| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei Trojaner -> Weisser BildschirmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.05.2013, 10:28
| #1 |
 |  Bundespolizei Trojaner -> Weisser Bildschirm Hi, Ich habe hier einen Laptop bekommen auf dem ich eine Art des Polizeitrojaners vermute. Vermute deswegen weil ich leider beim einschalten und anmeldden nur mehr einen weißen Bildschirm sehe und keine aufforderung mehr 100€ zu zahlen... oder ähnliches (dies hat mir der eigentümer aber beschrieben) Ich habe zwar einiges dazu gefunden jedoch bin ich mir nicht sicher wo ich anfangen soll In einem Forum habe ich den hinweis gefunden das man in der Registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon shell nachsehen soll was da steht bei dem PC hier Wert: explorer.exe wenn das so ist soll man diese exe austauschen jedoch glaub ich nicht ganz das das alles ist der wird sich wohl noch wo verstecken. Darum hoffe ich hier die richtge hilfe bekommen zu können um ihm den Gar auszumachen System: Windows Vista Status: nach Anmeldung weißer Bildschirm keine Bedienung möglich (Strg+Alt+Entf möglich jedoch geht von da der Taskmanager nicht auf (Strg+Umsch+Esc nicht möglich) Abgesicherter Modus Funktioniert. Von da habe ich auch einen OTL Scan durchgeführt. anbei der OTL log Danke im Vorhinien für jede Hilfe Code:
ATTFilter OTL logfile created on: 15.05.2013 11:20:45 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,51% Memory free 4,21 Gb Paging File | 3,93 Gb Available in Paging File | 93,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,57 Gb Total Space | 4,62 Gb Free Space | 4,14% Space Free | Partition Type: NTFS Drive D: | 111,55 Gb Total Space | 95,80 Gb Free Space | 85,88% Space Free | Partition Type: NTFS Drive F: | 7,54 Gb Total Space | 7,54 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: NB-NIKI | User Name: Niki | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.15 11:05:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2008.01.21 04:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9) SRV - [2013.03.17 11:19:51 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.06.01 17:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.08.01 15:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.07.20 12:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.09.27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.07.29 15:11:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010.04.28 08:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2007.12.20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.11.27 18:54:36 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.10.01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.09.20 13:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.04.14 11:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.01.21 21:52:08 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2011.09.12 20:51:06 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011.05.07 08:46:38 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010.09.27 11:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.11.12 15:18:18 | 000,165,376 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.11.12 15:17:53 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.11.17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.11.04 10:52:38 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2008.11.04 10:52:38 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2008.11.04 10:52:38 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2008.11.04 10:52:38 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2008.11.04 10:52:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2008.11.04 10:52:36 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2008.11.04 10:52:36 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.01.21 04:23:27 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.11.30 15:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.10.31 20:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.08.08 13:07:42 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.05.02 13:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007.04.03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) DRV - [2007.04.03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex) DRV - [2007.04.03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) DRV - [2007.04.03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) DRV - [2007.04.03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007.04.03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007.04.03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.30 15:58:30 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mgmt.sys -- (se44mgmt) DRV - [2006.11.30 15:58:18 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44bus.sys -- (se44bus) DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2005.02.11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 9C 0D 2B F1 06 CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\..\SearchScopes\{DEE048AE-5817-4153-864C-E8069A144249}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaultenginename: "Ask.com Search" FF - prefs.js..browser.search.order.1: "Ask.com Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.5 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll () FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.12 20:52:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 11:33:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.05 21:27:28 | 000,000,000 | ---D | M] [2008.08.05 10:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niki\AppData\Roaming\mozilla\Extensions [2013.04.06 19:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Profiles\s9fy7n8b.default\extensions [2011.12.27 01:47:15 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Profiles\s9fy7n8b.default\extensions\ChoiceGuard@Microsoft [2013.04.06 19:12:47 | 000,492,403 | ---- | M] () (No name found) -- C:\Users\Niki\AppData\Roaming\mozilla\firefox\profiles\s9fy7n8b.default\extensions\toolbar@gmx.net.xpi [2012.06.21 11:36:30 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Niki\AppData\Roaming\mozilla\firefox\profiles\s9fy7n8b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.04.21 09:28:56 | 000,002,408 | ---- | M] () -- C:\Users\Niki\AppData\Roaming\mozilla\firefox\profiles\s9fy7n8b.default\searchplugins\askcom.xml [2012.07.05 21:28:30 | 000,002,306 | ---- | M] () -- C:\Users\Niki\AppData\Roaming\mozilla\firefox\profiles\s9fy7n8b.default\searchplugins\askcomsearch.xml [2012.07.05 21:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.05 21:27:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2009.08.04 10:54:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2012.06.21 11:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.06.21 11:33:35 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net [2012.06.01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.08.05 08:56:20 | 000,000,793 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 192.168.1.5 server2.witke.at O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Advanced System Protector] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [HP Officejet 4620 series (NET)] C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites) O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} hxxp://192.168.1.5:8080/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class) O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} hxxp://192.168.1.5:8080/officescan/console/ClientInstall/setupini.cab (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} hxxp://192.168.1.5:8080/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} hxxp://192.168.1.5:8080/officescan/console/html/AtxEnc.cab (Encrypt Class) O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} hxxp://192.168.1.5:8080/officescan/console/ClientInstall/RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} hxxp://192.168.1.5:8080/officescan/console/html/AtxConsole.cab (OfficeScan Management-Konsole) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26408AB3-F406-46D9-AA46-C25134A46E7A}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Niki\AppData\Roaming\skype.dat) - C:\Users\Niki\AppData\Roaming\skype.dat () O24 - Desktop WallPaper: C:\Users\Niki\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O24 - Desktop BackupWallPaper: C:\Users\Niki\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{573449da-f1a8-11df-8e08-000000000000}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{abc64623-ddb8-11de-89bc-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{abc64623-ddb8-11de-89bc-000000000000}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{abc64641-ddb8-11de-89bc-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{abc64641-ddb8-11de-89bc-000000000000}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2009.07.18 14:40:17 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA054.dll ========== Files - Modified Within 30 Days ========== [2013.05.15 11:09:03 | 000,620,944 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.15 11:09:03 | 000,589,472 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.15 11:09:03 | 000,123,276 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.15 11:09:03 | 000,101,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.15 09:57:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.15 09:07:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.15 09:07:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.15 09:06:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.15 09:06:42 | 000,000,004 | ---- | M] () -- C:\Users\Niki\AppData\Roaming\skype.ini [2013.05.15 08:45:35 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DA4445A7-6BC6-4550-BC89-F7F84E3DF3DB}.job [2013.05.15 08:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.11 08:40:49 | 119,776,360 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm ========== Files Created - No Company Name ========== [2013.05.11 08:33:57 | 000,000,004 | ---- | C] () -- C:\Users\Niki\AppData\Roaming\skype.ini [2012.11.24 21:26:00 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.05.28 00:12:59 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe [2011.12.07 21:19:37 | 000,000,680 | ---- | C] () -- C:\Users\Niki\AppData\Local\d3d9caps.dat [2011.05.28 11:38:36 | 000,109,056 | ---- | C] () -- C:\Users\Niki\AppData\Roaming\skype.dat [2010.01.10 21:23:25 | 000,000,104 | ---- | C] () -- C:\Users\Niki\Computer - Verknüpfung.lnk [2009.06.27 08:34:49 | 000,000,000 | ---- | C] () -- C:\Users\Niki\AppData\Local\rx_image.Cache [2008.08.06 21:50:25 | 000,226,816 | ---- | C] () -- C:\Users\Niki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.05 10:00:13 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.11.20 23:51:44 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Amazon [2009.03.24 20:35:31 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\EPSON [2009.11.15 10:58:02 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\GARMIN [2011.04.11 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\innoplus [2012.05.09 00:19:13 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Research In Motion [2013.03.27 09:31:07 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Samsung [2012.06.02 16:23:16 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Systweak [2012.08.08 22:38:05 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Temp ========== Purity Check ========== < End of report > |
|
15.05.2013, 11:29
| #2 |
| /// Malware-holic   | Bundespolizei Trojaner -> Weisser Bildschirm Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O20 - HKCU Winlogon: Shell - (C:\Users\Niki\AppData\Roaming\skype.dat) - C:\Users\Niki\AppData\Roaming\skype.dat ()
:files
C:\Users\Niki\AppData\Roaming\skype.dat
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
15.05.2013, 12:40
| #3 |
| | Bundespolizei Trojaner -> Weisser Bildschirm Hi,
__________________anbei der LOG: hat wunderbar funktioniert. Upload hat auch geklappt Code:
ATTFilter :OTL
O20 - HKCU Winlogon: Shell - (C:\Users\Niki\AppData\Roaming\skype.dat) - C:\Users\Niki\AppData\Roaming\skype.dat ()
:files
C:\Users\Niki\AppData\Roaming\skype.dat
:Commands
[emptytemp]
|
|
15.05.2013, 13:33
| #4 |
| /// Malware-holic | Bundespolizei Trojaner -> Weisser Bildschirm Danke fürs hochladen. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2013, 13:40
| #5 |
| | Bundespolizei Trojaner -> Weisser Bildschirm Ohh jee nach denk ich nun wieder im Windows war und ihn eigentlich im leerlauf belies kam nach ca 30 minuten wieder ein alter bekannter der Polizeitrojaner scheint wohl als würde er noch irgendwo anders Leben und sich wider repliziert zu haben... Ich fertige gleich noch einen Log an |
|
15.05.2013, 13:56
| #6 |
| /// Malware-holic | Bundespolizei Trojaner -> Weisser Bildschirm surfe nur auf den von mir genannten seiten, während der Reinigung bitte.
__________________ --> Bundespolizei Trojaner -> Weisser Bildschirm |
|
15.05.2013, 14:05
| #7 |
| | Bundespolizei Trojaner -> Weisser Bildschirm anbei der derzeitige log Code:
ATTFilter OTL logfile created on: 15.05.2013 14:43:35 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 83,03% Memory free 4,21 Gb Paging File | 4,02 Gb Available in Paging File | 95,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,57 Gb Total Space | 45,34 Gb Free Space | 40,64% Space Free | Partition Type: NTFS Drive D: | 111,55 Gb Total Space | 96,90 Gb Free Space | 86,86% Space Free | Partition Type: NTFS Drive F: | 7,54 Gb Total Space | 7,54 Gb Free Space | 99,98% Space Free | Partition Type: FAT32 Computer Name: NB-NIKI | User Name: Niki | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.15 11:05:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2008.01.21 04:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9) SRV - [2013.05.15 14:29:28 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.17 11:19:51 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2011.08.01 15:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.07.20 12:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.09.27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.07.29 15:11:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010.04.28 08:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2007.12.20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.11.27 18:54:36 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.10.01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.09.20 13:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.04.14 11:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.01.21 21:52:08 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2011.09.12 20:51:06 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011.05.07 08:46:38 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010.09.27 11:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.11.12 15:18:18 | 000,165,376 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.11.12 15:17:53 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.11.17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.11.04 10:52:38 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2008.11.04 10:52:38 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2008.11.04 10:52:38 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2008.11.04 10:52:38 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2008.11.04 10:52:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2008.11.04 10:52:36 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2008.11.04 10:52:36 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.01.21 04:23:27 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.11.30 15:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.10.31 20:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.08.08 13:07:42 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.05.02 13:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007.04.03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) DRV - [2007.04.03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex) DRV - [2007.04.03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) DRV - [2007.04.03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) DRV - [2007.04.03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007.04.03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007.04.03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.30 15:58:30 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mgmt.sys -- (se44mgmt) DRV - [2006.11.30 15:58:18 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44bus.sys -- (se44bus) DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2005.02.11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 9C 0D 2B F1 06 CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\..\SearchScopes\{DEE048AE-5817-4153-864C-E8069A144249}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaultenginename: "Ask.com Search" FF - prefs.js..browser.search.order.1: "Ask.com Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll () FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.12 20:52:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.15 14:29:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.05 21:27:28 | 000,000,000 | ---D | M] [2008.08.05 10:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niki\AppData\Roaming\mozilla\Extensions [2013.04.06 19:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Profiles\s9fy7n8b.default\extensions [2011.12.27 01:47:15 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Niki\AppData\Roaming\mozilla\Firefox\Profiles\s9fy7n8b.default\extensions\ChoiceGuard@Microsoft [2013.04.06 19:12:47 | 000,492,403 | ---- | M] () (No name found) -- C:\Users\Niki\AppData\Roaming\mozilla\firefox\profiles\s9fy7n8b.default\extensions\toolbar@gmx.net.xpi [2012.06.21 11:36:30 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Niki\AppData\Roaming\mozilla\firefox\profiles\s9fy7n8b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.04.21 09:28:56 | 000,002,408 | ---- | M] () -- C:\Users\Niki\AppData\Roaming\mozilla\firefox\profiles\s9fy7n8b.default\searchplugins\askcom.xml [2012.07.05 21:28:30 | 000,002,306 | ---- | M] () -- C:\Users\Niki\AppData\Roaming\mozilla\firefox\profiles\s9fy7n8b.default\searchplugins\askcomsearch.xml [2012.07.05 21:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.05 21:27:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2009.08.04 10:54:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013.05.15 14:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.15 14:29:31 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.06.21 11:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.06.21 11:33:35 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net O1 HOSTS File: ([2009.08.05 08:56:20 | 000,000,793 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 192.168.1.5 server2.witke.at O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [HP Officejet 4620 series (NET)] C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites) O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} hxxp://192.168.1.5:8080/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class) O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} hxxp://192.168.1.5:8080/officescan/console/ClientInstall/setupini.cab (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} hxxp://192.168.1.5:8080/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} hxxp://192.168.1.5:8080/officescan/console/html/AtxEnc.cab (Encrypt Class) O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} hxxp://192.168.1.5:8080/officescan/console/ClientInstall/RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} hxxp://192.168.1.5:8080/officescan/console/html/AtxConsole.cab (OfficeScan Management-Konsole) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26408AB3-F406-46D9-AA46-C25134A46E7A}: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A832727C-2AAC-46B5-83E9-66B5EF176421}: DhcpNameServer = 192.168.17.1 192.168.17.2 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Niki\AppData\Roaming\skype.dat) - C:\Users\Niki\AppData\Roaming\skype.dat () O24 - Desktop WallPaper: C:\Users\Niki\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O24 - Desktop BackupWallPaper: C:\Users\Niki\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{573449da-f1a8-11df-8e08-000000000000}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{abc64623-ddb8-11de-89bc-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{abc64623-ddb8-11de-89bc-000000000000}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{abc64641-ddb8-11de-89bc-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{abc64641-ddb8-11de-89bc-000000000000}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.15 14:35:13 | 000,000,000 | ---D | C] -- C:\Windows\pss [2009.07.18 14:40:17 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA054.dll ========== Files - Modified Within 30 Days ========== [2013.05.15 14:40:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.15 14:39:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.15 14:38:49 | 000,000,004 | ---- | M] () -- C:\Users\Niki\AppData\Roaming\skype.ini [2013.05.15 14:37:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.15 14:37:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.15 14:29:03 | 119,747,928 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2013.05.15 14:18:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.15 13:34:39 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DA4445A7-6BC6-4550-BC89-F7F84E3DF3DB}.job [2013.05.15 13:33:38 | 000,621,930 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.15 13:33:38 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.15 13:33:38 | 000,123,860 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.15 13:33:38 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2013.05.15 14:30:09 | 000,000,004 | ---- | C] () -- C:\Users\Niki\AppData\Roaming\skype.ini [2012.11.24 21:26:00 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.05.28 00:12:59 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe [2011.12.07 21:19:37 | 000,000,680 | ---- | C] () -- C:\Users\Niki\AppData\Local\d3d9caps.dat [2011.05.28 11:38:36 | 000,122,368 | ---- | C] () -- C:\Users\Niki\AppData\Roaming\skype.dat [2010.01.10 21:23:25 | 000,000,104 | ---- | C] () -- C:\Users\Niki\Computer - Verknüpfung.lnk [2009.06.27 08:34:49 | 000,000,000 | ---- | C] () -- C:\Users\Niki\AppData\Local\rx_image.Cache [2008.08.06 21:50:25 | 000,226,816 | ---- | C] () -- C:\Users\Niki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.05 10:00:13 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.11.20 23:51:44 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Amazon [2009.03.24 20:35:31 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\EPSON [2009.11.15 10:58:02 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\GARMIN [2011.04.11 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\innoplus [2012.05.09 00:19:13 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Research In Motion [2013.03.27 09:31:07 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Samsung [2012.06.02 16:23:16 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Systweak [2012.08.08 22:38:05 | 000,000,000 | ---D | M] -- C:\Users\Niki\AppData\Roaming\Temp ========== Purity Check ========== < End of report > |
|
15.05.2013, 14:09
| #8 |
| /// Malware-holic | Bundespolizei Trojaner -> Weisser Bildschirm Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O20 - HKCU Winlogon: Shell - (C:\Users\Niki\AppData\Roaming\skype.dat) - C:\Users\Niki\AppData\Roaming\skype.dat ()
:files
:Commands
[emptytemp]
und danach noch mal den tdss killer nutzen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2013, 14:43
| #9 |
| | Bundespolizei Trojaner -> Weisser Bildschirm Hier der Log von TDSSKiller Code:
ATTFilter 15:40:32.0671 5432 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:40:32.0687 5432 ============================================================
15:40:32.0687 5432 Current date / time: 2013/05/15 15:40:32.0687
15:40:32.0687 5432 SystemInfo:
15:40:32.0687 5432
15:40:32.0687 5432 OS Version: 6.0.6001 ServicePack: 1.0
15:40:32.0687 5432 Product type: Workstation
15:40:32.0687 5432 ComputerName: NB-NIKI
15:40:32.0687 5432 UserName: Niki
15:40:32.0687 5432 Windows directory: C:\Windows
15:40:32.0687 5432 System windows directory: C:\Windows
15:40:32.0687 5432 Processor architecture: Intel x86
15:40:32.0687 5432 Number of processors: 2
15:40:32.0687 5432 Page size: 0x1000
15:40:32.0687 5432 Boot type: Normal boot
15:40:32.0687 5432 ============================================================
15:40:34.0372 5432 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:40:34.0372 5432 Drive \Device\Harddisk1\DR1 - Size: 0x1E2D00000 (7.54 Gb), SectorSize: 0x200, Cylinders: 0x3D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:40:34.0372 5432 ============================================================
15:40:34.0372 5432 \Device\Harddisk0\DR0:
15:40:34.0372 5432 MBR partitions:
15:40:34.0372 5432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xDF21800
15:40:34.0372 5432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF2AA000, BlocksNum 0xDF1B000
15:40:34.0372 5432 \Device\Harddisk1\DR1:
15:40:34.0372 5432 MBR partitions:
15:40:34.0372 5432 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0xF16000
15:40:34.0372 5432 ============================================================
15:40:34.0481 5432 C: <-> \Device\Harddisk0\DR0\Partition1
15:40:34.0840 5432 D: <-> \Device\Harddisk0\DR0\Partition2
15:40:34.0840 5432 ============================================================
15:40:34.0840 5432 Initialize success
15:40:34.0855 5432 ============================================================
15:41:01.0202 4676 ============================================================
15:41:01.0202 4676 Scan started
15:41:01.0202 4676 Mode: Manual; SigCheck; TDLFS;
15:41:01.0202 4676 ============================================================
15:41:01.0810 4676 ================ Scan system memory ========================
15:41:01.0810 4676 System memory - ok
15:41:01.0810 4676 ================ Scan services =============================
15:41:02.0153 4676 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
15:41:02.0278 4676 ACPI - ok
15:41:02.0465 4676 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:41:02.0528 4676 AdobeFlashPlayerUpdateSvc - ok
15:41:02.0559 4676 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:41:02.0575 4676 adp94xx - ok
15:41:02.0621 4676 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:41:02.0637 4676 adpahci - ok
15:41:02.0668 4676 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:41:02.0684 4676 adpu160m - ok
15:41:02.0746 4676 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:41:02.0793 4676 adpu320 - ok
15:41:02.0840 4676 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:41:02.0871 4676 AeLookupSvc - ok
15:41:02.0965 4676 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
15:41:03.0043 4676 AFD - ok
15:41:03.0058 4676 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:41:03.0074 4676 agp440 - ok
15:41:03.0105 4676 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:41:03.0121 4676 aic78xx - ok
15:41:03.0136 4676 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:41:03.0183 4676 ALG - ok
15:41:03.0199 4676 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:41:03.0214 4676 aliide - ok
15:41:03.0230 4676 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:41:03.0230 4676 amdagp - ok
15:41:03.0261 4676 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:41:03.0261 4676 amdide - ok
15:41:03.0277 4676 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:41:03.0339 4676 AmdK7 - ok
15:41:03.0355 4676 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:41:03.0386 4676 AmdK8 - ok
15:41:03.0401 4676 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:41:03.0464 4676 Appinfo - ok
15:41:03.0682 4676 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:41:03.0698 4676 Apple Mobile Device - ok
15:41:03.0729 4676 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:41:03.0745 4676 arc - ok
15:41:03.0776 4676 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:41:03.0791 4676 arcsas - ok
15:41:03.0823 4676 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:41:03.0869 4676 AsyncMac - ok
15:41:03.0901 4676 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
15:41:03.0901 4676 atapi - ok
15:41:03.0947 4676 [ 5B80E84AF6B02ECAB72DAE9AFEE06309 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
15:41:04.0025 4676 atksgt ( UnsignedFile.Multi.Generic ) - warning
15:41:04.0025 4676 atksgt - detected UnsignedFile.Multi.Generic (1)
15:41:04.0057 4676 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:41:04.0103 4676 AudioEndpointBuilder - ok
15:41:04.0103 4676 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:41:04.0135 4676 Audiosrv - ok
15:41:04.0197 4676 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
15:41:04.0228 4676 avg9wd - ok
15:41:04.0259 4676 [ A9F4D19DE72C738759330D10D35C4398 ] AvgLdx86 C:\Windows\system32\Drivers\avgldx86.sys
15:41:04.0275 4676 AvgLdx86 - ok
15:41:04.0322 4676 [ 80FF2B1B7EEDA966394F0BAA895BBF4B ] AvgMfx86 C:\Windows\system32\Drivers\avgmfx86.sys
15:41:04.0337 4676 AvgMfx86 - ok
15:41:04.0384 4676 [ 9A7A93388F503A34E7339AE7F9997449 ] AvgTdiX C:\Windows\system32\Drivers\avgtdix.sys
15:41:04.0400 4676 AvgTdiX - ok
15:41:04.0462 4676 [ AA6B367CA7DA571DFC3374EC137D87A5 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:41:04.0509 4676 b57nd60x - ok
15:41:04.0665 4676 [ 28A4012E68BC9597BCB9B26B51AAC4B6 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
15:41:04.0713 4676 BBSvc - ok
15:41:04.0791 4676 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
15:41:04.0806 4676 BBUpdate - ok
15:41:04.0853 4676 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:41:04.0900 4676 Beep - ok
15:41:04.0947 4676 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
15:41:04.0994 4676 BFE - ok
15:41:05.0212 4676 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
15:41:05.0274 4676 BITS - ok
15:41:05.0290 4676 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:41:05.0337 4676 blbdrive - ok
15:41:05.0430 4676 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:41:05.0446 4676 Bonjour Service - ok
15:41:05.0493 4676 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:41:05.0571 4676 bowser - ok
15:41:05.0618 4676 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:41:05.0649 4676 BrFiltLo - ok
15:41:05.0680 4676 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:41:05.0727 4676 BrFiltUp - ok
15:41:05.0758 4676 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:41:05.0805 4676 Browser - ok
15:41:05.0836 4676 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:41:06.0008 4676 Brserid - ok
15:41:06.0039 4676 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:41:06.0086 4676 BrSerWdm - ok
15:41:06.0117 4676 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:41:06.0164 4676 BrUsbMdm - ok
15:41:06.0210 4676 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:41:06.0273 4676 BrUsbSer - ok
15:41:06.0320 4676 [ DA7B195275BDA7F8FCF79B40E0F45DDE ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
15:41:06.0382 4676 BthEnum - ok
15:41:06.0413 4676 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:41:06.0460 4676 BTHMODEM - ok
15:41:06.0491 4676 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:41:06.0538 4676 BthPan - ok
15:41:06.0600 4676 [ 73D53F8E90550BA81E2CF44A0873B410 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:41:06.0632 4676 BTHPORT - ok
15:41:06.0663 4676 [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ C:\Windows\System32\bthserv.dll
15:41:06.0694 4676 BthServ - ok
15:41:06.0725 4676 [ 32045A4BB143BBC5BAB1298C4E9E309A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:41:06.0819 4676 BTHUSB - ok
15:41:06.0850 4676 [ F2195899900E358614FA535EA503373E ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:41:06.0944 4676 btwaudio - ok
15:41:06.0990 4676 [ 769DFBE72448B31221DB818A049760A5 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
15:41:06.0990 4676 btwavdt - ok
15:41:07.0006 4676 [ D02F4D18AA4A38F781BEEFEB1892E144 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:41:07.0022 4676 btwl2cap - ok
15:41:07.0068 4676 [ 9FA7311CE621683AAB68A324E623F9B2 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:41:07.0100 4676 btwrchid - ok
15:41:07.0131 4676 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:41:07.0162 4676 cdfs - ok
15:41:07.0209 4676 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:41:07.0240 4676 cdrom - ok
15:41:07.0271 4676 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
15:41:07.0302 4676 CertPropSvc - ok
15:41:07.0334 4676 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:41:07.0365 4676 circlass - ok
15:41:07.0427 4676 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
15:41:07.0443 4676 CLFS - ok
15:41:07.0474 4676 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:41:07.0505 4676 clr_optimization_v2.0.50727_32 - ok
15:41:07.0536 4676 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:41:07.0552 4676 CmBatt - ok
15:41:07.0599 4676 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:41:07.0614 4676 cmdide - ok
15:41:07.0646 4676 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:41:07.0646 4676 Compbatt - ok
15:41:07.0646 4676 COMSysApp - ok
15:41:07.0661 4676 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:41:07.0661 4676 crcdisk - ok
15:41:07.0786 4676 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:41:07.0848 4676 Crusoe - ok
15:41:07.0880 4676 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:41:07.0942 4676 CryptSvc - ok
15:41:07.0989 4676 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
15:41:08.0036 4676 CVirtA - ok
15:41:08.0394 4676 [ 30443EEF52F5FB043654859EAA8E5247 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
15:41:08.0488 4676 CVPND - ok
15:41:08.0550 4676 [ CB90B2762B1A1D0B40496400C55B6ADE ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
15:41:08.0582 4676 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
15:41:08.0582 4676 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
15:41:08.0644 4676 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:41:08.0738 4676 DcomLaunch - ok
15:41:08.0784 4676 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:41:08.0847 4676 DfsC - ok
15:41:09.0003 4676 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
15:41:09.0393 4676 DFSR - ok
15:41:09.0408 4676 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:41:09.0455 4676 Dhcp - ok
15:41:09.0486 4676 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
15:41:09.0518 4676 disk - ok
15:41:09.0533 4676 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
15:41:09.0549 4676 DKbFltr - ok
15:41:09.0611 4676 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
15:41:09.0611 4676 DNE - ok
15:41:09.0674 4676 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:41:09.0736 4676 Dnscache - ok
15:41:09.0783 4676 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
15:41:09.0814 4676 dot3svc - ok
15:41:09.0845 4676 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:41:09.0876 4676 DPS - ok
15:41:09.0908 4676 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:41:09.0939 4676 drmkaud - ok
15:41:10.0001 4676 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:41:10.0064 4676 DXGKrnl - ok
15:41:10.0110 4676 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:41:10.0157 4676 E1G60 - ok
15:41:10.0220 4676 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:41:10.0235 4676 EapHost - ok
15:41:10.0251 4676 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:41:10.0266 4676 Ecache - ok
15:41:10.0344 4676 [ 668DCA122FFC7F10BECA6055E15FFABD ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
15:41:10.0391 4676 eDataSecurity Service - ok
15:41:10.0547 4676 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:41:10.0578 4676 ehRecvr - ok
15:41:10.0610 4676 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:41:10.0688 4676 ehSched - ok
15:41:10.0703 4676 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:41:10.0719 4676 ehstart - ok
15:41:10.0766 4676 [ E28516FED46251119ADDAF4CF33BA401 ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
15:41:10.0766 4676 eLockService ( UnsignedFile.Multi.Generic ) - warning
15:41:10.0766 4676 eLockService - detected UnsignedFile.Multi.Generic (1)
15:41:10.0875 4676 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:41:10.0922 4676 elxstor - ok
15:41:11.0031 4676 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:41:11.0171 4676 EMDMgmt - ok
15:41:11.0218 4676 [ 44E8E86CEEB0D9F0F934B5EDC21E0444 ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe
15:41:11.0234 4676 eNet Service ( UnsignedFile.Multi.Generic ) - warning
15:41:11.0234 4676 eNet Service - detected UnsignedFile.Multi.Generic (1)
15:41:11.0280 4676 [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
15:41:11.0327 4676 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
15:41:11.0327 4676 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
15:41:11.0343 4676 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:41:11.0374 4676 ErrDev - ok
15:41:11.0405 4676 [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
15:41:11.0436 4676 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
15:41:11.0436 4676 eSettingsService - detected UnsignedFile.Multi.Generic (1)
15:41:11.0483 4676 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
15:41:11.0530 4676 EventSystem - ok
15:41:11.0748 4676 [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:41:11.0811 4676 EvtEng ( UnsignedFile.Multi.Generic ) - warning
15:41:11.0811 4676 EvtEng - detected UnsignedFile.Multi.Generic (1)
15:41:11.0842 4676 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
15:41:11.0904 4676 exfat - ok
15:41:11.0951 4676 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:41:11.0998 4676 fastfat - ok
15:41:12.0123 4676 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:41:12.0201 4676 fdc - ok
15:41:12.0232 4676 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:41:12.0326 4676 fdPHost - ok
15:41:12.0341 4676 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:41:12.0404 4676 FDResPub - ok
15:41:12.0419 4676 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:41:12.0435 4676 FileInfo - ok
15:41:12.0450 4676 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:41:12.0482 4676 Filetrace - ok
15:41:12.0513 4676 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:41:12.0544 4676 flpydisk - ok
15:41:12.0575 4676 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:41:12.0591 4676 FltMgr - ok
15:41:12.0669 4676 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:41:12.0669 4676 FontCache3.0.0.0 - ok
15:41:12.0700 4676 [ 491E9D9A26A745F6AE7D570849F4BD87 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:41:12.0716 4676 fssfltr - ok
15:41:12.0872 4676 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:41:12.0903 4676 fsssvc - ok
15:41:12.0918 4676 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:41:12.0950 4676 Fs_Rec - ok
15:41:12.0981 4676 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:41:13.0012 4676 gagp30kx - ok
15:41:13.0074 4676 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:41:13.0074 4676 GEARAspiWDM - ok
15:41:13.0152 4676 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
15:41:13.0199 4676 gpsvc - ok
15:41:13.0215 4676 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:41:13.0262 4676 HdAudAddService - ok
15:41:13.0277 4676 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:41:13.0308 4676 HDAudBus - ok
15:41:13.0340 4676 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:41:13.0402 4676 HidBth - ok
15:41:13.0433 4676 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:41:13.0480 4676 HidIr - ok
15:41:13.0527 4676 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
15:41:13.0574 4676 hidserv - ok
15:41:13.0605 4676 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:41:13.0636 4676 HidUsb - ok
15:41:13.0667 4676 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:41:13.0714 4676 hkmsvc - ok
15:41:13.0730 4676 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:41:13.0745 4676 HpCISSs - ok
15:41:13.0776 4676 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:41:13.0808 4676 HSFHWAZL - ok
15:41:13.0995 4676 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:41:14.0088 4676 HSF_DPV - ok
15:41:14.0198 4676 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:41:14.0229 4676 HSXHWAZL - ok
15:41:14.0307 4676 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:41:14.0369 4676 HTTP - ok
15:41:14.0416 4676 [ 63B3EFF36272787619C1E773ED581693 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:41:14.0447 4676 hwdatacard - ok
15:41:14.0478 4676 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:41:14.0494 4676 i2omp - ok
15:41:14.0510 4676 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:41:14.0541 4676 i8042prt - ok
15:41:14.0572 4676 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
15:41:14.0603 4676 IAANTMON - ok
15:41:14.0634 4676 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:41:14.0650 4676 iaStor - ok
15:41:14.0666 4676 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:41:14.0681 4676 iaStorV - ok
15:41:14.0744 4676 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:41:14.0790 4676 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:41:14.0790 4676 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:41:14.0853 4676 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:41:14.0884 4676 idsvc - ok
15:41:15.0258 4676 [ A9221D13D8F1F772010EE293BA9BAEB7 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:41:15.0570 4676 igfx - ok
15:41:15.0586 4676 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:41:15.0602 4676 iirsp - ok
15:41:15.0648 4676 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
15:41:15.0711 4676 IKEEXT - ok
15:41:15.0742 4676 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys
15:41:15.0758 4676 int15 - ok
15:41:15.0851 4676 [ B795745F7E51AA20D46753EC5A811ACA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:41:15.0945 4676 IntcAzAudAddService - ok
15:41:15.0976 4676 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:41:15.0992 4676 intelide - ok
15:41:16.0038 4676 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:41:16.0116 4676 intelppm - ok
15:41:16.0148 4676 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:41:16.0179 4676 IPBusEnum - ok
15:41:16.0194 4676 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:41:16.0226 4676 IpFilterDriver - ok
15:41:16.0241 4676 [ CAD416B8A4309B5E1CE75425381E7D2F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:41:16.0272 4676 iphlpsvc - ok
15:41:16.0272 4676 IpInIp - ok
15:41:16.0288 4676 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:41:16.0319 4676 IPMIDRV - ok
15:41:16.0335 4676 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:41:16.0382 4676 IPNAT - ok
15:41:16.0475 4676 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:41:16.0522 4676 iPod Service - ok
15:41:16.0553 4676 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
15:41:16.0569 4676 irda - ok
15:41:16.0600 4676 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:41:16.0631 4676 IRENUM - ok
15:41:16.0647 4676 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
15:41:16.0694 4676 Irmon - ok
15:41:16.0709 4676 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:41:16.0725 4676 isapnp - ok
15:41:16.0740 4676 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:41:16.0740 4676 iScsiPrt - ok
15:41:16.0772 4676 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:41:16.0772 4676 iteatapi - ok
15:41:16.0803 4676 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:41:16.0803 4676 iteraid - ok
15:41:16.0834 4676 [ FE8300320281D658A7854D5CFC02A63F ] k750bus C:\Windows\system32\DRIVERS\k750bus.sys
15:41:16.0865 4676 k750bus - ok
15:41:16.0881 4676 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:41:16.0896 4676 kbdclass - ok
15:41:16.0928 4676 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:41:17.0006 4676 kbdhid - ok
15:41:17.0068 4676 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
15:41:17.0130 4676 KeyIso - ok
15:41:17.0208 4676 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:41:17.0240 4676 KSecDD - ok
15:41:17.0286 4676 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:41:17.0318 4676 KtmRm - ok
15:41:17.0458 4676 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:41:17.0630 4676 LanmanServer - ok
15:41:17.0817 4676 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:41:17.0926 4676 LanmanWorkstation - ok
15:41:18.0020 4676 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:41:18.0066 4676 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:41:18.0066 4676 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:41:18.0098 4676 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
15:41:18.0113 4676 lirsgt ( UnsignedFile.Multi.Generic ) - warning
15:41:18.0113 4676 lirsgt - detected UnsignedFile.Multi.Generic (1)
15:41:18.0144 4676 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:41:18.0160 4676 lltdio - ok
15:41:18.0238 4676 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:41:18.0285 4676 lltdsvc - ok
15:41:18.0300 4676 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:41:18.0347 4676 lmhosts - ok
15:41:18.0363 4676 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:41:18.0394 4676 LSI_FC - ok
15:41:18.0410 4676 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:41:18.0425 4676 LSI_SAS - ok
15:41:18.0456 4676 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:41:18.0456 4676 LSI_SCSI - ok
15:41:18.0472 4676 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:41:18.0503 4676 luafv - ok
15:41:18.0862 4676 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
15:41:18.0924 4676 McComponentHostService - ok
15:41:19.0002 4676 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:41:19.0049 4676 Mcx2Svc - ok
15:41:19.0268 4676 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:41:19.0314 4676 MDM - ok
15:41:19.0346 4676 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:41:19.0377 4676 mdmxsdk - ok
15:41:19.0424 4676 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:41:19.0455 4676 megasas - ok
15:41:19.0533 4676 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:41:19.0580 4676 MegaSR - ok
15:41:19.0626 4676 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:41:19.0689 4676 MMCSS - ok
15:41:19.0720 4676 MobilityService - ok
15:41:19.0829 4676 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:41:19.0860 4676 Modem - ok
15:41:19.0892 4676 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:41:19.0923 4676 monitor - ok
15:41:19.0970 4676 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:41:19.0970 4676 mouclass - ok
15:41:20.0001 4676 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:41:20.0094 4676 mouhid - ok
15:41:20.0110 4676 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:41:20.0126 4676 MountMgr - ok
15:41:20.0250 4676 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:41:20.0266 4676 MozillaMaintenance - ok
15:41:20.0328 4676 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:41:20.0328 4676 mpio - ok
15:41:20.0360 4676 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:41:20.0422 4676 mpsdrv - ok
15:41:20.0500 4676 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
15:41:20.0640 4676 MpsSvc - ok
15:41:20.0656 4676 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:41:20.0672 4676 Mraid35x - ok
15:41:20.0687 4676 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:41:20.0734 4676 MRxDAV - ok
15:41:20.0781 4676 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:41:20.0859 4676 mrxsmb - ok
15:41:20.0890 4676 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:41:20.0937 4676 mrxsmb10 - ok
15:41:20.0968 4676 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:41:20.0984 4676 mrxsmb20 - ok
15:41:21.0030 4676 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
15:41:21.0046 4676 msahci - ok
15:41:21.0062 4676 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:41:21.0093 4676 msdsm - ok
15:41:21.0171 4676 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:41:21.0249 4676 MSDTC - ok
15:41:21.0280 4676 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:41:21.0327 4676 Msfs - ok
15:41:21.0342 4676 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:41:21.0358 4676 msisadrv - ok
15:41:21.0405 4676 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:41:21.0420 4676 MSiSCSI - ok
15:41:21.0436 4676 msiserver - ok
15:41:21.0452 4676 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:41:21.0483 4676 MSKSSRV - ok
15:41:21.0498 4676 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:41:21.0545 4676 MSPCLOCK - ok
15:41:21.0576 4676 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:41:21.0623 4676 MSPQM - ok
15:41:21.0639 4676 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:41:21.0654 4676 MsRPC - ok
15:41:21.0654 4676 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:41:21.0670 4676 mssmbios - ok
15:41:21.0686 4676 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:41:21.0717 4676 MSTEE - ok
15:41:21.0748 4676 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
15:41:21.0748 4676 Mup - ok
15:41:21.0810 4676 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
15:41:21.0842 4676 napagent - ok
15:41:21.0873 4676 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:41:21.0888 4676 NativeWifiP - ok
15:41:21.0920 4676 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:41:21.0935 4676 NDIS - ok
15:41:21.0951 4676 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:41:21.0966 4676 NdisTapi - ok
15:41:21.0998 4676 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:41:22.0013 4676 Ndisuio - ok
15:41:22.0060 4676 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:41:22.0091 4676 NdisWan - ok
15:41:22.0122 4676 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:41:22.0154 4676 NDProxy - ok
15:41:22.0169 4676 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:41:22.0185 4676 NetBIOS - ok
15:41:22.0200 4676 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:41:22.0247 4676 netbt - ok
15:41:22.0263 4676 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
15:41:22.0278 4676 Netlogon - ok
15:41:22.0341 4676 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:41:22.0372 4676 Netman - ok
15:41:22.0403 4676 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:41:22.0434 4676 netprofm - ok
15:41:22.0466 4676 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:41:22.0481 4676 NetTcpPortSharing - ok
15:41:22.0668 4676 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
15:41:22.0918 4676 NETw3v32 - ok
15:41:23.0402 4676 [ 38D720E0C8B0ECB9A019980265679798 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
15:41:23.0651 4676 NETw4v32 - ok
15:41:23.0823 4676 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
15:41:24.0150 4676 NETw5v32 - ok
15:41:24.0166 4676 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:41:24.0182 4676 nfrd960 - ok
15:41:24.0213 4676 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:41:24.0275 4676 NlaSvc - ok
15:41:24.0291 4676 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:41:24.0353 4676 Npfs - ok
15:41:24.0369 4676 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
15:41:24.0431 4676 NSCIRDA - ok
15:41:24.0431 4676 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:41:24.0494 4676 nsi - ok
15:41:24.0540 4676 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:41:24.0587 4676 nsiproxy - ok
15:41:24.0712 4676 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:41:24.0774 4676 Ntfs - ok
15:41:24.0790 4676 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
15:41:24.0837 4676 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
15:41:24.0837 4676 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
15:41:24.0868 4676 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:41:24.0915 4676 ntrigdigi - ok
15:41:24.0915 4676 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:41:24.0946 4676 Null - ok
15:41:24.0962 4676 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:41:24.0977 4676 nvraid - ok
15:41:24.0993 4676 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:41:25.0008 4676 nvstor - ok
15:41:25.0024 4676 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:41:25.0040 4676 nv_agp - ok
15:41:25.0040 4676 NwlnkFlt - ok
15:41:25.0055 4676 NwlnkFwd - ok
15:41:25.0118 4676 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:41:25.0133 4676 odserv - ok
15:41:25.0149 4676 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:41:25.0180 4676 ohci1394 - ok
15:41:25.0227 4676 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:41:25.0227 4676 ose - ok
15:41:25.0289 4676 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:41:25.0367 4676 p2pimsvc - ok
15:41:25.0383 4676 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
15:41:25.0398 4676 p2psvc - ok
15:41:25.0461 4676 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:41:25.0539 4676 Parport - ok
15:41:25.0554 4676 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:41:25.0570 4676 partmgr - ok
15:41:25.0586 4676 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:41:25.0648 4676 Parvdm - ok
15:41:25.0679 4676 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:41:25.0695 4676 PcaSvc - ok
15:41:25.0726 4676 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
15:41:25.0742 4676 pci - ok
15:41:25.0773 4676 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
15:41:25.0804 4676 pciide - ok
15:41:25.0820 4676 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:41:25.0820 4676 pcmcia - ok
15:41:25.0866 4676 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:41:25.0929 4676 PEAUTH - ok
15:41:26.0007 4676 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:41:26.0100 4676 pla - ok
15:41:26.0178 4676 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:41:26.0241 4676 PlugPlay - ok
15:41:26.0272 4676 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:41:26.0288 4676 PNRPAutoReg - ok
15:41:26.0303 4676 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:41:26.0334 4676 PNRPsvc - ok
15:41:26.0381 4676 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:41:26.0459 4676 PolicyAgent - ok
15:41:26.0506 4676 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:41:26.0537 4676 PptpMiniport - ok
15:41:26.0553 4676 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:41:26.0584 4676 Processor - ok
15:41:26.0615 4676 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
15:41:26.0646 4676 ProfSvc - ok
15:41:26.0662 4676 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:41:26.0678 4676 ProtectedStorage - ok
15:41:26.0693 4676 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:41:26.0740 4676 PSched - ok
15:41:26.0771 4676 [ 18DE162F9B83079C24CD96F59292F5ED ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
15:41:26.0802 4676 PSDFilter - ok
15:41:26.0896 4676 [ BC1457A28E76AB3106D43802AC22A627 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
15:41:26.0927 4676 PSDNServ - ok
15:41:26.0943 4676 [ AC151E5B0943304E368C98EC78B5FC4F ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
15:41:26.0958 4676 psdvdisk - ok
15:41:27.0021 4676 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:41:27.0068 4676 ql2300 - ok
15:41:27.0083 4676 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:41:27.0083 4676 ql40xx - ok
15:41:27.0130 4676 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:41:27.0146 4676 QWAVE - ok
15:41:27.0161 4676 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:41:27.0192 4676 QWAVEdrv - ok
15:41:27.0208 4676 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:41:27.0239 4676 RasAcd - ok
15:41:27.0286 4676 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:41:27.0364 4676 RasAuto - ok
15:41:27.0395 4676 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:41:27.0426 4676 Rasl2tp - ok
15:41:27.0442 4676 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
15:41:27.0473 4676 RasMan - ok
15:41:27.0489 4676 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:41:27.0520 4676 RasPppoe - ok
15:41:27.0536 4676 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:41:27.0567 4676 RasSstp - ok
15:41:27.0598 4676 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:41:27.0629 4676 rdbss - ok
15:41:27.0629 4676 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:41:27.0660 4676 RDPCDD - ok
15:41:27.0738 4676 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:41:27.0801 4676 rdpdr - ok
15:41:27.0801 4676 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:41:27.0863 4676 RDPENCDD - ok
15:41:27.0910 4676 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:41:28.0004 4676 RDPWD - ok
15:41:28.0097 4676 [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:41:28.0144 4676 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
15:41:28.0144 4676 RegSrvc - detected UnsignedFile.Multi.Generic (1)
15:41:28.0175 4676 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:41:28.0238 4676 RemoteAccess - ok
15:41:28.0253 4676 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:41:28.0300 4676 RemoteRegistry - ok
15:41:28.0300 4676 [ 34CC78C06587718C2AD6D3AA83B1F072 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:41:28.0347 4676 RFCOMM - ok
15:41:28.0378 4676 [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
15:41:28.0518 4676 RimUsb - ok
15:41:28.0565 4676 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
15:41:28.0581 4676 RimVSerPort - ok
15:41:28.0612 4676 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
15:41:28.0643 4676 ROOTMODEM - ok
15:41:28.0737 4676 RoxLiveShare9 - ok
15:41:28.0784 4676 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:41:28.0846 4676 RpcLocator - ok
15:41:28.0877 4676 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
15:41:28.0893 4676 RpcSs - ok
15:41:28.0924 4676 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:41:28.0955 4676 rspndr - ok
15:41:29.0033 4676 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
15:41:29.0033 4676 s0016bus - ok
15:41:29.0080 4676 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
15:41:29.0096 4676 s0016mdfl - ok
15:41:29.0142 4676 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
15:41:29.0158 4676 s0016mdm - ok
15:41:29.0205 4676 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
15:41:29.0205 4676 s0016mgmt - ok
15:41:29.0220 4676 [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys
15:41:29.0236 4676 s0016nd5 - ok
15:41:29.0252 4676 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
15:41:29.0267 4676 s0016obex - ok
15:41:29.0298 4676 [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys
15:41:29.0314 4676 s0016unic - ok
15:41:29.0376 4676 [ 12A851F30853A5A8E7B50341FA4B0FFB ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys
15:41:29.0376 4676 s1018bus - ok
15:41:29.0423 4676 [ A0141D5DC689A892B3F30446CBE52575 ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys
15:41:29.0439 4676 s1018mdfl - ok
15:41:29.0470 4676 [ 07D430E4B2BFDE6B07F31F1DA6E7CAB0 ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys
15:41:29.0486 4676 s1018mdm - ok
15:41:29.0517 4676 [ D73C20D3F0F825C8FD23F841CDCB14C0 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys
15:41:29.0517 4676 s1018mgmt - ok
15:41:29.0548 4676 [ 895A1A2812DBD5AFDD5CA4686A89A33C ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys
15:41:29.0564 4676 s1018nd5 - ok
15:41:29.0595 4676 [ A986E9683C74FA06456FD2AD34BA1490 ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys
15:41:29.0610 4676 s1018obex - ok
15:41:29.0657 4676 [ DA83525924C23F30F37AC1D1F11D6F15 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys
15:41:29.0673 4676 s1018unic - ok
15:41:29.0704 4676 [ 815445F4676CC96BC9AEEC303C727E19 ] s116bus C:\Windows\system32\DRIVERS\s116bus.sys
15:41:29.0720 4676 s116bus - ok
15:41:29.0751 4676 [ 333D1E0743E6DE1779C3C418AC601C3A ] s116mdfl C:\Windows\system32\DRIVERS\s116mdfl.sys
15:41:29.0766 4676 s116mdfl - ok
15:41:29.0798 4676 [ 50D6E5B021E9EC7553AB8A3553CC1B6B ] s116mdm C:\Windows\system32\DRIVERS\s116mdm.sys
15:41:29.0813 4676 s116mdm - ok
15:41:29.0829 4676 [ 1589AA53E43F8D193A7D4D580D3FFA95 ] s116mgmt C:\Windows\system32\DRIVERS\s116mgmt.sys
15:41:29.0844 4676 s116mgmt - ok
15:41:29.0860 4676 [ 306F85733671FE507470F0273025E768 ] s116nd5 C:\Windows\system32\DRIVERS\s116nd5.sys
15:41:29.0876 4676 s116nd5 - ok
15:41:29.0907 4676 [ EC32601F04A5A5DE89315D0F55E73D66 ] s116obex C:\Windows\system32\DRIVERS\s116obex.sys
15:41:29.0907 4676 s116obex - ok
15:41:29.0954 4676 [ 32E3ECB4B2B5887426EAF241A8149CDE ] s116unic C:\Windows\system32\DRIVERS\s116unic.sys
15:41:29.0954 4676 s116unic - ok
15:41:29.0985 4676 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
15:41:29.0985 4676 SamSs - ok
15:41:30.0032 4676 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:41:30.0047 4676 sbp2port - ok
15:41:30.0094 4676 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:41:30.0125 4676 SCardSvr - ok
15:41:30.0188 4676 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
15:41:30.0219 4676 Schedule - ok
15:41:30.0281 4676 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
15:41:30.0297 4676 SCPolicySvc - ok
15:41:30.0328 4676 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:41:30.0375 4676 sdbus - ok
15:41:30.0390 4676 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:41:30.0468 4676 SDRSVC - ok
15:41:30.0515 4676 [ 3097CFF31374E309A8950775111A52BD ] se44bus C:\Windows\system32\DRIVERS\se44bus.sys
15:41:30.0578 4676 se44bus - ok
15:41:30.0609 4676 [ 1977FB3C58C7C714A0BA8AD7960EFB26 ] se44mgmt C:\Windows\system32\DRIVERS\se44mgmt.sys
15:41:30.0671 4676 se44mgmt - ok
15:41:30.0687 4676 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:41:30.0734 4676 secdrv - ok
15:41:30.0765 4676 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:41:30.0796 4676 seclogon - ok
15:41:30.0843 4676 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
15:41:30.0890 4676 seehcri - ok
15:41:30.0905 4676 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:41:30.0936 4676 SENS - ok
15:41:30.0952 4676 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:41:30.0999 4676 Serenum - ok
15:41:31.0030 4676 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:41:31.0092 4676 Serial - ok
15:41:31.0108 4676 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:41:31.0139 4676 sermouse - ok
15:41:31.0170 4676 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:41:31.0202 4676 SessionEnv - ok
15:41:31.0233 4676 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:41:31.0280 4676 sffdisk - ok
15:41:31.0295 4676 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:41:31.0342 4676 sffp_mmc - ok
15:41:31.0358 4676 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:41:31.0389 4676 sffp_sd - ok
15:41:31.0436 4676 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:41:31.0482 4676 sfloppy - ok
15:41:31.0529 4676 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:41:31.0592 4676 SharedAccess - ok
15:41:31.0638 4676 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:41:31.0670 4676 ShellHWDetection - ok
15:41:31.0701 4676 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:41:31.0716 4676 sisagp - ok
15:41:31.0732 4676 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:41:31.0748 4676 SiSRaid2 - ok
15:41:31.0763 4676 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:41:31.0763 4676 SiSRaid4 - ok
15:41:32.0013 4676 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
15:41:32.0247 4676 slsvc - ok
15:41:32.0278 4676 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:41:32.0309 4676 SLUINotify - ok
15:41:32.0340 4676 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:41:32.0387 4676 Smb - ok
15:41:32.0450 4676 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:41:32.0450 4676 SNMPTRAP - ok
15:41:32.0528 4676 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
15:41:32.0574 4676 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - warning
15:41:32.0574 4676 Sony Ericsson PCCompanion - detected UnsignedFile.Multi.Generic (1)
15:41:32.0590 4676 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:41:32.0606 4676 spldr - ok
15:41:32.0637 4676 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
15:41:32.0684 4676 Spooler - ok
15:41:32.0746 4676 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:41:32.0762 4676 SQLWriter - ok
15:41:32.0808 4676 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:41:32.0871 4676 srv - ok
15:41:32.0918 4676 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:41:32.0980 4676 srv2 - ok
15:41:33.0011 4676 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:41:33.0027 4676 srvnet - ok
15:41:33.0089 4676 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:41:33.0120 4676 SSDPSRV - ok
15:41:33.0152 4676 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:41:33.0183 4676 SstpSvc - ok
15:41:33.0230 4676 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
15:41:33.0276 4676 StillCam - ok
15:41:33.0308 4676 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
15:41:33.0339 4676 stisvc - ok
15:41:33.0354 4676 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:41:33.0370 4676 swenum - ok
15:41:33.0417 4676 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
15:41:33.0464 4676 swprv - ok
15:41:33.0479 4676 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:41:33.0495 4676 Symc8xx - ok
15:41:33.0510 4676 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:41:33.0526 4676 Sym_hi - ok
15:41:33.0557 4676 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:41:33.0557 4676 Sym_u3 - ok
15:41:33.0588 4676 [ C5F25D490D0915732508FD421BF76D93 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:41:33.0604 4676 SynTP - ok
15:41:33.0666 4676 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
15:41:33.0729 4676 SysMain - ok
15:41:33.0744 4676 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:41:33.0776 4676 TabletInputService - ok
15:41:33.0822 4676 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
15:41:33.0869 4676 TapiSrv - ok
15:41:33.0900 4676 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:41:33.0947 4676 TBS - ok
15:41:34.0072 4676 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:41:34.0150 4676 Tcpip - ok
15:41:34.0259 4676 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:41:34.0306 4676 Tcpip6 - ok
15:41:34.0337 4676 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:41:34.0384 4676 tcpipreg - ok
15:41:34.0524 4676 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:41:34.0587 4676 TDPIPE - ok
15:41:34.0618 4676 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:41:34.0649 4676 TDTCP - ok
15:41:34.0665 4676 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:41:34.0727 4676 tdx - ok
15:41:34.0758 4676 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:41:34.0774 4676 TermDD - ok
15:41:34.0914 4676 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
15:41:35.0008 4676 TermService - ok
15:41:35.0102 4676 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
15:41:35.0117 4676 Themes - ok
15:41:35.0133 4676 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:41:35.0164 4676 THREADORDER - ok
15:41:35.0211 4676 [ 78213F01CE781F93180BEF5EB5B3AD81 ] tifm21 C:\Windows\system32\drivers\tifm21.sys
15:41:35.0336 4676 tifm21 - ok
15:41:35.0398 4676 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:41:35.0460 4676 TrkWks - ok
15:41:35.0570 4676 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:41:35.0616 4676 TrustedInstaller - ok
15:41:35.0663 4676 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:41:35.0741 4676 tssecsrv - ok
15:41:35.0757 4676 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:41:35.0788 4676 tunmp - ok
15:41:35.0850 4676 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:41:35.0897 4676 tunnel - ok
15:41:35.0928 4676 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:41:35.0944 4676 uagp35 - ok
15:41:35.0991 4676 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:41:36.0038 4676 udfs - ok
15:41:36.0069 4676 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:41:36.0100 4676 UI0Detect - ok
15:41:36.0131 4676 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:41:36.0162 4676 uliagpkx - ok
15:41:36.0225 4676 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:41:36.0256 4676 uliahci - ok
15:41:36.0287 4676 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:41:36.0350 4676 UlSata - ok
15:41:36.0381 4676 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:41:36.0396 4676 ulsata2 - ok
15:41:36.0428 4676 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:41:36.0568 4676 umbus - ok
15:41:36.0662 4676 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:41:36.0708 4676 upnphost - ok
15:41:36.0786 4676 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
15:41:36.0958 4676 USBAAPL - ok
15:41:37.0005 4676 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:41:37.0098 4676 usbccgp - ok
15:41:37.0130 4676 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:41:37.0192 4676 usbcir - ok
15:41:37.0223 4676 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:41:37.0270 4676 usbehci - ok
15:41:37.0317 4676 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:41:37.0348 4676 usbhub - ok
15:41:37.0410 4676 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:41:37.0473 4676 usbohci - ok
15:41:37.0520 4676 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:41:37.0598 4676 usbprint - ok
15:41:37.0629 4676 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:41:37.0660 4676 usbscan - ok
15:41:37.0722 4676 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:41:37.0754 4676 USBSTOR - ok
15:41:37.0800 4676 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:41:37.0816 4676 usbuhci - ok
15:41:37.0910 4676 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:41:37.0972 4676 usbvideo - ok
15:41:37.0988 4676 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
15:41:38.0034 4676 UxSms - ok
15:41:38.0066 4676 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
15:41:38.0097 4676 vds - ok
15:41:38.0112 4676 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:41:38.0237 4676 vga - ok
15:41:38.0268 4676 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:41:38.0300 4676 VgaSave - ok
15:41:38.0315 4676 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:41:38.0331 4676 viaagp - ok
15:41:38.0362 4676 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:41:38.0378 4676 ViaC7 - ok
15:41:38.0393 4676 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:41:38.0393 4676 viaide - ok
15:41:38.0409 4676 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:41:38.0424 4676 volmgr - ok
15:41:38.0440 4676 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:41:38.0456 4676 volmgrx - ok
15:41:38.0456 4676 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:41:38.0471 4676 volsnap - ok
15:41:38.0502 4676 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:41:38.0518 4676 vsmraid - ok
15:41:38.0627 4676 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
15:41:38.0924 4676 VSS - ok
15:41:38.0970 4676 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
15:41:39.0033 4676 W32Time - ok
15:41:39.0064 4676 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:41:39.0111 4676 WacomPen - ok
15:41:39.0142 4676 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:41:39.0189 4676 Wanarp - ok
15:41:39.0251 4676 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:41:39.0267 4676 Wanarpv6 - ok
15:41:39.0407 4676 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:41:39.0563 4676 wcncsvc - ok
15:41:39.0626 4676 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:41:39.0672 4676 WcsPlugInService - ok
15:41:39.0719 4676 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:41:39.0750 4676 Wd - ok
15:41:39.0844 4676 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:41:39.0969 4676 Wdf01000 - ok
15:41:39.0984 4676 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:41:40.0047 4676 WdiServiceHost - ok
15:41:40.0109 4676 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:41:40.0125 4676 WdiSystemHost - ok
15:41:40.0250 4676 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
15:41:40.0312 4676 WebClient - ok
15:41:40.0468 4676 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:41:40.0577 4676 Wecsvc - ok
15:41:40.0671 4676 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:41:40.0796 4676 wercplsupport - ok
15:41:40.0858 4676 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
15:41:40.0952 4676 WerSvc - ok
15:41:41.0186 4676 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:41:41.0810 4676 winachsf - ok
15:41:42.0012 4676 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:41:42.0200 4676 WinDefend - ok
15:41:42.0324 4676 WinHttpAutoProxySvc - ok
15:41:42.0886 4676 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:41:43.0089 4676 Winmgmt - ok
15:41:43.0307 4676 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:41:44.0446 4676 WinRM - ok
15:41:44.0805 4676 WisINT15 - ok
15:41:45.0039 4676 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:41:45.0335 4676 Wlansvc - ok
15:41:45.0398 4676 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:41:45.0491 4676 WmiAcpi - ok
15:41:45.0600 4676 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:41:45.0678 4676 wmiApSrv - ok
15:41:45.0850 4676 [ C8F8AAC50B5B0BF821AB7D7126056B30 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
15:41:45.0850 4676 WMIService ( UnsignedFile.Multi.Generic ) - warning
15:41:45.0850 4676 WMIService - detected UnsignedFile.Multi.Generic (1)
15:41:45.0912 4676 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:41:46.0162 4676 WMPNetworkSvc - ok
15:41:46.0224 4676 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:41:46.0256 4676 WPCSvc - ok
15:41:46.0318 4676 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:41:46.0427 4676 WPDBusEnum - ok
15:41:46.0474 4676 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:41:46.0521 4676 WpdUsb - ok
15:41:46.0536 4676 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:41:46.0568 4676 ws2ifsl - ok
15:41:46.0630 4676 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
15:41:46.0661 4676 wscsvc - ok
15:41:46.0692 4676 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
15:41:46.0724 4676 WSDPrintDevice - ok
15:41:46.0739 4676 [ 9F6FA85E84D0A42D86A9DBB79D76B0ED ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
15:41:46.0786 4676 WSDScan - ok
15:41:46.0802 4676 WSearch - ok
15:41:47.0129 4676 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
15:41:47.0223 4676 wuauserv - ok
15:41:47.0238 4676 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:41:47.0270 4676 WUDFRd - ok
15:41:47.0348 4676 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:41:47.0410 4676 wudfsvc - ok
15:41:47.0426 4676 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
15:41:47.0457 4676 XAudio - ok
15:41:47.0504 4676 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
15:41:47.0706 4676 XAudioService - ok
15:41:47.0722 4676 ================ Scan global ===============================
15:41:47.0878 4676 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:41:47.0972 4676 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
15:41:47.0987 4676 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
15:41:48.0034 4676 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
15:41:48.0034 4676 [Global] - ok
15:41:48.0034 4676 ================ Scan MBR ==================================
15:41:48.0065 4676 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
15:41:52.0698 4676 \Device\Harddisk0\DR0 - ok
15:41:52.0698 4676 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:41:55.0132 4676 \Device\Harddisk1\DR1 - ok
15:41:55.0132 4676 ================ Scan VBR ==================================
15:41:55.0148 4676 [ 46CF572282B7731E1514CC2BBDF79A96 ] \Device\Harddisk0\DR0\Partition1
15:41:55.0179 4676 \Device\Harddisk0\DR0\Partition1 - ok
15:41:55.0194 4676 [ 8CB9F1D14D5E39F9364F76197EC64C37 ] \Device\Harddisk0\DR0\Partition2
15:41:55.0210 4676 \Device\Harddisk0\DR0\Partition2 - ok
15:41:55.0226 4676 [ CA90697F7AA4DBBAB1BA2CD2506EF477 ] \Device\Harddisk1\DR1\Partition1
15:41:55.0226 4676 \Device\Harddisk1\DR1\Partition1 - ok
15:41:55.0226 4676 ============================================================
15:41:55.0226 4676 Scan finished
15:41:55.0226 4676 ============================================================
15:41:55.0226 4656 Detected object count: 14
15:41:55.0226 4656 Actual detected object count: 14
15:42:19.0641 4656 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0641 4656 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0641 4656 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0641 4656 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0641 4656 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0641 4656 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0641 4656 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0641 4656 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0641 4656 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0641 4656 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0641 4656 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0641 4656 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0641 4656 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0656 4656 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0656 4656 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:19.0656 4656 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:19.0656 4656 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:22.0776 5420 Deinitialize success
|
|
15.05.2013, 14:48
| #10 |
| /// Malware-holic | Bundespolizei Trojaner -> Weisser Bildschirm Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2013, 15:43
| #11 |
| | Bundespolizei Trojaner -> Weisser Bildschirm Hi anbei der Log von Combofix Code:
ATTFilter ComboFix 13-05-14.01 - Niki 15.05.2013 16:19:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.43.1031.18.2038.972 [GMT 2:00]
ausgeführt von:: c:\users\Niki\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeA054.dll
c:\programdata\Roaming
c:\users\Niki\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
c:\users\Niki\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Niki\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Public\sdelevURL.tmp
c:\windows\IsUn0407.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-15 bis 2013-05-15 ))))))))))))))))))))))))))))))
.
.
2013-05-15 14:27 . 2013-05-15 14:32 -------- d-----w- c:\users\Niki\AppData\Local\temp
2013-05-15 12:29 . 2013-05-15 12:29 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2013-05-15 12:29 . 2013-05-15 12:29 262552 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-15 12:29 . 2013-05-15 12:29 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-05-15 12:29 . 2013-05-15 12:29 26520 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-05-15 12:29 . 2013-05-15 12:29 170232 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-17 09:19 . 2013-03-17 09:14 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-17 09:19 . 2011-06-20 17:58 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"HP Officejet 4620 series (NET)"="c:\program files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2011-12-18 1820520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-02 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0AMwA3ADMAMQA3ADUAMwAwADEALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBEAEQAVAArADUANwA0ADIAMgAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAC0AQwBJAEEAOQAwACsAMgAtAEYAOQAwAE0AMQAyAFIAKwAxADEALQBWAEkAUAAxADIAKwAxAA&prod=90&ver=9.0.894" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-28 739880]
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-7-21 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 10:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 12:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-08 19:46 305064 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-17 09:19]
.
2013-05-15 c:\windows\Tasks\User_Feed_Synchronization-{DA4445A7-6BC6-4550-BC89-F7F84E3DF3DB}.job
- c:\windows\system32\msfeedssync.exe [2011-07-22 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} - hxxp://192.168.1.5:8080/officescan/console/html/AtxConsole.cab
FF - ProfilePath - c:\users\Niki\AppData\Roaming\Mozilla\Firefox\Profiles\s9fy7n8b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - ExtSQL: !HIDDEN! 2009-08-04 10:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-15 16:32
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\Niki\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2851880367-2687470453-595412887-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,09,de,0e,08,fb,0b,6f,bc,3b,96,8f,c9,3f,56,66,98,52,c5,5c,6d,
31,9f,1d,2e,3e,26,1a,30,3c,fe,a7,df,21,bd,ea,dc,3a,81,7d,a2,0e,3a,d1,54,03,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3760)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-15 16:38:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-15 14:38
.
Vor Suchlauf: 13 Verzeichnis(se), 45.851.578.368 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 45.680.914.432 Bytes frei
.
- - End Of File - - E9192F2D31890016DA3ED457544EE992
|
|
15.05.2013, 16:19
| #12 |
| /// Malware-holic | Bundespolizei Trojaner -> Weisser Bildschirm Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.05.2013, 08:40
| #13 |
| | Bundespolizei Trojaner -> Weisser Bildschirm Hi Sorry für die späte Rückmeldung ich war leider ziehmlich im Stress. anbei der Log von Malwarebyts Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.22.02 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Niki :: NB-NIKI [Administrator] 22.05.2013 07:59:40 mbam-log-2013-05-22 (07-59-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 383670 Laufzeit: 1 Stunde(n), 12 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 D:\daten\xp_key_and_wga_crack\XPKey.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) scheint erfolgreich gewesen zu sein. |
|
22.05.2013, 10:57
| #14 |
| /// Malware-holic | Bundespolizei Trojaner -> Weisser Bildschirm Die Verwendung von Keygens ist nicht legal, deswegen gibts hier nur Hilfe beim neu aufsetzen: http://www.trojaner-board.de/95393-c...-software.html sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html[/LIST]2. Formatieren, Windows neu instalieren:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.05.2013, 12:08
| #15 |
| | Bundespolizei Trojaner -> Weisser Bildschirm Hi, mir ist durchaus klar das Keygens nicht legal sind es ist nicht mein PC und ausserdem kann der normale Benutzer mit einem Keygen nichts anfangen... das ist ein absoluter "USER" ! Ich denke auch nicht das er den bewusst wo runter geladen hatt sondern eher irgendwo mitgekommen hat. |
|
| Themen zu Bundespolizei Trojaner -> Weisser Bildschirm |
| autorun, bho, bildschirm, bingbar, bonjour, desktop, encrypt, excel, firefox, flash player, format, gmx.net, google, helper, home, logfile, mozilla, nicht möglich, officejet, popup, realtek, registry, scan, security, server, software, taskmanager, trojaner, windows |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
