|
Plagegeister aller Art und deren Bekämpfung: Bundestrojaner/weißer Bildschirm Windows VistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.03.2013, 18:31 | #1 |
| Bundestrojaner/weißer Bildschirm Windows Vista Hallo zusammen, auch ich sitze gerade vor dem Laptop meiner Schwester, die sich wohl den Bundestrojaner eingefangen hat. Anfangs war wohl die Standardmeldung da "Bitte zahlen Sie XY Euro". Jetzt erscheint nach dem hochfahren nur noch ein weißer Bildschirm. Ich habe einen zweiten Laptop mit welchem ich gerade hier im Forum gestöbert habe aber auch im abgesicherten Modus kann ich auf dem "infiziertem Laptop" nichts installieren. Es ist mir also nicht möglich OTL zu installieren und den Inhalt aus OTL.txt und Extra.txt im Thread zu posten Könnt ihr mir helfen? Viele Grüße karunalovski |
03.03.2013, 19:43 | #2 |
/// Malware-holic | Bundestrojaner/weißer Bildschirm Windows Vista Hi,
__________________Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD. Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Bebilderte Anleitung: OTLpe-Scan
__________________ |
03.03.2013, 21:15 | #3 |
| Bundestrojaner/weißer Bildschirm Windows Vista Hallo und danke für die schnelle Hilfe. Bin schon bis zum REATOGO-X-PE gekommen, jedoch komme ich hier nicht so recht weiter. Ich starte OTLPE über das Icon. Dann jedoch steht da ich soll einen Ordner wählen. Die Fragen die oben stehen, die ich hätte mit "Yes" bestätigen sollen kommen leider nicht, auch keine Textbox. Was muss ich denn auswählen?
__________________ |
03.03.2013, 21:19 | #4 |
/// Malware-holic | Bundestrojaner/weißer Bildschirm Windows Vista Hi da müsste ein ordner Boot sein, aufklappen, da gibts dann windows, wenn nicht, alle nacheinander aufklappen, wenn du den dann hast, doppelklick, und los gehts
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.03.2013, 21:28 | #5 |
| Bundestrojaner/weißer Bildschirm Windows Vista Also ich finde Local Disk -> Boot mit ganz vielen Unterordnern (sieht nach Sprachabkürzungen aus) und Local Disc -> Windows -> Boot -> Hier gibt es die Unterordner Fonts, PCAT (wieder Länderkennungen) und PXE (auch Länderkennungen) musste mit OK bestätigen, ich habs danke ich versuch mich dann mal weiter nach der Anleitung zu hangeln ok, ich bin durch. Allerdings habe ich keinen Ordner, sondern nur eine .txt-Datei. Anbei der Code:OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/3/2013 9:40:24 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139.74 Gb Total Space | 76.23 Gb Free Space | 54.55% Space Free | Partition Type: NTFS Drive D: | 14.90 Gb Total Space | 12.86 Gb Free Space | 86.28% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (CLTNetCnService) SRV - [2013/02/12 04:04:12 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012/10/26 03:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012/03/28 02:47:11 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/03/20 04:16:08 | 000,247,872 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009/03/05 11:59:50 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2009/03/05 11:59:50 | 000,192,512 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009/03/05 11:59:50 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009/03/05 11:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2007/02/13 09:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007/01/24 09:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007/01/24 09:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2007/01/16 07:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007/01/16 07:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) SRV - [2007/01/16 07:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2007/01/10 09:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007/01/08 10:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) SRV - [2007/01/08 10:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2007/01/08 10:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2006/12/13 19:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/12/13 19:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/12/13 18:46:16 | 000,057,344 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2007/12/06 06:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007/06/14 08:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2007/02/07 22:53:57 | 000,807,424 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007/02/06 00:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2007/01/24 05:28:35 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007/01/12 00:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/01/10 06:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006/10/18 05:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sony: Community: Welcome to the Sony Community for Computing IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Patte_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\Patte_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\Patte_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Patte_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\Patte_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\Patte_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\Patte_ON_C..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION) O4 - Startup: Error locating startup folders. O7 - HKU\Patte_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.97 83.169.186.33 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\Patte_ON_C Winlogon: Shell - (C:\Users\Patte\AppData\Roaming\ldr.mcb) - C:\Users\Patte\AppData\Roaming\ldr.mcb () O20 - HKU\Patte_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - D:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 30 Days ========== [2013/02/18 08:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013/02/12 02:38:13 | 000,000,000 | ---D | C] -- C:\Users\Patte\Desktop\geburttag [2013/02/12 02:31:42 | 000,000,000 | ---D | C] -- C:\Users\Patte\Desktop\weihnachtensilvester ========== Files - Modified Within 30 Days ========== [2013/03/03 14:47:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/03 14:43:31 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/03 14:43:31 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/03 14:43:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/03 11:14:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/21 08:45:12 | 000,469,905 | ---- | M] () -- C:\Users\Patte\Desktop\geburtstag.jpg [2013/02/21 07:50:33 | 000,698,314 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/02/21 07:50:33 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/21 07:50:33 | 000,140,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/02/21 07:50:33 | 000,121,506 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/20 04:04:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/18 08:17:58 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013/02/18 08:17:58 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013/02/18 08:17:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013/02/18 08:17:48 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2013/02/15 09:15:17 | 000,055,296 | ---- | M] () -- C:\Users\Patte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/12 04:04:12 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/02/12 04:04:12 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013/02/21 07:48:52 | 000,469,905 | ---- | C] () -- C:\Users\Patte\Desktop\geburtstag.jpg [2013/02/05 03:19:54 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012/10/15 18:43:48 | 000,177,152 | ---- | C] () -- C:\Users\Patte\AppData\Roaming\ldr.mcb [2012/08/10 11:51:01 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.INI [2012/05/16 03:24:10 | 000,057,344 | ---- | C] () -- C:\ProgramData\fgnnfgoittfunznjzgtb.exe [2012/04/25 12:10:18 | 000,000,000 | ---- | C] () -- C:\Users\Patte\AppData\Roaming\wklnhst.dat [2012/03/27 02:23:25 | 000,055,296 | ---- | C] () -- C:\Users\Patte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/26 11:58:09 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2012/03/26 11:55:41 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2007/02/26 14:02:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll [2007/02/26 14:02:37 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007/02/26 14:02:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll [2007/02/26 14:02:36 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll [2007/02/26 11:03:44 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007/02/26 05:59:50 | 000,163,840 | ---- | C] () -- C:\Windows\System32\WLANDLL.DLL [2006/11/02 10:33:31 | 000,698,314 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006/11/02 10:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006/11/02 10:33:31 | 000,140,292 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006/11/02 10:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,305,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 000,656,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,121,506 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin ========== LOP Check ========== [2012/11/19 02:48:27 | 000,000,000 | ---D | M] -- C:\Users\Patte\AppData\Roaming\ICQ [2012/08/10 10:56:17 | 000,000,000 | ---D | M] -- C:\Users\Patte\AppData\Roaming\ICQ Search [2012/04/25 12:10:25 | 000,000,000 | ---D | M] -- C:\Users\Patte\AppData\Roaming\Template [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2012/04/03 15:52:02 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2012/08/10 10:55:49 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ [2012/05/16 03:24:10 | 000,000,000 | ---D | M] -- C:\ProgramData\qnfzpkxnoocftaj [2007/02/26 05:20:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2007/02/26 11:19:29 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2013/03/03 14:44:15 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/03/26 11:45:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2007/02/26 14:02:39 | 000,000,000 | -HSD | M] -- C:\Boot [2007/02/26 11:08:52 | 000,000,000 | ---D | M] -- C:\Documentation [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007/02/26 07:30:53 | 000,000,000 | ---D | M] -- C:\Drivers [2007/02/26 11:14:34 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013/02/22 07:55:30 | 000,000,000 | R--D | M] -- C:\Program Files [2012/08/10 10:55:47 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\Programme [2013/03/03 11:11:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013/01/10 07:55:45 | 000,000,000 | ---D | M] -- C:\Update [2012/03/26 11:45:00 | 000,000,000 | R--D | M] -- C:\Users [2013/03/03 11:25:24 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2012/03/28 02:28:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys [2012/03/28 02:28:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2012/03/28 02:28:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2012/03/28 02:28:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2012/03/28 02:27:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe [2012/03/28 02:27:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2012/03/28 02:27:44 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2012/03/28 02:27:44 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2012/03/28 02:54:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2012/03/28 02:54:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2012/03/28 02:27:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USER32.DLL > [2012/03/28 02:02:54 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\System32\user32.dll [2012/03/28 02:02:54 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2012/03/28 02:02:54 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008/01/19 02:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006/11/02 04:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: USERINIT.EXE > [2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006/11/02 03:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys [2006/11/02 03:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008/01/19 00:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007/02/26 14:02:21 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007/02/26 14:02:19 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007/02/26 14:02:21 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007/02/26 14:02:31 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007/02/26 14:02:34 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2006/11/02 04:46:04 | 000,139,264 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\fontext.dll [2012/03/28 03:01:05 | 006,067,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll [2012/03/28 03:00:56 | 000,268,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iertutil.dll [2006/11/02 04:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\psapi.dll [2012/03/28 02:32:10 | 011,315,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\shell32.dll Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < End of report > ok, ich bin durch. Allerdings habe ich keinen Ordner, sondern nur eine .txt-Datei. Anbei der Code:OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/3/2013 9:40:24 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139.74 Gb Total Space | 76.23 Gb Free Space | 54.55% Space Free | Partition Type: NTFS Drive D: | 14.90 Gb Total Space | 12.86 Gb Free Space | 86.28% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (CLTNetCnService) SRV - [2013/02/12 04:04:12 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012/10/26 03:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012/03/28 02:47:11 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/03/20 04:16:08 | 000,247,872 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009/03/05 11:59:50 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2009/03/05 11:59:50 | 000,192,512 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009/03/05 11:59:50 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009/03/05 11:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2007/02/13 09:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007/01/24 09:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007/01/24 09:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2007/01/16 07:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007/01/16 07:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) SRV - [2007/01/16 07:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2007/01/10 09:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007/01/08 10:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) SRV - [2007/01/08 10:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2007/01/08 10:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2006/12/13 19:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/12/13 19:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/12/13 18:46:16 | 000,057,344 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2007/12/06 06:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007/06/14 08:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2007/02/07 22:53:57 | 000,807,424 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007/02/06 00:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2007/01/24 05:28:35 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007/01/12 00:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/01/10 06:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006/10/18 05:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sony: Community: Welcome to the Sony Community for Computing IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Patte_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\Patte_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\Patte_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Patte_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\Patte_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\Patte_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\Patte_ON_C..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION) O4 - Startup: Error locating startup folders. O7 - HKU\Patte_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.97 83.169.186.33 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\Patte_ON_C Winlogon: Shell - (C:\Users\Patte\AppData\Roaming\ldr.mcb) - C:\Users\Patte\AppData\Roaming\ldr.mcb () O20 - HKU\Patte_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - D:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 30 Days ========== [2013/02/18 08:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013/02/12 02:38:13 | 000,000,000 | ---D | C] -- C:\Users\Patte\Desktop\geburttag [2013/02/12 02:31:42 | 000,000,000 | ---D | C] -- C:\Users\Patte\Desktop\weihnachtensilvester ========== Files - Modified Within 30 Days ========== [2013/03/03 14:47:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/03 14:43:31 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/03 14:43:31 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/03 14:43:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/03 11:14:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/21 08:45:12 | 000,469,905 | ---- | M] () -- C:\Users\Patte\Desktop\geburtstag.jpg [2013/02/21 07:50:33 | 000,698,314 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/02/21 07:50:33 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/21 07:50:33 | 000,140,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/02/21 07:50:33 | 000,121,506 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/20 04:04:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/18 08:17:58 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013/02/18 08:17:58 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013/02/18 08:17:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013/02/18 08:17:48 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2013/02/15 09:15:17 | 000,055,296 | ---- | M] () -- C:\Users\Patte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/12 04:04:12 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/02/12 04:04:12 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013/02/21 07:48:52 | 000,469,905 | ---- | C] () -- C:\Users\Patte\Desktop\geburtstag.jpg [2013/02/05 03:19:54 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012/10/15 18:43:48 | 000,177,152 | ---- | C] () -- C:\Users\Patte\AppData\Roaming\ldr.mcb [2012/08/10 11:51:01 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.INI [2012/05/16 03:24:10 | 000,057,344 | ---- | C] () -- C:\ProgramData\fgnnfgoittfunznjzgtb.exe [2012/04/25 12:10:18 | 000,000,000 | ---- | C] () -- C:\Users\Patte\AppData\Roaming\wklnhst.dat [2012/03/27 02:23:25 | 000,055,296 | ---- | C] () -- C:\Users\Patte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/26 11:58:09 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2012/03/26 11:55:41 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2007/02/26 14:02:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll [2007/02/26 14:02:37 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007/02/26 14:02:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll [2007/02/26 14:02:36 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll [2007/02/26 11:03:44 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007/02/26 05:59:50 | 000,163,840 | ---- | C] () -- C:\Windows\System32\WLANDLL.DLL [2006/11/02 10:33:31 | 000,698,314 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006/11/02 10:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006/11/02 10:33:31 | 000,140,292 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006/11/02 10:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,305,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 000,656,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,121,506 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin ========== LOP Check ========== [2012/11/19 02:48:27 | 000,000,000 | ---D | M] -- C:\Users\Patte\AppData\Roaming\ICQ [2012/08/10 10:56:17 | 000,000,000 | ---D | M] -- C:\Users\Patte\AppData\Roaming\ICQ Search [2012/04/25 12:10:25 | 000,000,000 | ---D | M] -- C:\Users\Patte\AppData\Roaming\Template [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2012/04/03 15:52:02 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2012/08/10 10:55:49 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ [2012/05/16 03:24:10 | 000,000,000 | ---D | M] -- C:\ProgramData\qnfzpkxnoocftaj [2007/02/26 05:20:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2007/02/26 11:19:29 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2013/03/03 14:44:15 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/03/26 11:45:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2007/02/26 14:02:39 | 000,000,000 | -HSD | M] -- C:\Boot [2007/02/26 11:08:52 | 000,000,000 | ---D | M] -- C:\Documentation [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007/02/26 07:30:53 | 000,000,000 | ---D | M] -- C:\Drivers [2007/02/26 11:14:34 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013/02/22 07:55:30 | 000,000,000 | R--D | M] -- C:\Program Files [2012/08/10 10:55:47 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007/02/26 05:12:20 | 000,000,000 | -HSD | M] -- C:\Programme [2013/03/03 11:11:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013/01/10 07:55:45 | 000,000,000 | ---D | M] -- C:\Update [2012/03/26 11:45:00 | 000,000,000 | R--D | M] -- C:\Users [2013/03/03 11:25:24 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2012/03/28 02:28:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys [2012/03/28 02:28:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2012/03/28 02:28:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2012/03/28 02:28:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2012/03/28 02:27:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe [2012/03/28 02:27:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2012/03/28 02:27:44 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2012/03/28 02:27:44 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2012/03/28 02:54:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2012/03/28 02:54:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2012/03/28 02:27:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USER32.DLL > [2012/03/28 02:02:54 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\System32\user32.dll [2012/03/28 02:02:54 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2012/03/28 02:02:54 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008/01/19 02:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006/11/02 04:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: USERINIT.EXE > [2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006/11/02 03:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys [2006/11/02 03:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008/01/19 00:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007/02/26 14:02:21 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007/02/26 14:02:19 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007/02/26 14:02:21 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007/02/26 14:02:31 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007/02/26 14:02:34 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2006/11/02 04:46:04 | 000,139,264 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\fontext.dll [2012/03/28 03:01:05 | 006,067,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll [2012/03/28 03:00:56 | 000,268,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iertutil.dll [2006/11/02 04:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\psapi.dll [2012/03/28 02:32:10 | 011,315,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\shell32.dll Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < End of report > Oder muss ich jetzt einen extra Beitrag unter Log-Analyse und Auswertung eröffnen? Geändert von karunalovski (03.03.2013 um 21:33 Uhr) |
04.03.2013, 20:34 | #6 |
/// Malware-holic | Bundestrojaner/weißer Bildschirm Windows Vista hi auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL O20 - HKU\Patte_ON_C Winlogon: Shell - (C:\Users\Patte\AppData\Roaming\ldr.mcb) - C:\Users\Patte\AppData\Roaming\ldr.mcb () :Files :Commands [EMPTYFLASH] [emptytemp] dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ --> Bundestrojaner/weißer Bildschirm Windows Vista |
05.03.2013, 20:43 | #7 |
/// Malware-holic | Bundestrojaner/weißer Bildschirm Windows Vista danke fürs hochladen. wenn du wieder normal starten kannst: Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.03.2013, 20:47 | #8 |
| Bundestrojaner/weißer Bildschirm Windows Vista Huhu, hab alles gemacht was du geschrieben hast. Auch die Datei habe ich hochgeladen. Allerdings bin ich mir nicht sicher, ob beim zippen alles gut gegangen ist, da das Kaspersky auf meinem "nicht infizierten Laptop" beim verpacken ne Meldung (trojanisches Pferd) ausgespuckt hat. Den ursprünglich infizierten Rechner konnte ich jetzt normal hochfahren. Ich sehe den normalen Bildschirm mit all den ursprünglichen Daten. Traue mich allerdings nicht was zu machen Man bin ich aufgeregt Wie geht es denn jetzt weiter? Und macht es Sinn das ich jetzt schonmal auch Kaspersky auf diesem Laptop installiere? Achso, und falls ich da oben zu geheime Daten gepostet habe, könnt ihr das vielleicht wieder löschen? ok, habe die Datei runtergeladen und durchlaufen lassen wie beschrieben. Zeigt mir jetzt ne Meldung "Threads detected" - Da stehen mehrere Sachen aufgelistet "Unsignet file" - Soll ich dir schreiben was da unter "Service" steht? Oder wie genau schicke ich dir das jetzt? Ich sollte lesen, bevor ich frage, sorry Hier der File: 20:56:50.0633 1264 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:56:50.0826 1264 ============================================================ 20:56:50.0826 1264 Current date / time: 2013/03/05 20:56:50.0826 20:56:50.0826 1264 SystemInfo: 20:56:50.0826 1264 20:56:50.0826 1264 OS Version: 6.0.6000 ServicePack: 0.0 20:56:50.0826 1264 Product type: Workstation 20:56:50.0826 1264 ComputerName: PATRIK 20:56:50.0827 1264 UserName: Patte 20:56:50.0827 1264 Windows directory: C:\Windows 20:56:50.0827 1264 System windows directory: C:\Windows 20:56:50.0827 1264 Processor architecture: Intel x86 20:56:50.0827 1264 Number of processors: 2 20:56:50.0827 1264 Page size: 0x1000 20:56:50.0827 1264 Boot type: Normal boot 20:56:50.0827 1264 ============================================================ 20:56:58.0842 1264 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:56:58.0848 1264 ============================================================ 20:56:58.0848 1264 \Device\Harddisk0\DR0: 20:56:58.0860 1264 MBR partitions: 20:56:58.0860 1264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12A0800, BlocksNum 0x11778800 20:56:58.0860 1264 ============================================================ 20:56:58.0889 1264 C: <-> \Device\Harddisk0\DR0\Partition1 20:56:58.0889 1264 ============================================================ 20:56:58.0889 1264 Initialize success 20:56:58.0889 1264 ============================================================ 20:58:14.0892 4016 ============================================================ 20:58:14.0893 4016 Scan started 20:58:14.0893 4016 Mode: Manual; SigCheck; TDLFS; 20:58:14.0893 4016 ============================================================ 20:58:42.0647 4016 ================ Scan system memory ======================== 20:58:42.0647 4016 System memory - ok 20:58:42.0648 4016 ================ Scan services ============================= 20:58:46.0309 4016 [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI C:\Windows\system32\drivers\acpi.sys 20:58:46.0472 4016 ACPI - ok 20:58:47.0003 4016 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 20:58:47.0136 4016 AdobeFlashPlayerUpdateSvc - ok 20:58:47.0312 4016 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:58:47.0450 4016 adp94xx - ok 20:58:47.0532 4016 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:58:47.0578 4016 adpahci - ok 20:58:47.0660 4016 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 20:58:47.0672 4016 adpu160m - ok 20:58:47.0733 4016 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:58:47.0747 4016 adpu320 - ok 20:58:47.0815 4016 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:58:49.0511 4016 AeLookupSvc - ok 20:58:49.0571 4016 [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD C:\Windows\system32\drivers\afd.sys 20:58:49.0685 4016 AFD - ok 20:58:49.0747 4016 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:58:49.0758 4016 agp440 - ok 20:58:49.0795 4016 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 20:58:49.0807 4016 aic78xx - ok 20:58:49.0847 4016 [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG C:\Windows\System32\alg.exe 20:58:49.0912 4016 ALG - ok 20:58:49.0920 4016 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys 20:58:49.0933 4016 aliide - ok 20:58:49.0941 4016 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 20:58:49.0954 4016 amdagp - ok 20:58:49.0962 4016 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys 20:58:49.0974 4016 amdide - ok 20:58:49.0986 4016 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 20:58:50.0055 4016 AmdK7 - ok 20:58:50.0070 4016 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:58:50.0129 4016 AmdK8 - ok 20:58:50.0293 4016 [ 7C2F57BCE81FA74933F0E1C84A97C9DB ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 20:58:50.0339 4016 ApfiltrService - ok 20:58:50.0387 4016 [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo C:\Windows\System32\appinfo.dll 20:58:50.0466 4016 Appinfo - ok 20:58:50.0514 4016 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 20:58:50.0537 4016 arc - ok 20:58:50.0605 4016 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:58:50.0617 4016 arcsas - ok 20:58:50.0661 4016 [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:58:50.0718 4016 AsyncMac - ok 20:58:50.0808 4016 [ B35CFCEF838382AB6490B321C87EDF17 ] atapi C:\Windows\system32\drivers\atapi.sys 20:58:50.0818 4016 atapi - ok 20:58:50.0891 4016 [ FA4E39B289D3A9606F03C90A933B2B1F ] athr C:\Windows\system32\DRIVERS\athr.sys 20:58:50.0988 4016 athr - ok 20:58:51.0056 4016 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:58:51.0142 4016 AudioEndpointBuilder - ok 20:58:51.0245 4016 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 20:58:51.0304 4016 Audiosrv - ok 20:58:51.0439 4016 [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep C:\Windows\system32\drivers\Beep.sys 20:58:51.0541 4016 Beep - ok 20:58:51.0753 4016 [ 98EBDFFB824A7C265337D68DD480E45C ] BFE C:\Windows\System32\bfe.dll 20:58:51.0921 4016 BFE - ok 20:58:52.0142 4016 [ DA551697E34D2B9943C8B1C8EAFFE89A ] BITS C:\Windows\System32\qmgr.dll 20:58:52.0199 4016 BITS - ok 20:58:52.0206 4016 blbdrive - ok 20:58:52.0246 4016 [ 913CD06FBE9105CE6077E90FD4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:58:52.0322 4016 bowser - ok 20:58:52.0361 4016 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 20:58:52.0403 4016 BrFiltLo - ok 20:58:52.0444 4016 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 20:58:52.0475 4016 BrFiltUp - ok 20:58:52.0524 4016 [ BEB6470532B7461D7BB426E3FACB424F ] Browser C:\Windows\System32\browser.dll 20:58:52.0610 4016 Browser - ok 20:58:52.0660 4016 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 20:58:52.0744 4016 Brserid - ok 20:58:52.0820 4016 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 20:58:52.0877 4016 BrSerWdm - ok 20:58:52.0904 4016 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 20:58:52.0978 4016 BrUsbMdm - ok 20:58:52.0989 4016 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 20:58:53.0048 4016 BrUsbSer - ok 20:58:53.0102 4016 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:58:53.0183 4016 BTHMODEM - ok 20:58:53.0282 4016 [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:58:53.0358 4016 cdfs - ok 20:58:53.0375 4016 [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:58:53.0450 4016 cdrom - ok 20:58:53.0528 4016 [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc C:\Windows\System32\certprop.dll 20:58:53.0604 4016 CertPropSvc - ok 20:58:53.0664 4016 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 20:58:53.0720 4016 circlass - ok 20:58:53.0781 4016 [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS C:\Windows\system32\CLFS.sys 20:58:53.0798 4016 CLFS - ok 20:58:53.0907 4016 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:58:53.0921 4016 clr_optimization_v2.0.50727_32 - ok 20:58:54.0087 4016 CLTNetCnService - ok 20:58:54.0134 4016 [ ED97AD3DF1B9005989EAF149BF06C821 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:58:54.0169 4016 CmBatt - ok 20:58:54.0258 4016 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:58:54.0281 4016 cmdide - ok 20:58:54.0349 4016 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:58:54.0359 4016 Compbatt - ok 20:58:54.0366 4016 COMSysApp - ok 20:58:54.0381 4016 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:58:54.0391 4016 crcdisk - ok 20:58:54.0418 4016 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 20:58:54.0475 4016 Crusoe - ok 20:58:54.0543 4016 [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:58:54.0608 4016 CryptSvc - ok 20:58:54.0719 4016 [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch C:\Windows\system32\rpcss.dll 20:58:54.0830 4016 DcomLaunch - ok 20:58:54.0885 4016 [ A7179DE59AE269AB70345527894CCD7C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:58:54.0975 4016 DfsC - ok 20:58:55.0180 4016 [ E0D584AA76C7D845BA9F3A788260528F ] DFSR C:\Windows\system32\DFSR.exe 20:58:55.0303 4016 DFSR - ok 20:58:55.0376 4016 [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 20:58:55.0433 4016 Dhcp - ok 20:58:55.0543 4016 [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk C:\Windows\system32\drivers\disk.sys 20:58:55.0554 4016 disk - ok 20:58:55.0642 4016 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys 20:58:55.0651 4016 DMICall - ok 20:58:55.0692 4016 [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:58:55.0733 4016 Dnscache - ok 20:58:55.0811 4016 [ 1F795D214820E496BF1124434A6DB546 ] dot3svc C:\Windows\System32\dot3svc.dll 20:58:55.0890 4016 dot3svc - ok 20:58:55.0938 4016 [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS C:\Windows\system32\dps.dll 20:58:55.0991 4016 DPS - ok 20:58:56.0036 4016 [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:58:56.0119 4016 drmkaud - ok 20:58:56.0240 4016 [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:58:56.0292 4016 DXGKrnl - ok 20:58:56.0348 4016 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 20:58:56.0410 4016 E1G60 - ok 20:58:56.0462 4016 [ 90A0A875642E18618010645311B4E89E ] EapHost C:\Windows\System32\eapsvc.dll 20:58:56.0537 4016 EapHost - ok 20:58:56.0725 4016 [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache C:\Windows\system32\drivers\ecache.sys 20:58:56.0739 4016 Ecache - ok 20:58:56.0880 4016 [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:58:56.0940 4016 ehRecvr - ok 20:58:56.0995 4016 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 20:58:57.0036 4016 ehSched - ok 20:58:57.0070 4016 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 20:58:57.0105 4016 ehstart - ok 20:58:57.0355 4016 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:58:57.0375 4016 elxstor - ok 20:58:57.0431 4016 [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt C:\Windows\system32\emdmgmt.dll 20:58:57.0555 4016 EMDMgmt - ok 20:58:57.0700 4016 [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem C:\Windows\system32\es.dll 20:58:57.0747 4016 EventSystem - ok 20:58:57.0812 4016 [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:58:57.0888 4016 fastfat - ok 20:58:57.0941 4016 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:58:58.0023 4016 fdc - ok 20:58:58.0069 4016 [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost C:\Windows\system32\fdPHost.dll 20:58:58.0127 4016 fdPHost - ok 20:58:58.0170 4016 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 20:58:58.0242 4016 FDResPub - ok 20:58:58.0285 4016 [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:58:58.0296 4016 FileInfo - ok 20:58:58.0352 4016 [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:58:58.0436 4016 Filetrace - ok 20:58:58.0467 4016 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:58:58.0545 4016 flpydisk - ok 20:58:58.0564 4016 [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:58:58.0578 4016 FltMgr - ok 20:58:58.0658 4016 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:58:58.0667 4016 FontCache3.0.0.0 - ok 20:58:58.0771 4016 [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:58:58.0818 4016 Fs_Rec - ok 20:58:58.0844 4016 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:58:58.0856 4016 gagp30kx - ok 20:58:58.0925 4016 [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc C:\Windows\System32\gpsvc.dll 20:58:59.0094 4016 gpsvc - ok 20:58:59.0175 4016 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 20:58:59.0186 4016 gupdate - ok 20:58:59.0193 4016 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 20:58:59.0206 4016 gupdatem - ok 20:58:59.0288 4016 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 20:58:59.0302 4016 gusvc - ok 20:58:59.0436 4016 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:58:59.0513 4016 HdAudAddService - ok 20:58:59.0581 4016 [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:58:59.0667 4016 HDAudBus - ok 20:58:59.0691 4016 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:58:59.0745 4016 HidBth - ok 20:58:59.0792 4016 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 20:58:59.0871 4016 HidIr - ok 20:58:59.0959 4016 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll 20:59:00.0036 4016 hidserv - ok 20:59:00.0078 4016 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:59:00.0132 4016 HidUsb - ok 20:59:00.0180 4016 [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc C:\Windows\system32\kmsvc.dll 20:59:00.0262 4016 hkmsvc - ok 20:59:00.0397 4016 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 20:59:00.0408 4016 HpCISSs - ok 20:59:00.0584 4016 [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 20:59:00.0798 4016 HSF_DPV - ok 20:59:00.0837 4016 [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 20:59:00.0852 4016 HSXHWAZL - ok 20:59:01.0119 4016 [ EA24FE637D974A8A31BC650F478E3533 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:59:01.0213 4016 HTTP - ok 20:59:01.0274 4016 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 20:59:01.0405 4016 i2omp - ok 20:59:01.0455 4016 [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:59:01.0490 4016 i8042prt - ok 20:59:01.0545 4016 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 20:59:01.0562 4016 iaStorV - ok 20:59:01.0736 4016 [ 9AC1E19D77BA038F24E2FAB5D95F70D3 ] ICQ Service C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE 20:59:01.0748 4016 ICQ Service - ok 20:59:01.0866 4016 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 20:59:01.0890 4016 IDriverT ( UnsignedFile.Multi.Generic ) - warning 20:59:01.0891 4016 IDriverT - detected UnsignedFile.Multi.Generic (1) 20:59:02.0047 4016 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:59:02.0089 4016 idsvc - ok 20:59:02.0176 4016 [ A4FBA5B34E69E46315A7C5223A470A17 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 20:59:02.0505 4016 igfx - ok 20:59:02.0536 4016 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:59:02.0546 4016 iirsp - ok 20:59:02.0669 4016 [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT C:\Windows\System32\ikeext.dll 20:59:02.0763 4016 IKEEXT - ok 20:59:02.0963 4016 [ C61B3B87F3856CEF0C9F204028C6860D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 20:59:03.0108 4016 IntcAzAudAddService - ok 20:59:03.0192 4016 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys 20:59:03.0201 4016 intelide - ok 20:59:03.0245 4016 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:59:03.0299 4016 intelppm - ok 20:59:03.0360 4016 [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:59:03.0461 4016 IPBusEnum - ok 20:59:03.0499 4016 [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:59:03.0556 4016 IpFilterDriver - ok 20:59:03.0690 4016 [ ECC9AD72CFC4AB41CF6A9BCC11F9FEF6 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:59:03.0751 4016 iphlpsvc - ok 20:59:03.0758 4016 IpInIp - ok 20:59:03.0769 4016 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 20:59:03.0844 4016 IPMIDRV - ok 20:59:03.0866 4016 [ 10077C35845101548037DF04FD1A420B ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 20:59:03.0940 4016 IPNAT - ok 20:59:03.0988 4016 [ A82F328F4792304184642D6D397BB1E3 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:59:04.0062 4016 IRENUM - ok 20:59:04.0099 4016 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:59:04.0109 4016 isapnp - ok 20:59:04.0181 4016 [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 20:59:04.0194 4016 iScsiPrt - ok 20:59:04.0201 4016 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 20:59:04.0212 4016 iteatapi - ok 20:59:04.0263 4016 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 20:59:04.0274 4016 iteraid - ok 20:59:04.0335 4016 [ B076B2AB806B3F696DAB21375389101C ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:59:04.0353 4016 kbdclass - ok 20:59:04.0360 4016 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 20:59:04.0416 4016 kbdhid - ok 20:59:04.0458 4016 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso C:\Windows\system32\lsass.exe 20:59:04.0502 4016 KeyIso - ok 20:59:04.0546 4016 [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:59:04.0571 4016 KSecDD - ok 20:59:04.0782 4016 [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm C:\Windows\system32\msdtckrm.dll 20:59:04.0952 4016 KtmRm - ok 20:59:05.0009 4016 [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer C:\Windows\system32\srvsvc.dll 20:59:05.0184 4016 LanmanServer - ok 20:59:05.0650 4016 [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:59:05.0699 4016 LanmanWorkstation - ok 20:59:05.0819 4016 [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:59:05.0913 4016 lltdio - ok 20:59:05.0972 4016 [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:59:06.0101 4016 lltdsvc - ok 20:59:06.0140 4016 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:59:06.0195 4016 lmhosts - ok 20:59:06.0238 4016 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:59:06.0248 4016 LSI_FC - ok 20:59:06.0256 4016 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:59:06.0267 4016 LSI_SAS - ok 20:59:06.0285 4016 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:59:06.0296 4016 LSI_SCSI - ok 20:59:06.0334 4016 [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv C:\Windows\system32\drivers\luafv.sys 20:59:06.0412 4016 luafv - ok 20:59:06.0575 4016 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe 20:59:06.0590 4016 McComponentHostService - ok 20:59:06.0646 4016 [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:59:06.0664 4016 Mcx2Svc - ok 20:59:06.0741 4016 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 20:59:06.0772 4016 mdmxsdk - ok 20:59:06.0828 4016 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 20:59:06.0837 4016 megasas - ok 20:59:06.0886 4016 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS C:\Windows\system32\mmcss.dll 20:59:06.0965 4016 MMCSS - ok 20:59:06.0986 4016 [ 21755967298A46FB6ADFEC9DB6012211 ] Modem C:\Windows\system32\drivers\modem.sys 20:59:07.0042 4016 Modem - ok 20:59:07.0076 4016 [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:59:07.0106 4016 monitor - ok 20:59:07.0140 4016 [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:59:07.0151 4016 mouclass - ok 20:59:07.0188 4016 [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:59:07.0223 4016 mouhid - ok 20:59:07.0257 4016 [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 20:59:07.0267 4016 MountMgr - ok 20:59:07.0317 4016 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 20:59:07.0333 4016 mpio - ok 20:59:07.0379 4016 [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:59:07.0428 4016 mpsdrv - ok 20:59:07.0474 4016 [ 563ED845885C6A7C09A7715D8BD0585C ] MpsSvc C:\Windows\system32\mpssvc.dll 20:59:07.0538 4016 MpsSvc - ok 20:59:07.0567 4016 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 20:59:07.0599 4016 Mraid35x - ok 20:59:07.0660 4016 [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:59:07.0695 4016 MRxDAV - ok 20:59:07.0755 4016 [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:59:07.0872 4016 mrxsmb - ok 20:59:08.0150 4016 [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:59:08.0246 4016 mrxsmb10 - ok 20:59:08.0270 4016 [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:59:08.0558 4016 mrxsmb20 - ok 20:59:08.0725 4016 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys 20:59:08.0888 4016 msahci - ok 20:59:09.0199 4016 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe 20:59:09.0230 4016 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning 20:59:09.0231 4016 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1) 20:59:09.0262 4016 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:59:09.0293 4016 msdsm - ok 20:59:09.0319 4016 [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC C:\Windows\System32\msdtc.exe 20:59:09.0354 4016 MSDTC - ok 20:59:09.0384 4016 [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:59:09.0476 4016 Msfs - ok 20:59:09.0571 4016 [ 5F454A16A5146CD91A176D70F0CFA3EC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:59:09.0580 4016 msisadrv - ok 20:59:09.0620 4016 [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:59:09.0705 4016 MSiSCSI - ok 20:59:09.0712 4016 msiserver - ok 20:59:09.0749 4016 [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:59:09.0824 4016 MSKSSRV - ok 20:59:09.0831 4016 [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:59:09.0927 4016 MSPCLOCK - ok 20:59:10.0149 4016 [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:59:10.0483 4016 MSPQM - ok 20:59:10.0841 4016 [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:59:10.0993 4016 MsRPC - ok 20:59:11.0117 4016 [ 4385C80EDE885E25492D408CAD91BD6F ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:59:11.0126 4016 mssmbios - ok 20:59:11.0659 4016 MSSQL$VAIO_VEDB - ok 20:59:11.0835 4016 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 20:59:11.0862 4016 MSSQLServerADHelper - ok 20:59:11.0892 4016 [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:59:11.0970 4016 MSTEE - ok 20:59:11.0997 4016 [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup C:\Windows\system32\Drivers\mup.sys 20:59:12.0008 4016 Mup - ok 20:59:12.0078 4016 [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent C:\Windows\system32\qagentRT.dll 20:59:12.0154 4016 napagent - ok 20:59:12.0193 4016 [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:59:12.0242 4016 NativeWifiP - ok 20:59:12.0368 4016 [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS C:\Windows\system32\drivers\ndis.sys 20:59:12.0410 4016 NDIS - ok 20:59:12.0438 4016 [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:59:12.0475 4016 NdisTapi - ok 20:59:12.0510 4016 [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:59:12.0595 4016 Ndisuio - ok 20:59:12.0611 4016 [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:59:12.0667 4016 NdisWan - ok 20:59:12.0699 4016 [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:59:12.0747 4016 NDProxy - ok 20:59:12.0821 4016 [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:59:12.0911 4016 NetBIOS - ok 20:59:12.0931 4016 [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 20:59:13.0028 4016 netbt - ok 20:59:13.0080 4016 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon C:\Windows\system32\lsass.exe 20:59:13.0093 4016 Netlogon - ok 20:59:13.0222 4016 [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman C:\Windows\System32\netman.dll 20:59:13.0429 4016 Netman - ok 20:59:13.0494 4016 [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm C:\Windows\System32\netprofm.dll 20:59:13.0600 4016 netprofm - ok 20:59:13.0721 4016 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:59:13.0734 4016 NetTcpPortSharing - ok 20:59:14.0043 4016 [ ACC6170D80C69E50145B370023B64ED3 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 20:59:14.0207 4016 NETw3v32 - ok 20:59:14.0301 4016 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:59:14.0312 4016 nfrd960 - ok 20:59:14.0543 4016 [ C424117A562F2DE37A42266894C79AEB ] NlaSvc C:\Windows\System32\nlasvc.dll 20:59:14.0606 4016 NlaSvc - ok 20:59:14.0644 4016 [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:59:14.0713 4016 Npfs - ok 20:59:14.0797 4016 [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi C:\Windows\system32\nsisvc.dll 20:59:14.0884 4016 nsi - ok 20:59:14.0956 4016 [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:59:15.0050 4016 nsiproxy - ok 20:59:15.0162 4016 [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:59:15.0223 4016 Ntfs - ok 20:59:15.0306 4016 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 20:59:15.0399 4016 ntrigdigi - ok 20:59:15.0447 4016 [ EC5EFB3C60F1B624648344A328BCE596 ] Null C:\Windows\system32\drivers\Null.sys 20:59:15.0528 4016 Null - ok 20:59:15.0590 4016 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:59:15.0604 4016 nvraid - ok 20:59:15.0647 4016 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:59:15.0658 4016 nvstor - ok 20:59:15.0670 4016 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:59:15.0683 4016 nv_agp - ok 20:59:15.0690 4016 NwlnkFlt - ok 20:59:15.0702 4016 NwlnkFwd - ok 20:59:15.0850 4016 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:59:15.0874 4016 odserv - ok 20:59:15.0907 4016 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 20:59:16.0017 4016 ohci1394 - ok 20:59:16.0280 4016 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:59:16.0292 4016 ose - ok 20:59:16.0573 4016 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc C:\Windows\system32\p2psvc.dll 20:59:16.0855 4016 p2pimsvc - ok 20:59:17.0149 4016 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc C:\Windows\system32\p2psvc.dll 20:59:17.0279 4016 p2psvc - ok 20:59:17.0524 4016 [ AFF9A1986555E4592DE8092F9A5FA2D2 ] PAC7302 C:\Windows\system32\DRIVERS\PAC7302.SYS 20:59:17.0596 4016 PAC7302 - ok 20:59:17.0640 4016 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe 20:59:17.0715 4016 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning 20:59:17.0715 4016 PACSPTISVR - detected UnsignedFile.Multi.Generic (1) 20:59:17.0765 4016 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 20:59:17.0854 4016 Parport - ok 20:59:17.0901 4016 [ 555A5B2C8022983BC7467BC925B222EE ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:59:17.0923 4016 partmgr - ok 20:59:17.0999 4016 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 20:59:18.0059 4016 Parvdm - ok 20:59:18.0737 4016 [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:59:18.0789 4016 PcaSvc - ok 20:59:18.0938 4016 [ 1085D75657807E0E8B32F9E19A1647C3 ] pci C:\Windows\system32\drivers\pci.sys 20:59:19.0193 4016 pci - ok 20:59:19.0280 4016 [ CABA65E9C41CD2900D4C92D4F825C5F8 ] pciide C:\Windows\system32\DRIVERS\pciide.sys 20:59:19.0293 4016 pciide - ok 20:59:19.0755 4016 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 20:59:19.0903 4016 pcmcia - ok 20:59:20.0127 4016 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:59:20.0619 4016 PEAUTH - ok 20:59:21.0857 4016 [ CD05A38D166BEADE18030BAFC0C0A939 ] pla C:\Windows\system32\pla.dll 20:59:22.0642 4016 pla - ok 20:59:22.0848 4016 [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:59:22.0995 4016 PlugPlay - ok 20:59:23.0130 4016 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 20:59:23.0194 4016 PNRPAutoReg - ok 20:59:23.0616 4016 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc C:\Windows\system32\p2psvc.dll 20:59:23.0779 4016 PNRPsvc - ok 20:59:23.0906 4016 [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:59:24.0363 4016 PolicyAgent - ok 20:59:24.0470 4016 [ 6C359AC71D7B550A0D41F9DB4563CE05 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:59:24.0548 4016 PptpMiniport - ok 20:59:24.0633 4016 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 20:59:24.0760 4016 Processor - ok 20:59:24.0852 4016 [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc C:\Windows\system32\profsvc.dll 20:59:24.0942 4016 ProfSvc - ok 20:59:25.0013 4016 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:59:25.0027 4016 ProtectedStorage - ok 20:59:25.0538 4016 [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched C:\Windows\system32\DRIVERS\pacer.sys 20:59:25.0698 4016 PSched - ok 20:59:26.0466 4016 [ 59464C712C8C75E4513064F5A485582F ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 20:59:26.0477 4016 PxHelp20 - ok 20:59:27.0534 4016 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:59:27.0919 4016 ql2300 - ok 20:59:27.0972 4016 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:59:27.0986 4016 ql40xx - ok 20:59:28.0191 4016 [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE C:\Windows\system32\qwave.dll 20:59:28.0285 4016 QWAVE - ok 20:59:28.0326 4016 [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:59:28.0368 4016 QWAVEdrv - ok 20:59:28.0438 4016 [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:59:28.0532 4016 RasAcd - ok 20:59:28.0581 4016 [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto C:\Windows\System32\rasauto.dll 20:59:28.0649 4016 RasAuto - ok 20:59:28.0726 4016 [ 88587DD843E2059848995B407B67F6CF ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:59:28.0811 4016 Rasl2tp - ok 20:59:28.0941 4016 [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan C:\Windows\System32\rasmans.dll 20:59:29.0015 4016 RasMan - ok 20:59:29.0056 4016 [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:59:29.0115 4016 RasPppoe - ok 20:59:29.0155 4016 [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:59:29.0252 4016 rdbss - ok 20:59:29.0282 4016 [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:59:29.0363 4016 RDPCDD - ok 20:59:29.0409 4016 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 20:59:29.0496 4016 rdpdr - ok 20:59:29.0505 4016 [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:59:29.0587 4016 RDPENCDD - ok 20:59:29.0611 4016 [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:59:29.0697 4016 RDPWD - ok 20:59:29.0756 4016 [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess C:\Windows\System32\mprdim.dll 20:59:29.0820 4016 RemoteAccess - ok 20:59:29.0875 4016 [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:59:29.0972 4016 RemoteRegistry - ok 20:59:30.0025 4016 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 20:59:30.0061 4016 RpcLocator - ok 20:59:30.0141 4016 [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs C:\Windows\system32\rpcss.dll 20:59:30.0168 4016 RpcSs - ok 20:59:30.0244 4016 [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:59:30.0374 4016 rspndr - ok 20:59:30.0413 4016 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs C:\Windows\system32\lsass.exe 20:59:30.0427 4016 SamSs - ok 20:59:30.0467 4016 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:59:30.0532 4016 sbp2port - ok 20:59:30.0594 4016 [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:59:30.0695 4016 SCardSvr - ok 20:59:30.0754 4016 [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule C:\Windows\system32\schedsvc.dll 20:59:30.0843 4016 Schedule - ok 20:59:30.0873 4016 [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc C:\Windows\System32\certprop.dll 20:59:30.0935 4016 SCPolicySvc - ok 20:59:31.0021 4016 [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:59:31.0089 4016 SDRSVC - ok 20:59:31.0146 4016 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:59:31.0226 4016 secdrv - ok 20:59:31.0245 4016 [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon C:\Windows\system32\seclogon.dll 20:59:31.0336 4016 seclogon - ok 20:59:31.0384 4016 [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS C:\Windows\System32\sens.dll 20:59:31.0453 4016 SENS - ok 20:59:31.0486 4016 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 20:59:31.0550 4016 Serenum - ok 20:59:31.0573 4016 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 20:59:31.0663 4016 Serial - ok 20:59:31.0671 4016 [ FD06895F55C0BEC3CBD84BDA14E1C6B7 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:59:31.0755 4016 sermouse - ok 20:59:31.0812 4016 [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv C:\Windows\system32\sessenv.dll 20:59:31.0904 4016 SessionEnv - ok 20:59:31.0992 4016 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:59:32.0104 4016 sffdisk - ok 20:59:32.0138 4016 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:59:32.0251 4016 sffp_mmc - ok 20:59:32.0295 4016 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:59:32.0361 4016 sffp_sd - ok 20:59:32.0368 4016 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:59:32.0456 4016 sfloppy - ok 20:59:32.0579 4016 [ 9A82BF4C90B00A63150A606A1E2FD82B ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:59:32.0620 4016 SharedAccess - ok 20:59:32.0676 4016 [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:59:32.0729 4016 ShellHWDetection - ok 20:59:32.0787 4016 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys 20:59:32.0807 4016 sisagp - ok 20:59:32.0822 4016 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 20:59:32.0833 4016 SiSRaid2 - ok 20:59:33.0869 4016 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:59:33.0887 4016 SiSRaid4 - ok 20:59:34.0352 4016 [ A1DCD30534835CB67733AD00175125A6 ] slsvc C:\Windows\system32\SLsvc.exe 20:59:34.0945 4016 slsvc - ok 20:59:35.0017 4016 [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify C:\Windows\system32\SLUINotify.dll 20:59:35.0338 4016 SLUINotify - ok 20:59:35.0397 4016 [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:59:35.0491 4016 Smb - ok 20:59:35.0575 4016 [ DB31D8989B3450569C29780E7FA98C48 ] SNC C:\Windows\system32\Drivers\SonyNC.sys 20:59:35.0662 4016 SNC - ok 20:59:35.0706 4016 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:59:35.0728 4016 SNMPTRAP - ok 20:59:35.0880 4016 [ 86DA2BEFB800D726FEA98A539606553C ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe 20:59:35.0892 4016 SonicStage Back-End Service - ok 20:59:35.0990 4016 [ 426F9B029AA9162CECCF65369457D046 ] spldr C:\Windows\system32\drivers\spldr.sys 20:59:36.0006 4016 spldr - ok 20:59:36.0059 4016 [ DA612EF2556776DF2630B68BF2D48935 ] Spooler C:\Windows\System32\spoolsv.exe 20:59:36.0079 4016 Spooler - ok 20:59:36.0148 4016 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe 20:59:36.0208 4016 SPTISRV ( UnsignedFile.Multi.Generic ) - warning 20:59:36.0208 4016 SPTISRV - detected UnsignedFile.Multi.Generic (1) 20:59:36.0327 4016 [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 20:59:36.0360 4016 SQLBrowser - ok 20:59:36.0398 4016 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 20:59:36.0433 4016 SQLWriter - ok 20:59:36.0507 4016 [ 038579C35F7CAD4A4BBF735DBF83277D ] srv C:\Windows\system32\DRIVERS\srv.sys 20:59:36.0594 4016 srv - ok 20:59:36.0646 4016 [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:59:36.0739 4016 srv2 - ok 20:59:36.0797 4016 [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:59:36.0843 4016 srvnet - ok 20:59:36.0885 4016 [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:59:36.0943 4016 SSDPSRV - ok 20:59:37.0029 4016 [ 6EB13F919D22D5056B4FB66AA3BB497A ] SSScsiSV C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe 20:59:37.0064 4016 SSScsiSV - ok 20:59:37.0207 4016 [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc C:\Windows\System32\wiaservc.dll 20:59:37.0326 4016 stisvc - ok 20:59:37.0360 4016 [ 1379BDB336F8158C176A465E30759F57 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:59:37.0372 4016 swenum - ok 20:59:37.0502 4016 [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv C:\Windows\System32\swprv.dll 20:59:38.0066 4016 swprv - ok 20:59:38.0095 4016 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 20:59:38.0161 4016 Symc8xx - ok 20:59:38.0242 4016 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 20:59:38.0305 4016 Sym_hi - ok 20:59:38.0355 4016 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 20:59:38.0415 4016 Sym_u3 - ok 20:59:38.0652 4016 [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain C:\Windows\system32\sysmain.dll 20:59:38.0757 4016 SysMain - ok 20:59:38.0862 4016 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:59:38.0952 4016 TabletInputService - ok 20:59:38.0985 4016 [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:59:39.0048 4016 TapiSrv - ok 20:59:39.0075 4016 [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS C:\Windows\System32\tbssvc.dll 20:59:39.0197 4016 TBS - ok 20:59:39.0451 4016 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:59:39.0618 4016 Tcpip - ok 20:59:39.0829 4016 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 20:59:39.0868 4016 Tcpip6 - ok 20:59:39.0906 4016 [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:59:40.0008 4016 tcpipreg - ok 20:59:40.0059 4016 [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:59:40.0130 4016 TDPIPE - ok 20:59:40.0139 4016 [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:59:40.0227 4016 TDTCP - ok 20:59:40.0253 4016 [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:59:40.0337 4016 tdx - ok 20:59:40.0416 4016 [ 2C549BD9DD091FBFAA0A2A48E82EC2FB ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:59:40.0426 4016 TermDD - ok 20:59:40.0518 4016 [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService C:\Windows\System32\termsrv.dll 20:59:40.0598 4016 TermService - ok 20:59:40.0630 4016 [ B264DFA21677728613267FE63802B332 ] Themes C:\Windows\system32\shsvcs.dll 20:59:40.0650 4016 Themes - ok 20:59:40.0685 4016 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER C:\Windows\system32\mmcss.dll 20:59:40.0742 4016 THREADORDER - ok 20:59:40.0958 4016 [ DCD46A3FC856167FD985507492AE610A ] ti21sony C:\Windows\system32\drivers\ti21sony.sys 20:59:41.0624 4016 ti21sony - ok 20:59:41.0686 4016 [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks C:\Windows\System32\trkwks.dll 20:59:41.0805 4016 TrkWks - ok 20:59:41.0947 4016 [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:59:42.0007 4016 TrustedInstaller - ok 20:59:42.0199 4016 [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:59:42.0356 4016 tssecsrv - ok 20:59:42.0410 4016 [ 65E953BC0084D44498B51F59784D2A82 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 20:59:42.0488 4016 tunmp - ok 20:59:42.0543 4016 [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:59:42.0769 4016 tunnel - ok 20:59:42.0826 4016 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:59:42.0948 4016 uagp35 - ok 20:59:43.0121 4016 [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:59:43.0195 4016 udfs - ok 20:59:43.0250 4016 [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:59:43.0312 4016 UI0Detect - ok 20:59:43.0360 4016 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:59:43.0414 4016 uliagpkx - ok 20:59:43.0462 4016 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 20:59:43.0528 4016 uliahci - ok 20:59:43.0563 4016 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 20:59:43.0643 4016 UlSata - ok 20:59:43.0669 4016 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 20:59:43.0683 4016 ulsata2 - ok 20:59:43.0773 4016 [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:59:43.0904 4016 umbus - ok 20:59:43.0967 4016 [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost C:\Windows\System32\upnphost.dll 20:59:44.0053 4016 upnphost - ok 20:59:44.0237 4016 [ F6BF998AE33E3FB6C7D27F0560F1173F ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:59:44.0362 4016 usbaudio - ok 20:59:44.0506 4016 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:59:44.0638 4016 usbccgp - ok 20:59:44.0768 4016 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:59:44.0919 4016 usbcir - ok 20:59:45.0049 4016 [ 63FE924D8A1113C3BA6750693FBEC7D3 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:59:45.0506 4016 usbehci - ok 20:59:45.0562 4016 [ 5EDEC5510592C905E91817707DCE62A2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:59:45.0668 4016 usbhub - ok 20:59:45.0706 4016 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:59:45.0761 4016 usbohci - ok 20:59:45.0805 4016 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:59:45.0921 4016 usbprint - ok 20:59:45.0986 4016 [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:59:46.0056 4016 USBSTOR - ok 20:59:46.0074 4016 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:59:46.0129 4016 usbuhci - ok 20:59:46.0194 4016 [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms C:\Windows\System32\uxsms.dll 20:59:46.0253 4016 UxSms - ok 20:59:46.0326 4016 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe 20:59:46.0392 4016 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning 20:59:46.0392 4016 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1) 20:59:46.0486 4016 [ 8A9F18ADAD471402236CA931553BF79B ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe 20:59:46.0498 4016 VAIO Event Service - ok 20:59:46.0814 4016 [ 88DC6B884824A578B0E1E9C3790C105B ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe 20:59:47.0153 4016 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning 20:59:47.0153 4016 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1) 20:59:47.0253 4016 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe 20:59:47.0333 4016 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning 20:59:47.0333 4016 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1) 20:59:47.0494 4016 [ ADDF0E4E19BD2FF0A0B852D324FDC281 ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe 20:59:47.0656 4016 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning 20:59:47.0656 4016 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1) 20:59:47.0895 4016 [ 52D4F568FE7D05AE5026B8717EEB59EB ] VAIOMediaPlatform-UCLS-AppServer C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe 20:59:47.0942 4016 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - warning 20:59:47.0943 4016 VAIOMediaPlatform-UCLS-AppServer - detected UnsignedFile.Multi.Generic (1) 20:59:48.0062 4016 [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-UCLS-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe 20:59:48.0092 4016 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - warning 20:59:48.0092 4016 VAIOMediaPlatform-UCLS-HTTP - detected UnsignedFile.Multi.Generic (1) 20:59:48.0436 4016 [ ADDF0E4E19BD2FF0A0B852D324FDC281 ] VAIOMediaPlatform-UCLS-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe 20:59:48.0578 4016 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - warning 20:59:48.0578 4016 VAIOMediaPlatform-UCLS-UPnP - detected UnsignedFile.Multi.Generic (1) 20:59:49.0860 4016 [ 721A1677FD204AB065238504D9268D92 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe 20:59:50.0337 4016 VCFw - ok 20:59:50.0446 4016 Vcsw - ok 20:59:50.0499 4016 [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds C:\Windows\System32\vds.exe 20:59:50.0527 4016 vds - ok 20:59:50.0575 4016 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:59:50.0633 4016 vga - ok 20:59:50.0677 4016 [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave C:\Windows\System32\drivers\vga.sys 20:59:50.0765 4016 VgaSave - ok 20:59:50.0779 4016 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 20:59:50.0805 4016 viaagp - ok 20:59:50.0853 4016 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 20:59:50.0972 4016 ViaC7 - ok 20:59:51.0010 4016 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys 20:59:51.0022 4016 viaide - ok 20:59:51.0057 4016 [ 103E84C95832D0ED93507997CC7B54E8 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:59:51.0068 4016 volmgr - ok 20:59:51.0084 4016 [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:59:51.0103 4016 volmgrx - ok 20:59:51.0159 4016 [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:59:51.0181 4016 volsnap - ok 20:59:51.0215 4016 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:59:51.0260 4016 vsmraid - ok 20:59:51.0335 4016 [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS C:\Windows\system32\vssvc.exe 20:59:51.0536 4016 VSS - ok 20:59:51.0863 4016 [ 416F115DC1003BB624D03E019C3D563D ] VUAgent C:\Program Files\sony\VAIO Update\VUAgent.exe 20:59:51.0899 4016 VUAgent - ok 20:59:52.0036 4016 [ 79EB419F4A694B4514249E0D3DB16ECF ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe 20:59:52.0068 4016 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning 20:59:52.0068 4016 VzCdbSvc - detected UnsignedFile.Multi.Generic (1) 20:59:52.0116 4016 [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time C:\Windows\system32\w32time.dll 20:59:52.0189 4016 W32Time - ok 20:59:52.0237 4016 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:59:52.0313 4016 WacomPen - ok 20:59:52.0403 4016 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 20:59:52.0417 4016 Wanarp - ok 20:59:52.0426 4016 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:59:52.0439 4016 Wanarpv6 - ok 20:59:52.0533 4016 [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:59:52.0558 4016 wcncsvc - ok 20:59:52.0572 4016 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:59:52.0605 4016 WcsPlugInService - ok 20:59:52.0676 4016 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 20:59:52.0712 4016 Wd - ok 20:59:52.0783 4016 [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:59:52.0812 4016 Wdf01000 - ok 20:59:52.0847 4016 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:59:52.0867 4016 WdiServiceHost - ok 20:59:52.0880 4016 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:59:52.0899 4016 WdiSystemHost - ok 20:59:52.0948 4016 [ 01E41C264EEDCB827820A1909162579F ] WebClient C:\Windows\System32\webclnt.dll 20:59:53.0004 4016 WebClient - ok 20:59:53.0015 4016 [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc C:\Windows\system32\wecsvc.dll 20:59:53.0157 4016 Wecsvc - ok 20:59:53.0184 4016 [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:59:53.0270 4016 wercplsupport - ok 20:59:53.0314 4016 [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc C:\Windows\System32\WerSvc.dll 20:59:53.0378 4016 WerSvc - ok 20:59:53.0493 4016 [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 20:59:53.0538 4016 winachsf - ok 20:59:53.0654 4016 [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 20:59:53.0668 4016 WinDefend - ok 20:59:53.0679 4016 WinHttpAutoProxySvc - ok 20:59:53.0851 4016 [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:59:53.0945 4016 Winmgmt - ok 20:59:54.0080 4016 [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM C:\Windows\system32\WsmSvc.dll 20:59:54.0156 4016 WinRM - ok 20:59:54.0198 4016 [ 7640ACEA41348BFEF34B76E245501261 ] Wlansvc C:\Windows\System32\wlansvc.dll 20:59:54.0302 4016 Wlansvc - ok 20:59:54.0388 4016 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:59:54.0477 4016 WmiAcpi - ok 20:59:54.0598 4016 [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:59:54.0697 4016 wmiApSrv - ok 20:59:55.0153 4016 [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 20:59:55.0235 4016 WMPNetworkSvc - ok 20:59:55.0339 4016 [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:59:55.0435 4016 WPCSvc - ok 20:59:55.0454 4016 [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:59:55.0503 4016 WPDBusEnum - ok 20:59:55.0523 4016 [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:59:55.0610 4016 ws2ifsl - ok 20:59:55.0645 4016 [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc C:\Windows\System32\wscsvc.dll 20:59:55.0708 4016 wscsvc - ok 20:59:55.0721 4016 WSearch - ok 20:59:56.0004 4016 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll 20:59:56.0129 4016 wuauserv - ok 20:59:56.0225 4016 [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:59:56.0293 4016 WUDFRd - ok 20:59:56.0414 4016 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:59:56.0478 4016 wudfsvc - ok 20:59:56.0558 4016 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 20:59:56.0633 4016 XAudio - ok 20:59:56.0692 4016 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 20:59:56.0737 4016 XAudioService - ok 20:59:56.0852 4016 [ 69222091B6285906AFF82E43681CF826 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 20:59:56.0938 4016 yukonwlh - ok 20:59:56.0948 4016 ================ Scan global =============================== 20:59:57.0056 4016 [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll 20:59:57.0141 4016 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll 20:59:57.0158 4016 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll 20:59:57.0304 4016 [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe 20:59:57.0310 4016 [Global] - ok 20:59:57.0315 4016 ================ Scan MBR ================================== 20:59:57.0365 4016 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 20:59:58.0872 4016 \Device\Harddisk0\DR0 - ok 20:59:58.0872 4016 ================ Scan VBR ================================== 20:59:58.0902 4016 [ 9D0FDD718E7F5C7ADDE7E5BB356BC078 ] \Device\Harddisk0\DR0\Partition1 20:59:59.0036 4016 \Device\Harddisk0\DR0\Partition1 - ok 20:59:59.0037 4016 ============================================================ 20:59:59.0037 4016 Scan finished 20:59:59.0037 4016 ============================================================ 20:59:59.0062 0860 Detected object count: 12 20:59:59.0062 0860 Actual detected object count: 12 21:07:30.0283 0860 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0283 0860 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:30.0283 0860 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0283 0860 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:30.0299 0860 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0299 0860 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:30.0299 0860 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0299 0860 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:30.0299 0860 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0299 0860 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:30.0299 0860 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0299 0860 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:30.0299 0860 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0299 0860 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:30.0314 0860 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0314 0860 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:30.0314 0860 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0314 0860 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:30.0314 0860 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0314 0860 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:30.0314 0860 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0314 0860 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:30.0314 0860 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user 21:07:30.0314 0860 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip |
06.03.2013, 17:55 | #9 |
/// Malware-holic | Bundestrojaner/weißer Bildschirm Windows Vista Hi, passt Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.03.2013, 20:47 | #10 |
| Bundestrojaner/weißer Bildschirm Windows Vista Huhu, hab ich gemacht: Combofix Logfile: Code:
ATTFilter ComboFix 13-03-05.01 - Patte 06.03.2013 20:27:39.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.2038.1113 [GMT 1:00] ausgeführt von:: c:\users\Patte\Downloads\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\fgnnfgoittfunznjzgtb.exe c:\users\Patte\ms.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-02-06 bis 2013-03-06 )))))))))))))))))))))))))))))) . . 2013-03-06 01:30 . 2013-03-06 01:30 -------- d-----w- C:\_OTL 2013-03-05 19:59 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F73BFA2-7686-4845-A20A-05E9DF8F0ED0}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-05 20:04 . 2012-04-03 07:10 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-05 20:04 . 2012-03-27 11:47 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-17 00:28 . 2012-03-27 11:09 232336 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-26 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-24 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-24 106496] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-24 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4317184] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-12 118784] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 321656] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-02-13 14:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-06 07:10 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:04] . 2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-26 17:16] . 2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-26 17:16] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 83.169.186.97 83.169.186.33 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-HDMI - c:\windows\system32\igxpun.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-03-06 20:36 Windows 6.0.6000 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2013-03-06 20:41:36 ComboFix-quarantined-files.txt 2013-03-06 19:41 . Vor Suchlauf: 8 Verzeichnis(se), 79.260.368.896 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 79.291.441.152 Bytes frei . - - End Of File - - 59A9F2CD42EC89A6124A450B132C2083 |
08.03.2013, 11:53 | #11 |
| Bundestrojaner/weißer Bildschirm Windows Vista Was muss ich denn jetzt tun? |
08.03.2013, 19:19 | #12 |
/// Malware-holic | Bundestrojaner/weißer Bildschirm Windows Vistawarten bis du drann bist, währe ein guter Anfang, ich mach das hier in meiner Freizeit. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.03.2013, 15:27 | #13 |
| Bundestrojaner/weißer Bildschirm Windows Vista Huhu, wollte dich nicht stressen. Das kam glaube etwas falsch rüber. Finde euer Forum und die Arbeit die ihr leistet echt super, wer macht denn heutzutage noch sowas - vielen Dank auch für die bisherige Unterstützung. Hier kommt der Logfile: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.09.07 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 Patte :: PATRIK [Administrator] Schutz: Aktiviert 09.03.2013 14:31:11 mbam-log-2013-03-09 (14-31-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 298882 Laufzeit: 53 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Qoobox\Quarantine\C\ProgramData\fgnnfgoittfunznjzgtb.exe.vir (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Users\Patte\ms.exe.vir (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\03052013_203010\C_Users\Patte\AppData\Roaming\ldr.mcb (Trojan.Agent.ICD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
11.03.2013, 18:08 | #14 |
/// Malware-holic | Bundestrojaner/weißer Bildschirm Windows Vista hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Bundestrojaner/weißer Bildschirm Windows Vista |
abgesicherten, bildschirm, bundestrojaner, bundestrojaner eingefangen, eingefangen, erscheint, euro, forum, gefangen, gen, hallo zusammen, hochfahren, inhalt, laptop, modus, nicht möglich, nichts, poste, posten, thread, vista, weißer, welchem, windows, windows vista, zahlen, zusammen |