser - ok
20:58:38.0470 5664 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:58:38.0501 5664 BrFiltLo - ok
20:58:38.0501 5664 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:58:38.0532 5664 BrFiltUp - ok
20:58:38.0532 5664 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:58:38.0563 5664 Browser - ok
20:58:38.0563 5664 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:58:38.0594 5664 Brserid - ok
20:58:38.0594 5664 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:58:38.0626 5664 BrSerWdm - ok
20:58:38.0626 5664 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:58:38.0657 5664 BrUsbMdm - ok
20:58:38.0657 5664 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:58:38.0672 5664 BrUsbSer - ok
20:58:38.0688 5664 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:58:38.0704 5664 BthEnum - ok
20:58:38.0704 5664 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:58:38.0735 5664 BTHMODEM - ok
20:58:38.0735 5664 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:58:38.0750 5664 BthPan - ok
20:58:38.0766 5664 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:58:38.0797 5664 BTHPORT - ok
20:58:38.0797 5664 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:58:38.0906 5664 bthserv - ok
20:58:38.0906 5664 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:58:38.0922 5664 BTHUSB - ok
20:58:38.0938 5664 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:58:38.0969 5664 cdfs - ok
20:58:38.0969 5664 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:58:39.0000 5664 cdrom - ok
20:58:39.0000 5664 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:58:39.0031 5664 CertPropSvc - ok
20:58:39.0047 5664 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:58:39.0062 5664 circlass - ok
20:58:39.0062 5664 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:58:39.0094 5664 CLFS - ok
20:58:39.0094 5664 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:58:39.0109 5664 clr_optimization_v2.0.50727_32 - ok
20:58:39.0125 5664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:58:39.0140 5664 clr_optimization_v4.0.30319_32 - ok
20:58:39.0140 5664 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:58:39.0172 5664 CmBatt - ok
20:58:39.0172 5664 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:58:39.0187 5664 cmdide - ok
20:58:39.0203 5664 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:58:39.0234 5664 CNG - ok
20:58:39.0250 5664 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:58:39.0250 5664 Com4QLBEx - ok
20:58:39.0265 5664 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:58:39.0281 5664 Compbatt - ok
20:58:39.0281 5664 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:58:39.0312 5664 CompositeBus - ok
20:58:39.0312 5664 COMSysApp - ok
20:58:39.0312 5664 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:58:39.0343 5664 crcdisk - ok
20:58:39.0343 5664 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:58:39.0374 5664 CryptSvc - ok
20:58:39.0390 5664 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
20:58:39.0421 5664 CSC - ok
20:58:39.0421 5664 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
20:58:39.0452 5664 CscService - ok
20:58:39.0468 5664 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:58:39.0499 5664 DcomLaunch - ok
20:58:39.0499 5664 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:58:39.0546 5664 defragsvc - ok
20:58:39.0562 5664 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:58:39.0593 5664 DfsC - ok
20:58:39.0593 5664 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:58:39.0624 5664 Dhcp - ok
20:58:39.0640 5664 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:58:39.0671 5664 discache - ok
20:58:39.0671 5664 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:58:39.0686 5664 Disk - ok
20:58:39.0702 5664 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:58:39.0718 5664 Dnscache - ok
20:58:39.0733 5664 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:58:39.0764 5664 dot3svc - ok
20:58:39.0780 5664 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:58:39.0811 5664 DPS - ok
20:58:39.0811 5664 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:58:39.0827 5664 drmkaud - ok
20:58:39.0842 5664 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:58:39.0889 5664 DXGKrnl - ok
20:58:39.0889 5664 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:58:39.0936 5664 EapHost - ok
20:58:39.0967 5664 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:58:40.0061 5664 ebdrv - ok
20:58:40.0061 5664 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:58:40.0092 5664 EFS - ok
20:58:40.0108 5664 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:58:40.0139 5664 ehRecvr - ok
20:58:40.0139 5664 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:58:40.0170 5664 ehSched - ok
20:58:40.0186 5664 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:58:40.0217 5664 elxstor - ok
20:58:40.0217 5664 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:58:40.0232 5664 ErrDev - ok
20:58:40.0248 5664 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:58:40.0279 5664 EventSystem - ok
20:58:40.0295 5664 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:58:40.0326 5664 exfat - ok
20:58:40.0342 5664 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:58:40.0373 5664 fastfat - ok
20:58:40.0388 5664 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:58:40.0420 5664 Fax - ok
20:58:40.0435 5664 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:58:40.0451 5664 fdc - ok
20:58:40.0451 5664 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:58:40.0482 5664 fdPHost - ok
20:58:40.0498 5664 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:58:40.0529 5664 FDResPub - ok
20:58:40.0529 5664 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:58:40.0560 5664 FileInfo - ok
20:58:40.0560 5664 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:58:40.0591 5664 Filetrace - ok
20:58:40.0591 5664 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:58:40.0622 5664 flpydisk - ok
20:58:40.0622 5664 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:58:40.0654 5664 FltMgr - ok
20:58:40.0669 5664 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
20:58:40.0700 5664 FontCache - ok
20:58:40.0716 5664 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:58:40.0732 5664 FontCache3.0.0.0 - ok
20:58:40.0732 5664 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:58:40.0747 5664 FsDepends - ok
20:58:40.0763 5664 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:58:40.0778 5664 Fs_Rec - ok
20:58:40.0778 5664 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:58:40.0810 5664 fvevol - ok
20:58:40.0810 5664 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:58:40.0825 5664 gagp30kx - ok
20:58:40.0841 5664 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:58:40.0888 5664 gpsvc - ok
20:58:40.0903 5664 [ C172F0D0329E46513B09E1FC60A27B9D ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
20:58:40.0919 5664 HBtnKey - ok
20:58:40.0919 5664 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:58:40.0934 5664 hcw85cir - ok
20:58:40.0950 5664 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:58:40.0981 5664 HdAudAddService - ok
20:58:40.0981 5664 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:58:40.0997 5664 HDAudBus - ok
20:58:41.0012 5664 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:58:41.0028 5664 HidBatt - ok
20:58:41.0028 5664 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:58:41.0059 5664 HidBth - ok
20:58:41.0059 5664 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:58:41.0075 5664 HidIr - ok
20:58:41.0090 5664 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:58:41.0122 5664 hidserv - ok
20:58:41.0122 5664 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:58:41.0153 5664 HidUsb - ok
20:58:41.0153 5664 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:58:41.0184 5664 hkmsvc - ok
20:58:41.0200 5664 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:58:41.0231 5664 HomeGroupListener - ok
20:58:41.0231 5664 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:58:41.0246 5664 HomeGroupProvider - ok
20:58:41.0262 5664 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:58:41.0278 5664 HpqKbFiltr - ok
20:58:41.0278 5664 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
20:58:41.0293 5664 hpqwmiex - ok
20:58:41.0309 5664 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:58:41.0324 5664 HpSAMD - ok
20:58:41.0340 5664 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:58:41.0371 5664 HTTP - ok
20:58:41.0371 5664 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:58:41.0387 5664 hwpolicy - ok
20:58:41.0387 5664 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:58:41.0418 5664 i8042prt - ok
20:58:41.0418 5664 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:58:41.0449 5664 iaStorV - ok
20:58:41.0465 5664 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:58:41.0527 5664 idsvc - ok
20:58:41.0527 5664 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:58:41.0558 5664 iirsp - ok
20:58:41.0574 5664 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:58:41.0621 5664 IKEEXT - ok
20:58:41.0621 5664 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:58:41.0652 5664 intelide - ok
20:58:41.0652 5664 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:58:41.0668 5664 intelppm - ok
20:58:41.0668 5664 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:58:41.0714 5664 IPBusEnum - ok
20:58:41.0714 5664 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:58:41.0746 5664 IpFilterDriver - ok
20:58:41.0761 5664 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:58:41.0777 5664 iphlpsvc - ok
20:58:41.0792 5664 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:58:41.0808 5664 IPMIDRV - ok
20:58:41.0824 5664 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:58:41.0855 5664 IPNAT - ok
20:58:41.0855 5664 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:58:41.0886 5664 IRENUM - ok
20:58:41.0886 5664 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:58:41.0902 5664 isapnp - ok
20:58:41.0917 5664 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:58:41.0948 5664 iScsiPrt - ok
20:58:41.0948 5664 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:58:41.0964 5664 kbdclass - ok
20:58:41.0980 5664 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:58:41.0995 5664 kbdhid - ok
20:58:41.0995 5664 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:58:42.0011 5664 KeyIso - ok
20:58:42.0011 5664 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:58:42.0042 5664 KSecDD - ok
20:58:42.0042 5664 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:58:42.0073 5664 KSecPkg - ok
20:58:42.0073 5664 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:58:42.0120 5664 KtmRm - ok
20:58:42.0136 5664 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:58:42.0182 5664 LanmanServer - ok
20:58:42.0182 5664 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:58:42.0229 5664 LanmanWorkstation - ok
20:58:42.0229 5664 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:58:42.0260 5664 lltdio - ok
20:58:42.0276 5664 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:58:42.0307 5664 lltdsvc - ok
20:58:42.0307 5664 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:58:42.0354 5664 lmhosts - ok
20:58:42.0354 5664 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:58:42.0385 5664 LSI_FC - ok
20:58:42.0385 5664 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:58:42.0401 5664 LSI_SAS - ok
20:58:42.0416 5664 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:58:42.0432 5664 LSI_SAS2 - ok
20:58:42.0432 5664 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:58:42.0463 5664 LSI_SCSI - ok
20:58:42.0463 5664 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:58:42.0494 5664 luafv - ok
20:58:42.0494 5664 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:58:42.0526 5664 Mcx2Svc - ok
20:58:42.0526 5664 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:58:42.0557 5664 megasas - ok
20:58:42.0557 5664 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:58:42.0588 5664 MegaSR - ok
20:58:42.0588 5664 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:58:42.0619 5664 MMCSS - ok
20:58:42.0635 5664 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:58:42.0666 5664 Modem - ok
20:58:42.0666 5664 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:58:42.0697 5664 monitor - ok
20:58:42.0697 5664 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:58:42.0713 5664 mouclass - ok
20:58:42.0728 5664 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:58:42.0744 5664 mouhid - ok
20:58:42.0744 5664 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:58:42.0760 5664 mountmgr - ok
20:58:42.0775 5664 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:58:42.0791 5664 MozillaMaintenance - ok
20:58:42.0791 5664 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:58:42.0822 5664 mpio - ok
20:58:42.0822 5664 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:58:42.0853 5664 mpsdrv - ok
20:58:42.0869 5664 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:58:42.0916 5664 MpsSvc - ok
20:58:42.0916 5664 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:58:42.0947 5664 MRxDAV - ok
20:58:42.0947 5664 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:58:42.0978 5664 mrxsmb - ok
20:58:42.0978 5664 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:58:43.0009 5664 mrxsmb10 - ok
20:58:43.0009 5664 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:58:43.0025 5664 mrxsmb20 - ok
20:58:43.0040 5664 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:58:43.0056 5664 msahci - ok
20:58:43.0056 5664 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:58:43.0087 5664 msdsm - ok
20:58:43.0087 5664 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:58:43.0118 5664 MSDTC - ok
20:58:43.0134 5664 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:58:43.0165 5664 Msfs - ok
20:58:43.0165 5664 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:58:43.0196 5664 mshidkmdf - ok
20:58:43.0196 5664 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:58:43.0212 5664 msisadrv - ok
20:58:43.0228 5664 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:58:43.0259 5664 MSiSCSI - ok
20:58:43.0274 5664 msiserver - ok
20:58:43.0274 5664 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:58:43.0306 5664 MSKSSRV - ok
20:58:43.0321 5664 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:58:43.0352 5664 MSPCLOCK - ok
20:58:43.0352 5664 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:58:43.0384 5664 MSPQM - ok
20:58:43.0384 5664 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:58:43.0415 5664 MsRPC - ok
20:58:43.0415 5664 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:58:43.0430 5664 mssmbios - ok
20:58:43.0446 5664 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:58:43.0477 5664 MSTEE - ok
20:58:43.0477 5664 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:58:43.0493 5664 MTConfig - ok
20:58:43.0493 5664 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:58:43.0524 5664 Mup - ok
20:58:43.0524 5664 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:58:43.0555 5664 napagent - ok
20:58:43.0571 5664 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:58:43.0602 5664 NativeWifiP - ok
20:58:43.0618 5664 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:58:43.0633 5664 NDIS - ok
20:58:43.0649 5664 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:58:43.0680 5664 NdisCap - ok
20:58:43.0680 5664 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:58:43.0711 5664 NdisTapi - ok
20:58:43.0727 5664 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:58:43.0758 5664 Ndisuio - ok
20:58:43.0758 5664 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:58:43.0805 5664 NdisWan - ok
20:58:43.0805 5664 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:58:43.0836 5664 NDProxy - ok
20:58:43.0836 5664 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:58:43.0883 5664 NetBIOS - ok
20:58:43.0883 5664 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:58:43.0914 5664 NetBT - ok
20:58:43.0914 5664 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:58:43.0930 5664 Netlogon - ok
20:58:43.0945 5664 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:58:43.0976 5664 Netman - ok
20:58:43.0976 5664 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:58:44.0023 5664 netprofm - ok
20:58:44.0023 5664 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:58:44.0039 5664 NetTcpPortSharing - ok
20:58:44.0101 5664 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
20:58:44.0210 5664 netw5v32 - ok
20:58:44.0226 5664 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:58:44.0242 5664 nfrd960 - ok
20:58:44.0242 5664 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:58:44.0273 5664 NlaSvc - ok
20:58:44.0288 5664 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:58:44.0320 5664 Npfs - ok
20:58:44.0320 5664 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:58:44.0351 5664 nsi - ok
20:58:44.0366 5664 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:58:44.0382 5664 nsiproxy - ok
20:58:44.0413 5664 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:58:44.0460 5664 Ntfs - ok
20:58:44.0476 5664 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:58:44.0507 5664 Null - ok
20:58:44.0678 5664 [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:58:44.0912 5664 nvlddmkm - ok
20:58:44.0928 5664 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:58:44.0944 5664 nvraid - ok
20:58:44.0959 5664 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:58:44.0975 5664 nvstor - ok
20:58:44.0990 5664 [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc C:\Windows\system32\nvvsvc.exe
20:58:45.0006 5664 nvsvc - ok
20:58:45.0006 5664 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:58:45.0037 5664 nv_agp - ok
20:58:45.0037 5664 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:58:45.0053 5664 ohci1394 - ok
20:58:45.0068 5664 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:58:45.0084 5664 p2pimsvc - ok
20:58:45.0100 5664 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:58:45.0115 5664 p2psvc - ok
20:58:45.0131 5664 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:58:45.0146 5664 Parport - ok
20:58:45.0146 5664 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:58:45.0178 5664 partmgr - ok
20:58:45.0178 5664 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:58:45.0193 5664 Parvdm - ok
20:58:45.0209 5664 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:58:45.0224 5664 PcaSvc - ok
20:58:45.0240 5664 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:58:45.0256 5664 pci - ok
20:58:45.0256 5664 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:58:45.0287 5664 pciide - ok
20:58:45.0287 5664 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:58:45.0318 5664 pcmcia - ok
20:58:45.0318 5664 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:58:45.0334 5664 pcw - ok
20:58:45.0349 5664 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:58:45.0396 5664 PEAUTH - ok
20:58:45.0412 5664 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:58:45.0443 5664 PeerDistSvc - ok
20:58:45.0490 5664 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:58:45.0552 5664 pla - ok
20:58:45.0568 5664 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:58:45.0599 5664 PlugPlay - ok
20:58:45.0599 5664 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:58:45.0630 5664 PNRPAutoReg - ok
20:58:45.0630 5664 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:58:45.0646 5664 PNRPsvc - ok
20:58:45.0661 5664 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:58:45.0708 5664 PolicyAgent - ok
20:58:45.0724 5664 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:58:45.0739 5664 Power - ok
20:58:45.0755 5664 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:58:45.0786 5664 PptpMiniport - ok
20:58:45.0786 5664 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:58:45.0817 5664 Processor - ok
20:58:45.0817 5664 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:58:45.0848 5664 ProfSvc - ok
20:58:45.0848 5664 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:58:45.0864 5664 ProtectedStorage - ok
20:58:45.0880 5664 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:58:45.0911 5664 Psched - ok
20:58:45.0926 5664 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:58:45.0973 5664 ql2300 - ok
20:58:45.0989 5664 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:58:46.0004 5664 ql40xx - ok
20:58:46.0004 5664 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:58:46.0036 5664 QWAVE - ok
20:58:46.0051 5664 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:58:46.0067 5664 QWAVEdrv - ok
20:58:46.0067 5664 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:58:46.0114 5664 RasAcd - ok
20:58:46.0114 5664 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:58:46.0145 5664 RasAgileVpn - ok
20:58:46.0145 5664 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:58:46.0192 5664 RasAuto - ok
20:58:46.0192 5664 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:58:46.0238 5664 Rasl2tp - ok
20:58:46.0238 5664 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:58:46.0285 5664 RasMan - ok
20:58:46.0285 5664 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:58:46.0332 5664 RasPppoe - ok
20:58:46.0332 5664 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:58:46.0363 5664 RasSstp - ok
20:58:46.0379 5664 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:58:46.0410 5664 rdbss - ok
20:58:46.0410 5664 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:58:46.0441 5664 rdpbus - ok
20:58:46.0441 5664 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:58:46.0472 5664 RDPCDD - ok
20:58:46.0472 5664 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:58:46.0504 5664 RDPDR - ok
20:58:46.0504 5664 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:58:46.0535 5664 RDPENCDD - ok
20:58:46.0535 5664 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:58:46.0566 5664 RDPREFMP - ok
20:58:46.0566 5664 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:58:46.0597 5664 RDPWD - ok
20:58:46.0597 5664 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:58:46.0628 5664 rdyboost - ok
20:58:46.0628 5664 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:58:46.0675 5664 RemoteAccess - ok
20:58:46.0675 5664 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:58:46.0722 5664 RemoteRegistry - ok
20:58:46.0722 5664 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:58:46.0753 5664 RFCOMM - ok
20:58:46.0753 5664 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
20:58:46.0769 5664 rismxdp - ok
20:58:46.0769 5664 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:58:46.0816 5664 RpcEptMapper - ok
20:58:46.0816 5664 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:58:46.0831 5664 RpcLocator - ok
20:58:46.0847 5664 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:58:46.0878 5664 RpcSs - ok
20:58:46.0878 5664 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:58:46.0909 5664 rspndr - ok
20:58:46.0925 5664 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:58:46.0940 5664 RTL8167 - ok
20:58:46.0940 5664 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:58:46.0972 5664 s3cap - ok
20:58:46.0972 5664 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:58:46.0987 5664 SamSs - ok
20:58:46.0987 5664 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:58:47.0003 5664 sbp2port - ok
20:58:47.0018 5664 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:58:47.0050 5664 SCardSvr - ok
20:58:47.0065 5664 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:58:47.0096 5664 scfilter - ok
20:58:47.0112 5664 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:58:47.0174 5664 Schedule - ok
20:58:47.0174 5664 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:58:47.0206 5664 SCPolicySvc - ok
20:58:47.0206 5664 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:58:47.0221 5664 sdbus - ok
20:58:47.0237 5664 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:58:47.0268 5664 SDRSVC - ok
20:58:47.0268 5664 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:58:47.0299 5664 secdrv - ok
20:58:47.0299 5664 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:58:47.0346 5664 seclogon - ok
20:58:47.0346 5664 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:58:47.0377 5664 SENS - ok
20:58:47.0377 5664 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:58:47.0408 5664 SensrSvc - ok
20:58:47.0408 5664 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:58:47.0424 5664 Serenum - ok
20:58:47.0440 5664 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:58:47.0455 5664 Serial - ok
20:58:47.0455 5664 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:58:47.0486 5664 sermouse - ok
20:58:47.0502 5664 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:58:47.0533 5664 SessionEnv - ok
20:58:47.0549 5664 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:58:47.0564 5664 sffdisk - ok
20:58:47.0564 5664 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:58:47.0580 5664 sffp_mmc - ok
20:58:47.0596 5664 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:58:47.0611 5664 sffp_sd - ok
20:58:47.0611 5664 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:58:47.0627 5664 sfloppy - ok
20:58:47.0642 5664 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:58:47.0689 5664 SharedAccess - ok
20:58:47.0689 5664 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:58:47.0736 5664 ShellHWDetection - ok
20:58:47.0752 5664 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:58:47.0767 5664 sisagp - ok
20:58:47.0767 5664 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:58:47.0798 5664 SiSRaid2 - ok
20:58:47.0798 5664 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:58:47.0814 5664 SiSRaid4 - ok
20:58:47.0814 5664 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:58:47.0861 5664 Smb - ok
20:58:47.0876 5664 [ 19301C27F3425DC39F6C599F527E507D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
20:58:47.0923 5664 smserial - ok
20:58:47.0939 5664 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:58:47.0954 5664 SNMPTRAP - ok
20:58:47.0954 5664 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:58:47.0970 5664 spldr - ok
20:58:47.0986 5664 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:58:48.0017 5664 Spooler - ok
20:58:48.0079 5664 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:58:48.0157 5664 sppsvc - ok
20:58:48.0157 5664 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:58:48.0188 5664 sppuinotify - ok
20:58:48.0204 5664 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:58:48.0235 5664 srv - ok
20:58:48.0235 5664 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:58:48.0266 5664 srv2 - ok
20:58:48.0282 5664 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:58:48.0298 5664 srvnet - ok
20:58:48.0298 5664 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:58:48.0344 5664 SSDPSRV - ok
20:58:48.0344 5664 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:58:48.0360 5664 ssmdrv - ok
20:58:48.0376 5664 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:58:48.0422 5664 SstpSvc - ok
20:58:48.0422 5664 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:58:48.0438 5664 stexstor - ok
20:58:48.0454 5664 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:58:48.0500 5664 StiSvc - ok
20:58:48.0500 5664 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:58:48.0516 5664 storflt - ok
20:58:48.0532 5664 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
20:58:48.0547 5664 StorSvc - ok
20:58:48.0547 5664 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:58:48.0563 5664 storvsc - ok
20:58:48.0578 5664 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:58:48.0594 5664 swenum - ok
20:58:48.0610 5664 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:58:48.0641 5664 swprv - ok
20:58:48.0656 5664 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:58:48.0688 5664 SysMain - ok
20:58:48.0703 5664 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:58:48.0734 5664 TabletInputService - ok
20:58:48.0734 5664 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:58:48.0781 5664 TapiSrv - ok
20:58:48.0781 5664 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:58:48.0812 5664 TBS - ok
20:58:48.0828 5664 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:58:48.0890 5664 Tcpip - ok
20:58:48.0906 5664 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:58:48.0937 5664 TCPIP6 - ok
20:58:48.0953 5664 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:58:48.0968 5664 tcpipreg - ok
20:58:48.0984 5664 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:58:49.0000 5664 TDPIPE - ok
20:58:49.0000 5664 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:58:49.0015 5664 TDTCP - ok
20:58:49.0031 5664 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:58:49.0062 5664 tdx - ok
20:58:49.0062 5664 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:58:49.0093 5664 TermDD - ok
20:58:49.0093 5664 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:58:49.0156 5664 TermService - ok
20:58:49.0156 5664 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:58:49.0187 5664 Themes - ok
20:58:49.0187 5664 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:58:49.0218 5664 THREADORDER - ok
20:58:49.0218 5664 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:58:49.0265 5664 TrkWks - ok
20:58:49.0265 5664 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:58:49.0296 5664 TrustedInstaller - ok
20:58:49.0312 5664 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:58:49.0343 5664 tssecsrv - ok
20:58:49.0343 5664 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:58:49.0358 5664 TsUsbFlt - ok
20:58:49.0374 5664 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:58:49.0405 5664 tunnel - ok
20:58:49.0405 5664 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:58:49.0436 5664 uagp35 - ok
20:58:49.0436 5664 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:58:49.0483 5664 udfs - ok
20:58:49.0483 5664 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:58:49.0514 5664 UI0Detect - ok
20:58:49.0514 5664 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:58:49.0546 5664 uliagpkx - ok
20:58:49.0546 5664 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:58:49.0561 5664 umbus - ok
20:58:49.0577 5664 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:58:49.0592 5664 UmPass - ok
20:58:49.0592 5664 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
20:58:49.0624 5664 UmRdpService - ok
20:58:49.0639 5664 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:58:49.0670 5664 upnphost - ok
20:58:49.0686 5664 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:58:49.0702 5664 usbccgp - ok
20:58:49.0702 5664 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:58:49.0733 5664 usbcir - ok
20:58:49.0733 5664 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:58:49.0748 5664 usbehci - ok
20:58:49.0764 5664 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:58:49.0795 5664 usbhub - ok
20:58:49.0795 5664 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:58:49.0811 5664 usbohci - ok
20:58:49.0826 5664 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:58:49.0842 5664 usbprint - ok
20:58:49.0842 5664 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:58:49.0858 5664 USBSTOR - ok
20:58:49.0873 5664 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:58:49.0889 5664 usbuhci - ok
20:58:49.0889 5664 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:58:49.0920 5664 usbvideo - ok
20:58:49.0920 5664 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:58:49.0951 5664 UxSms - ok
20:58:49.0967 5664 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:58:49.0982 5664 VaultSvc - ok
20:58:49.0982 5664 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:58:49.0998 5664 vdrvroot - ok
20:58:50.0014 5664 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:58:50.0076 5664 vds - ok
20:58:50.0076 5664 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:58:50.0092 5664 vga - ok
20:58:50.0107 5664 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:58:50.0138 5664 VgaSave - ok
20:58:50.0138 5664 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:58:50.0170 5664 vhdmp - ok
20:58:50.0170 5664 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:58:50.0201 5664 viaagp - ok
20:58:50.0201 5664 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:58:50.0216 5664 ViaC7 - ok
20:58:50.0232 5664 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:58:50.0248 5664 viaide - ok
20:58:50.0248 5664 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:58:50.0279 5664 vmbus - ok
20:58:50.0279 5664 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:58:50.0294 5664 VMBusHID - ok
20:58:50.0294 5664 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:58:50.0326 5664 volmgr - ok
20:58:50.0326 5664 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:58:50.0341 5664 volmgrx - ok
20:58:50.0357 5664 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:58:50.0388 5664 volsnap - ok
20:58:50.0388 5664 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:58:50.0419 5664 vsmraid - ok
20:58:50.0435 5664 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:58:50.0482 5664 VSS - ok
20:58:50.0497 5664 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:58:50.0513 5664 vwifibus - ok
20:58:50.0513 5664 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:58:50.0560 5664 W32Time - ok
20:58:50.0575 5664 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:58:50.0591 5664 WacomPen - ok
20:58:50.0591 5664 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:58:50.0638 5664 WANARP - ok
20:58:50.0638 5664 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:58:50.0669 5664 Wanarpv6 - ok
20:58:50.0684 5664 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:58:50.0731 5664 wbengine - ok
20:58:50.0747 5664 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:58:50.0778 5664 WbioSrvc - ok
20:58:50.0778 5664 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:58:50.0809 5664 wcncsvc - ok
20:58:50.0809 5664 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:58:50.0840 5664 WcsPlugInService - ok
20:58:50.0840 5664 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:58:50.0856 5664 Wd - ok
20:58:50.0872 5664 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:58:50.0903 5664 Wdf01000 - ok
20:58:50.0918 5664 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:58:50.0950 5664 WdiServiceHost - ok
20:58:50.0950 5664 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:58:50.0981 5664 WdiSystemHost - ok
20:58:50.0981 5664 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:58:51.0012 5664 WebClient - ok
20:58:51.0028 5664 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:58:51.0059 5664 Wecsvc - ok
20:58:51.0059 5664 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:58:51.0106 5664 wercplsupport - ok
20:58:51.0106 5664 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:58:51.0152 5664 WerSvc - ok
20:58:51.0152 5664 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:58:51.0184 5664 WfpLwf - ok
20:58:51.0184 5664 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:58:51.0199 5664 WIMMount - ok
20:58:51.0215 5664 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:58:51.0246 5664 WinDefend - ok
20:58:51.0262 5664 WinHttpAutoProxySvc - ok
20:58:51.0277 5664 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:58:51.0308 5664 Winmgmt - ok
20:58:51.0340 5664 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:58:51.0386 5664 WinRM - ok
20:58:51.0418 5664 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:58:51.0449 5664 Wlansvc - ok
20:58:51.0449 5664 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:58:51.0464 5664 WmiAcpi - ok
20:58:51.0480 5664 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:58:51.0496 5664 wmiApSrv - ok
20:58:51.0511 5664 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:58:51.0542 5664 WMPNetworkSvc - ok
20:58:51.0558 5664 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:58:51.0574 5664 WPCSvc - ok
20:58:51.0589 5664 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:58:51.0605 5664 WPDBusEnum - ok
20:58:51.0620 5664 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:58:51.0652 5664 ws2ifsl - ok
20:58:51.0652 5664 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:58:51.0683 5664 wscsvc - ok
20:58:51.0683 5664 WSearch - ok
20:58:51.0714 5664 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:58:51.0761 5664 wuauserv - ok
20:58:51.0776 5664 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:58:51.0792 5664 WudfPf - ok
20:58:51.0808 5664 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:58:51.0823 5664 WUDFRd - ok
20:58:51.0823 5664 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:58:51.0854 5664 wudfsvc - ok
20:58:51.0854 5664 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:58:51.0886 5664 WwanSvc - ok
20:58:51.0901 5664 ================ Scan global ===============================
20:58:51.0901 5664 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:58:51.0917 5664 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:58:51.0932 5664 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:58:51.0948 5664 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:58:51.0964 5664 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:58:51.0964 5664 [Global] - ok
20:58:51.0964 5664 ================ Scan MBR ==================================
20:58:51.0964 5664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:58:52.0104 5664 \Device\Harddisk0\DR0 - ok
20:58:52.0104 5664 ================ Scan VBR ==================================
20:58:52.0104 5664 [ 672C82FFC3E383D8030F4F30483A10C7 ] \Device\Harddisk0\DR0\Partition1
20:58:52.0104 5664 \Device\Harddisk0\DR0\Partition1 - ok
20:58:52.0104 5664 [ AC5AB30E019751666E0B7E1E43201C45 ] \Device\Harddisk0\DR0\Partition2
20:58:52.0104 5664 \Device\Harddisk0\DR0\Partition2 - ok
20:58:52.0104 5664 ============================================================
20:58:52.0104 5664 Scan finished
20:58:52.0104 5664 ============================================================
20:58:52.0120 5656 Detected object count: 0
20:58:52.0120 5656 Actual detected object count: 0
|
|
03.01.2013, 18:59
| #11 | |
| /// Malware-holic | Computer ist gesperrt - GVU combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.01.2013, 19:28
| #12 |
| | Computer ist gesperrt - GVU Hallo Markus, anbei die Log Datei von ComboFix: Code:
ATTFilter ComboFix 13-01-03.05 - Andreas 03.01.2013 19:19:20.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2046.1219 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NVIDIA
c:\programdata\NVIDIA\NvApps.xml
c:\programdata\NVIDIA\NvStarted
c:\users\Public\sdelevURL.tmp
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-03 bis 2013-01-03 ))))))))))))))))))))))))))))))
.
.
2013-01-03 18:23 . 2013-01-03 18:24 -------- d-----w- c:\users\Andreas\AppData\Local\temp
2013-01-03 18:23 . 2013-01-03 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-02 19:57 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{318EAB13-BEB6-4EF5-9B26-C20BC0E7487D}\mpengine.dll
2012-12-28 18:09 . 2012-12-28 18:09 -------- d-----w- C:\_OTL
2012-12-28 16:40 . 2012-12-28 16:40 -------- d-----w- c:\users\Andreas\AppData\Local\Programs
2012-12-24 12:10 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-24 12:10 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-23 15:25 . 2012-12-23 15:25 -------- d-----w- c:\users\Andreas\AppData\Local\IsolatedStorage
2012-12-23 15:24 . 2012-12-23 15:25 -------- d-----w- c:\users\Andreas\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2012-02-18 22:10 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-10 20:59 . 2012-05-15 06:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-10 20:59 . 2011-10-03 19:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 07:39 . 2012-11-28 16:32 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-14 18:05 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 18:05 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-01 09:49 . 2012-11-01 09:48 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
.
c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 71062013
*Deregistered* - 71062013
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{02C08FDB-AB6C-4CBA-9A7B-D48547FBCB76}: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{02C08FDB-AB6C-4CBA-9A7B-D48547FBCB76}\246535: DhcpNameServer = 195.30.0.1 195.30.0.2
TCP: Interfaces\{02C08FDB-AB6C-4CBA-9A7B-D48547FBCB76}\64259445A51224F6870275C414E40233237303: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{02C08FDB-AB6C-4CBA-9A7B-D48547FBCB76}\64C4: DhcpNameServer = 192.168.2.1
DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} - hxxp://www.mediapromote.de/download/o2cplayerAC/o2cplayerac.cab
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\7la9zzwz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=86ac460f-9def-41c7-97a8-f4664ddeb3b0&apn_ptnrs=%5EABT&apn_sauid=0528A373-6525-4D6D-B3D6-B7BB53F5C7F9&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-WinSchafkopf XP - c:\windows\unin0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-03 19:25:29
ComboFix-quarantined-files.txt 2013-01-03 18:25
.
Vor Suchlauf: 7 Verzeichnis(se), 26.373.394.432 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 26.441.109.504 Bytes frei
.
- - End Of File - - 2382C6D9A662EA184F07E1F329434757
|
|
03.01.2013, 19:40
| #13 |
| /// Malware-holic | Computer ist gesperrt - GVU Hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.01.2013, 20:44
| #14 |
| | Computer ist gesperrt - GVU Hallo Markus, es wurden keine Funde entdeckt. Hier die log Datei: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.03.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Andreas :: AL [Administrator] 03.01.2013 20:02:39 mbam-log-2013-01-03 (20-02-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 329250 Laufzeit: 18 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
03.01.2013, 20:46
| #15 |
| /// Malware-holic | Computer ist gesperrt - GVU sehr gut. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Computer ist gesperrt - GVU |
| andere, community, compu, computer, entferne, gesperrt, gvu-trojaner, liebe, problem, schei, schädling |
Linear-Darstellung
