|
Plagegeister aller Art und deren Bekämpfung: Trojaner auf Vista-RechnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.06.2013, 14:50 | #1 |
| Trojaner auf Vista-Rechner Hallo, ich brauche mal Eure Hilfe, habe mir einen Trojaner (weisser Bildschirm nach Hochfahren) eingefangen. Habe nun OTL über Hochfahren mit Eingabeaufforderung laufen lassen. Hier die Logfiles: Extra: OTL Extras logfile created on: 02.06.2013 15:25:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 87,60% Memory free 8,10 Gb Paging File | 7,73 Gb Available in Paging File | 95,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,20 Gb Total Space | 153,88 Gb Free Space | 70,52% Space Free | Partition Type: NTFS Drive E: | 4,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 3,77 Gb Total Space | 3,73 Gb Free Space | 98,76% Space Free | Partition Type: NTFS Computer Name: MANNI-PC | User Name: Manni | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = F4 8C 7F 6C B5 59 CC 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A58BD41-3296-4C5B-8A7C-06754882A7FF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{19012CF1-EFA1-43CA-914B-1DCDBADD4E00}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4005591E-854C-4B1C-BB97-FE02157EEA94}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{49000670-B0B9-4BE1-8B4F-E4AAB8DFFC02}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{62A186E8-5A76-4930-9DD3-514B0A9DC8F6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{7CFF7ED8-56E4-4AD3-9436-C8F3FBFADFBB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{97B881F1-A22B-4759-8AF3-7C850889D75A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | "{BD9FD07D-E6CA-4E85-BE30-EF4B7B41BFBE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{CD36F5FA-A7CB-4BF7-89D8-F8D46F63AB50}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{D74CE467-E44A-4460-9C22-E1D74A8F63F9}" = dir=in | app=c:\users\manni\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{DD954807-835F-41B0-8FD8-ACB77BE91532}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | "{EB83C1EB-5BD5-48EC-8427-C9A1C3684CD4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "TCP Query User{14B7CF26-AE43-4A37-956F-8DF3B6FE31FC}C:\users\manni\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\manni\appdata\roaming\spotify\spotify.exe | "TCP Query User{E9B6FDEF-E13D-446A-80D5-463F6FE549CF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{08F1C11F-3FE4-4BCB-88A0-578645E59CD7}C:\users\manni\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\manni\appdata\roaming\spotify\spotify.exe | "UDP Query User{98036EF8-646A-4121-AC7A-C14F0E3A796C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{261F2A97-EF19-44F7-8040-78DC574CD22A}" = Intel(R) PROSet/Wireless WiFi-Software "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{64FBA03C-575C-D688-1C80-A5773CE471F9}" = ATI Catalyst Install Manager "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64 "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Creative OA008" = Integrated Webcam Driver (1.04.01.0601) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "ProInst" = Intel PROSet Wireless "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean "{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian "{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish "{0E8DC723-F1CD-424A-96CC-12428E7A1B4B}" = Citrix Receiver (HDX Flash-Umleitung) "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All "{3068513C-3AAC-410B-BAE7-C7837FFF8DEB}" = Citrix Receiver (USB) "{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese "{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New "{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D594333-0076-A76A-76A7-A758B70B0801}" = Ask Toolbar "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish "{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing "{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch "{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{690A2C67-B011-7780-2198-0213515D61E2}" = flatex trader 2.0 "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding "{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista "{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese "{7468ACCE-6FA8-4794-90B9-C28BD9CC79DD}" = Citrix Receiver Updater "{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static "{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}" = Online Plug-in "{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{9D431014-9F90-4335-A58E-8A14B0BD77F1}" = Citrix Receiver Inside "{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B92051A3-3ABB-4A26-A615-2298BE7CBC28}" = Citrix Authentication Manager "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian "{D29DDA9B-FE05-48F1-A9D1-F6346A0A301A}" = Citrix Receiver (DV) "{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light "{E3A60962-B768-4EA3-B0B6-DA671276B81A}" = Citrix Receiver(Aero) "{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish "{EF269F8D-1DFE-4C3B-9CE9-09C5773C0CF9}" = Self-Service Plug-in "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard "{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "CitrixOnlinePluginPackWeb" = Citrix Receiver "Google Chrome" = Google Chrome "iLivid" = iLivid "LiveVDO plugin" = LiveVDO plugin 1.3 "ManyCam" = ManyCam 3.1.43 "PartyPoker" = PartyPoker "PlayerPlus" = PlayerPlus "TeamViewer 6" = TeamViewer 6 "TeamViewer 7" = TeamViewer 7 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3241477791-2848227877-102253460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.05.2013 14:35:01 | Computer Name = Manni-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLL". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST" in Zeile 5. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 27.05.2013 14:35:52 | Computer Name = Manni-PC | Source = WinMgmt | ID = 10 Description = Error - 27.05.2013 14:41:59 | Computer Name = Manni-PC | Source = LoadPerf | ID = 3012 Description = Error - 27.05.2013 14:41:59 | Computer Name = Manni-PC | Source = LoadPerf | ID = 3012 Description = Error - 27.05.2013 14:41:59 | Computer Name = Manni-PC | Source = LoadPerf | ID = 3011 Description = Error - 27.05.2013 14:46:57 | Computer Name = Manni-PC | Source = WinMgmt | ID = 10 Description = Error - 27.05.2013 14:46:57 | Computer Name = Manni-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul mshtml.dll, Version 9.0.8112.16484, Zeitstempel 0x5186b207, Ausnahmecode 0xc00002b4, Fehleroffset 0x00414f38, Prozess-ID 0x830, Anwendungsstartzeit 01ce5b0a6128d4d0. Error - 27.05.2013 14:47:37 | Computer Name = Manni-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLL". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST" in Zeile 5. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 27.05.2013 14:52:48 | Computer Name = Manni-PC | Source = LoadPerf | ID = 3012 Description = Error - 27.05.2013 14:52:48 | Computer Name = Manni-PC | Source = LoadPerf | ID = 3012 Description = Error - 27.05.2013 14:52:48 | Computer Name = Manni-PC | Source = LoadPerf | ID = 3011 Description = [ System Events ] Error - 02.06.2013 09:23:47 | Computer Name = Manni-PC | Source = Service Control Manager | ID = 7001 Description = Error - 02.06.2013 09:23:47 | Computer Name = Manni-PC | Source = Service Control Manager | ID = 7001 Description = Error - 02.06.2013 09:23:47 | Computer Name = Manni-PC | Source = Service Control Manager | ID = 7001 Description = Error - 02.06.2013 09:23:47 | Computer Name = Manni-PC | Source = Service Control Manager | ID = 7001 Description = Error - 02.06.2013 09:23:47 | Computer Name = Manni-PC | Source = Service Control Manager | ID = 7001 Description = Error - 02.06.2013 09:23:47 | Computer Name = Manni-PC | Source = Service Control Manager | ID = 7001 Description = Error - 02.06.2013 09:23:47 | Computer Name = Manni-PC | Source = Service Control Manager | ID = 7001 Description = Error - 02.06.2013 09:23:47 | Computer Name = Manni-PC | Source = Service Control Manager | ID = 7001 Description = Error - 02.06.2013 09:23:47 | Computer Name = Manni-PC | Source = Service Control Manager | ID = 7001 Description = Error - 02.06.2013 09:23:47 | Computer Name = Manni-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > OTL: OTL logfile created on: 02.06.2013 15:25:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 87,60% Memory free 8,10 Gb Paging File | 7,73 Gb Available in Paging File | 95,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,20 Gb Total Space | 153,88 Gb Free Space | 70,52% Space Free | Partition Type: NTFS Drive E: | 4,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 3,77 Gb Total Space | 3,73 Gb Free Space | 98,76% Space Free | Partition Type: NTFS Computer Name: MANNI-PC | User Name: Manni | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.02 14:24:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.06.25 18:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.14 21:33:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.03 11:22:16 | 000,169,096 | ---- | M] (APN LLC.) [Auto | Stopped] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 19:57:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 19:57:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.31 11:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.12.05 17:23:34 | 000,098,888 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2012.10.11 05:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2012.05.08 19:57:36 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 19:57:36 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.06.25 19:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.04 07:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.05.06 17:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid) DRV:64bit: - [2009.04.30 22:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) DRV:64bit: - [2009.04.11 07:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2009.03.06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd) DRV:64bit: - [2008.06.26 06:40:20 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) DRV:64bit: - [2008.06.19 18:46:50 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2006.11.18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2006.11.17 17:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=2&cf=593fb093-840f-11e1-b7b8-0026b908bc43 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://startsear.ch/?aff=2&src=sp&cf=593fb093-840f-11e1-b7b8-0026b908bc43&q={searchTerms} IE - HKLM\..\SearchScopes\{AB6AE30D-FC4C-4C21-ACA1-F64D5621FA7D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109101&tt=290312_bexdll&babsrc=SP_ss&mntrId=c6e4fe100000000000000026b908bc43 IE - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deAT439 IE - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\..\SearchScopes\{9712E724-EF5F-4D62-90E6-47FBC71E45E3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=38C9182D-583A-41A7-A936-0870625537BE&apn_sauid=D427E0AF-AB87-4B96-A910-23AAC4983B2B IE - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\..\SearchScopes\{AB6AE30D-FC4C-4C21-ACA1-F64D5621FA7D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deAT439 IE - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Manni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - Extension: YouTube = C:\Users\Manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: LiveVDO plugin = C:\Users\Manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\ CHR - Extension: Google Mail = C:\Users\Manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Ask Toolbar) - {4D594333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll (APN LLC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {4D594333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll (APN LLC.) O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\..\Toolbar\WebBrowser: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O3 - HKU\S-1-5-21-3241477791-2848227877-102253460-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFBD0654-D586-4C96-B92E-AD93090B8779}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\ica - No CLSID value found O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3241477791-2848227877-102253460-1000 Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3241477791-2848227877-102253460-1000 Winlogon: Shell - (C:\Users\Manni\AppData\Roaming\skype.dat) - C:\Users\Manni\AppData\Roaming\skype.dat () O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c3f0c1e4-e3c0-11e0-be56-0026b908bc43}\Shell - "" = AutoRun O33 - MountPoints2\{c3f0c1e4-e3c0-11e0-be56-0026b908bc43}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.15 00:24:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.15 00:24:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.15 00:24:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 00:24:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 00:24:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.15 00:24:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.15 00:24:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.15 00:24:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.15 00:24:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.15 00:24:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.15 00:24:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 00:24:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 00:24:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 00:24:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 00:24:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.14 22:40:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll ========== Files - Modified Within 30 Days ========== [2013.06.02 15:29:07 | 000,689,324 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.02 15:29:07 | 000,614,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.02 15:29:07 | 000,151,280 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.02 15:29:07 | 000,146,000 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.02 15:29:07 | 000,121,836 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.02 15:22:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.28 18:54:37 | 000,000,004 | ---- | M] () -- C:\Users\Manni\AppData\Roaming\skype.ini [2013.05.28 18:53:30 | 000,007,836 | ---- | M] () -- C:\Users\Manni\AppData\Local\d3d9caps.dat [2013.05.28 18:53:11 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.28 18:53:06 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 18:53:06 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.27 21:18:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.26 22:51:02 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241477791-2848227877-102253460-1000UA.job [2013.05.26 22:51:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3241477791-2848227877-102253460-1000Core.job [2013.05.26 22:33:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.16 21:42:45 | 000,228,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.14 21:33:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.14 21:33:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.05.26 22:43:39 | 000,000,004 | ---- | C] () -- C:\Users\Manni\AppData\Roaming\skype.ini [2013.02.25 23:03:41 | 000,504,401 | ---- | C] () -- C:\Users\Manni\20130225_121838.jpg [2013.02.25 23:03:41 | 000,353,503 | ---- | C] () -- C:\Users\Manni\20130225_121711.jpg [2012.01.11 22:01:45 | 000,058,880 | ---- | C] () -- C:\Users\Manni\AppData\Roaming\skype.dat [2011.07.23 21:36:00 | 000,013,312 | ---- | C] () -- C:\Users\Manni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.29 22:45:54 | 000,007,836 | ---- | C] () -- C:\Users\Manni\AppData\Local\d3d9caps.dat [2011.05.29 22:36:25 | 000,000,732 | ---- | C] () -- C:\Users\Manni\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Danke, Gruß Manni |
02.06.2013, 14:53 | #2 |
/// Malware-holic | Trojaner auf Vista-Rechner Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL O20 - HKU\S-1-5-21-3241477791-2848227877-102253460-1000 Winlogon: Shell - (C:\Users\Manni\AppData\Roaming\skype.dat) - C:\Users\Manni\AppData\Roaming\skype.dat () O20 - HKU\S-1-5-21-3241477791-2848227877-102253460-1000 Winlogon: Shell - (C:\Users\Manni\AppData\Roaming\skype.dat) - C:\Users\Manni\AppData\Roaming\skype.dat () :files :Commands [emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
02.06.2013, 15:25 | #3 |
| Trojaner auf Vista-Rechner Hier die Textdatei...habe es aber auf dem zweitrechner gemacht, hoffe es war richtig:
__________________All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-3241477791-2848227877-102253460-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon not found. File C:\Users\Manni\AppData\Roaming\skype.dat not found. Registry key HKEY_USERS\S-1-5-21-3241477791-2848227877-102253460-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon not found. File C:\Users\Manni\AppData\Roaming\skype.dat not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Korinna ->Temp folder emptied: 385905188 bytes ->Temporary Internet Files folder emptied: 519642136 bytes ->Java cache emptied: 4400867 bytes ->Flash cache emptied: 15820 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 957771413 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 347906721 bytes Total Files Cleaned = 2.113,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06022013_161707 Files\Folders moved on Reboot... C:\Users\Korinna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... So nun auf dem richtigen Rechner (dem infizierten): All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-3241477791-2848227877-102253460-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Manni\AppData\Roaming\skype.dat deleted successfully. C:\Users\Manni\AppData\Roaming\skype.dat moved successfully. Registry value HKEY_USERS\S-1-5-21-3241477791-2848227877-102253460-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Manni\AppData\Roaming\skype.dat deleted successfully. File C:\Users\Manni\AppData\Roaming\skype.dat not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 400807 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Manni ->Temp folder emptied: 417989296 bytes ->Temporary Internet Files folder emptied: 11272578621 bytes ->Java cache emptied: 1053896 bytes ->Google Chrome cache emptied: 6402133 bytes ->Flash cache emptied: 65174 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 532328539 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 374356 bytes Total Files Cleaned = 11.665,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06022013_171407 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
02.06.2013, 16:43 | #4 |
/// Malware-holic | Trojaner auf Vista-Rechner Danke fürs hochladen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.06.2013, 16:45 | #5 |
| Trojaner auf Vista-Rechner Upload hat funktioniert...Rechner lässt sich wieder bedienen...wie muss ich weiter vorgehen...Danke im Vorraus |
02.06.2013, 16:46 | #6 |
/// Malware-holic | Trojaner auf Vista-Rechner Siehe einem über deinem post, wir haben uns überschnitten
__________________ --> Trojaner auf Vista-Rechner |
02.06.2013, 16:54 | #7 |
| Trojaner auf Vista-Rechner 17:50:49.0615 2524 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 17:50:50.0083 2524 ============================================================ 17:50:50.0083 2524 Current date / time: 2013/06/02 17:50:50.0083 17:50:50.0083 2524 SystemInfo: 17:50:50.0083 2524 17:50:50.0083 2524 OS Version: 6.0.6002 ServicePack: 2.0 17:50:50.0083 2524 Product type: Workstation 17:50:50.0083 2524 ComputerName: MANNI-PC 17:50:50.0083 2524 UserName: Manni 17:50:50.0083 2524 Windows directory: C:\Windows 17:50:50.0083 2524 System windows directory: C:\Windows 17:50:50.0083 2524 Running under WOW64 17:50:50.0083 2524 Processor architecture: Intel x64 17:50:50.0083 2524 Number of processors: 2 17:50:50.0083 2524 Page size: 0x1000 17:50:50.0083 2524 Boot type: Normal boot 17:50:50.0083 2524 ============================================================ 17:50:51.0706 2524 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:50:51.0706 2524 Drive \Device\Harddisk1\DR1 - Size: 0xF1800000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:50:51.0721 2524 ============================================================ 17:50:51.0721 2524 \Device\Harddisk0\DR0: 17:50:51.0721 2524 MBR partitions: 17:50:51.0721 2524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x14000, BlocksNum 0x1D4B800 17:50:51.0721 2524 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB 17:50:51.0721 2524 \Device\Harddisk1\DR1: 17:50:51.0721 2524 MBR partitions: 17:50:51.0721 2524 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x78BFE0 17:50:51.0721 2524 ============================================================ 17:50:51.0752 2524 C: <-> \Device\Harddisk0\DR0\Partition2 17:50:51.0768 2524 ============================================================ 17:50:51.0768 2524 Initialize success 17:50:51.0768 2524 ============================================================ 17:51:00.0941 0448 ============================================================ 17:51:00.0941 0448 Scan started 17:51:00.0941 0448 Mode: Manual; SigCheck; TDLFS; 17:51:00.0941 0448 ============================================================ 17:51:02.0095 0448 ================ Scan system memory ======================== 17:51:02.0095 0448 System memory - ok 17:51:02.0095 0448 ================ Scan services ============================= 17:51:02.0314 0448 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 17:51:02.0501 0448 ACPI - ok 17:51:03.0156 0448 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:51:03.0187 0448 AdobeARMservice - ok 17:51:03.0343 0448 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:51:03.0374 0448 AdobeFlashPlayerUpdateSvc - ok 17:51:03.0437 0448 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 17:51:03.0530 0448 adp94xx - ok 17:51:03.0593 0448 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 17:51:03.0640 0448 adpahci - ok 17:51:03.0655 0448 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 17:51:03.0702 0448 adpu160m - ok 17:51:03.0733 0448 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 17:51:03.0764 0448 adpu320 - ok 17:51:03.0827 0448 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:51:03.0889 0448 AeLookupSvc - ok 17:51:04.0014 0448 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 17:51:04.0201 0448 AFD - ok 17:51:04.0232 0448 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:51:04.0264 0448 agp440 - ok 17:51:04.0310 0448 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 17:51:04.0342 0448 aic78xx - ok 17:51:04.0388 0448 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 17:51:04.0451 0448 ALG - ok 17:51:04.0482 0448 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys 17:51:04.0513 0448 aliide - ok 17:51:04.0560 0448 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 17:51:04.0638 0448 AMD External Events Utility - ok 17:51:04.0654 0448 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 17:51:04.0669 0448 amdide - ok 17:51:04.0716 0448 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 17:51:04.0794 0448 AmdK8 - ok 17:51:05.0980 0448 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 17:51:06.0011 0448 AntiVirSchedulerService - ok 17:51:06.0089 0448 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 17:51:06.0104 0448 AntiVirService - ok 17:51:06.0370 0448 [ 8549D4B927C6AE13A118296F2251CC51 ] APNMCP C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe 17:51:06.0401 0448 APNMCP - ok 17:51:06.0526 0448 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 17:51:06.0572 0448 Appinfo - ok 17:51:06.0588 0448 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 17:51:06.0619 0448 arc - ok 17:51:06.0666 0448 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 17:51:06.0697 0448 arcsas - ok 17:51:06.0744 0448 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:51:06.0853 0448 AsyncMac - ok 17:51:06.0884 0448 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 17:51:06.0916 0448 atapi - ok 17:51:06.0994 0448 [ 6309D37A01E04EB01A6C15AC87EC8294 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 17:51:07.0025 0448 AtiHdmiService - ok 17:51:07.0212 0448 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 17:51:07.0649 0448 atikmdag - ok 17:51:07.0711 0448 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:51:07.0836 0448 AudioEndpointBuilder - ok 17:51:07.0867 0448 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:51:07.0961 0448 AudioSrv - ok 17:51:08.0023 0448 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 17:51:08.0039 0448 avgntflt - ok 17:51:08.0086 0448 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 17:51:08.0117 0448 avipbb - ok 17:51:08.0179 0448 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 17:51:08.0210 0448 avkmgr - ok 17:51:08.0257 0448 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll 17:51:08.0335 0448 BFE - ok 17:51:08.0398 0448 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll 17:51:08.0476 0448 BITS - ok 17:51:08.0507 0448 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 17:51:08.0569 0448 blbdrive - ok 17:51:08.0616 0448 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:51:08.0632 0448 bowser - ok 17:51:08.0663 0448 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 17:51:08.0694 0448 BrFiltLo - ok 17:51:08.0710 0448 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 17:51:08.0756 0448 BrFiltUp - ok 17:51:08.0834 0448 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 17:51:08.0897 0448 Browser - ok 17:51:08.0959 0448 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 17:51:09.0053 0448 Brserid - ok 17:51:09.0131 0448 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 17:51:09.0209 0448 BrSerWdm - ok 17:51:09.0256 0448 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 17:51:09.0334 0448 BrUsbMdm - ok 17:51:09.0365 0448 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 17:51:09.0458 0448 BrUsbSer - ok 17:51:09.0505 0448 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 17:51:09.0599 0448 BTHMODEM - ok 17:51:09.0646 0448 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:51:09.0692 0448 cdfs - ok 17:51:09.0724 0448 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:51:09.0786 0448 cdrom - ok 17:51:09.0833 0448 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 17:51:09.0880 0448 CertPropSvc - ok 17:51:09.0911 0448 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys 17:51:09.0989 0448 circlass - ok 17:51:10.0051 0448 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 17:51:10.0145 0448 CLFS - ok 17:51:10.0254 0448 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:51:10.0285 0448 clr_optimization_v2.0.50727_32 - ok 17:51:10.0363 0448 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:51:10.0379 0448 clr_optimization_v2.0.50727_64 - ok 17:51:10.0535 0448 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:51:10.0566 0448 clr_optimization_v4.0.30319_32 - ok 17:51:10.0660 0448 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:51:10.0675 0448 clr_optimization_v4.0.30319_64 - ok 17:51:10.0738 0448 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:51:10.0784 0448 CmBatt - ok 17:51:10.0847 0448 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:51:10.0862 0448 cmdide - ok 17:51:10.0894 0448 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:51:10.0909 0448 Compbatt - ok 17:51:10.0925 0448 COMSysApp - ok 17:51:10.0925 0448 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 17:51:10.0956 0448 crcdisk - ok 17:51:11.0018 0448 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:51:11.0050 0448 CryptSvc - ok 17:51:11.0128 0448 [ C20E2A7A29F06A69C40E949255257B01 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 17:51:11.0174 0448 ctxusbm - ok 17:51:11.0268 0448 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 17:51:11.0346 0448 DcomLaunch - ok 17:51:11.0393 0448 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:51:11.0424 0448 DfsC - ok 17:51:11.0596 0448 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 17:51:12.0064 0448 DFSR - ok 17:51:12.0157 0448 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 17:51:12.0220 0448 Dhcp - ok 17:51:12.0251 0448 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 17:51:12.0282 0448 disk - ok 17:51:12.0313 0448 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:51:12.0344 0448 Dnscache - ok 17:51:12.0376 0448 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 17:51:12.0438 0448 dot3svc - ok 17:51:12.0485 0448 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 17:51:12.0547 0448 DPS - ok 17:51:12.0594 0448 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:51:12.0656 0448 drmkaud - ok 17:51:12.0750 0448 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:51:12.0859 0448 DXGKrnl - ok 17:51:12.0937 0448 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 17:51:13.0000 0448 E1G60 - ok 17:51:13.0078 0448 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 17:51:13.0109 0448 EapHost - ok 17:51:13.0140 0448 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 17:51:13.0171 0448 Ecache - ok 17:51:13.0249 0448 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:51:13.0296 0448 ehRecvr - ok 17:51:13.0312 0448 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 17:51:13.0343 0448 ehSched - ok 17:51:13.0374 0448 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 17:51:13.0421 0448 ehstart - ok 17:51:13.0452 0448 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 17:51:13.0483 0448 elxstor - ok 17:51:13.0514 0448 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 17:51:13.0608 0448 EMDMgmt - ok 17:51:13.0655 0448 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:51:13.0717 0448 ErrDev - ok 17:51:13.0920 0448 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 17:51:14.0045 0448 EventSystem - ok 17:51:14.0185 0448 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 17:51:14.0248 0448 exfat - ok 17:51:14.0326 0448 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:51:14.0419 0448 fastfat - ok 17:51:14.0513 0448 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:51:14.0575 0448 fdc - ok 17:51:14.0606 0448 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 17:51:14.0653 0448 fdPHost - ok 17:51:14.0684 0448 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 17:51:14.0778 0448 FDResPub - ok 17:51:14.0809 0448 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:51:14.0840 0448 FileInfo - ok 17:51:14.0872 0448 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:51:14.0934 0448 Filetrace - ok 17:51:14.0965 0448 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:51:15.0028 0448 flpydisk - ok 17:51:15.0074 0448 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:51:15.0106 0448 FltMgr - ok 17:51:15.0184 0448 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 17:51:15.0293 0448 FontCache - ok 17:51:15.0340 0448 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:51:15.0371 0448 FontCache3.0.0.0 - ok 17:51:15.0418 0448 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:51:15.0480 0448 Fs_Rec - ok 17:51:15.0605 0448 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 17:51:15.0636 0448 gagp30kx - ok 17:51:15.0698 0448 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 17:51:15.0823 0448 gpsvc - ok 17:51:15.0932 0448 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:51:15.0948 0448 gupdate - ok 17:51:16.0010 0448 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:51:16.0026 0448 gupdatem - ok 17:51:16.0073 0448 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 17:51:16.0088 0448 gusvc - ok 17:51:16.0151 0448 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:51:16.0244 0448 HdAudAddService - ok 17:51:16.0307 0448 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:51:16.0478 0448 HDAudBus - ok 17:51:16.0572 0448 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 17:51:16.0697 0448 HidBth - ok 17:51:16.0759 0448 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys 17:51:16.0868 0448 HidIr - ok 17:51:17.0009 0448 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll 17:51:17.0040 0448 hidserv - ok 17:51:17.0071 0448 [ D02C82CB3A20F391C8AEFF94E8E0BAA1 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:51:17.0165 0448 HidUsb - ok 17:51:17.0212 0448 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 17:51:17.0274 0448 hkmsvc - ok 17:51:17.0336 0448 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 17:51:17.0368 0448 HpCISSs - ok 17:51:17.0446 0448 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:51:17.0524 0448 HTTP - ok 17:51:17.0570 0448 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 17:51:17.0602 0448 i2omp - ok 17:51:17.0664 0448 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:51:17.0742 0448 i8042prt - ok 17:51:17.0804 0448 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 17:51:17.0851 0448 iaStorV - ok 17:51:17.0945 0448 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:51:18.0054 0448 idsvc - ok 17:51:18.0070 0448 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 17:51:18.0101 0448 iirsp - ok 17:51:18.0163 0448 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 17:51:18.0304 0448 IKEEXT - ok 17:51:18.0350 0448 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys 17:51:18.0382 0448 intelide - ok 17:51:18.0397 0448 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:51:18.0460 0448 intelppm - ok 17:51:18.0522 0448 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:51:18.0600 0448 IPBusEnum - ok 17:51:18.0647 0448 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:51:18.0756 0448 IpFilterDriver - ok 17:51:18.0834 0448 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:51:18.0850 0448 iphlpsvc - ok 17:51:18.0865 0448 IpInIp - ok 17:51:18.0928 0448 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 17:51:19.0037 0448 IPMIDRV - ok 17:51:19.0099 0448 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 17:51:19.0146 0448 IPNAT - ok 17:51:19.0208 0448 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:51:19.0271 0448 IRENUM - ok 17:51:19.0333 0448 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:51:19.0364 0448 isapnp - ok 17:51:19.0411 0448 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 17:51:19.0427 0448 iScsiPrt - ok 17:51:19.0474 0448 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 17:51:19.0505 0448 iteatapi - ok 17:51:19.0536 0448 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 17:51:19.0567 0448 iteraid - ok 17:51:19.0645 0448 [ EB5C7891B9E6E4A1A4428F2160B12B53 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 17:51:19.0692 0448 k57nd60a - ok 17:51:19.0723 0448 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:51:19.0739 0448 kbdclass - ok 17:51:19.0801 0448 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:51:19.0864 0448 kbdhid - ok 17:51:19.0926 0448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 17:51:19.0957 0448 KeyIso - ok 17:51:20.0113 0448 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:51:20.0207 0448 KSecDD - ok 17:51:20.0269 0448 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:51:20.0332 0448 ksthunk - ok 17:51:20.0378 0448 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 17:51:20.0519 0448 KtmRm - ok 17:51:20.0581 0448 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll 17:51:20.0675 0448 LanmanServer - ok 17:51:20.0737 0448 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:51:20.0768 0448 LanmanWorkstation - ok 17:51:20.0784 0448 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:51:20.0862 0448 lltdio - ok 17:51:20.0909 0448 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:51:21.0034 0448 lltdsvc - ok 17:51:21.0798 0448 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:51:21.0892 0448 lmhosts - ok 17:51:21.0970 0448 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 17:51:22.0001 0448 LSI_FC - ok 17:51:22.0063 0448 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 17:51:22.0094 0448 LSI_SAS - ok 17:51:22.0126 0448 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 17:51:22.0157 0448 LSI_SCSI - ok 17:51:22.0204 0448 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 17:51:22.0266 0448 luafv - ok 17:51:22.0313 0448 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys 17:51:22.0328 0448 LVPr2M64 - ok 17:51:22.0344 0448 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys 17:51:22.0360 0448 LVPr2Mon - ok 17:51:22.0422 0448 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 17:51:22.0438 0448 LVPrcS64 - ok 17:51:22.0625 0448 [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys 17:51:22.0640 0448 ManyCam - ok 17:51:22.0765 0448 [ 5858C4ABE87D0A842A941D6BD08038F1 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys 17:51:22.0781 0448 mcaudrv_simple - ok 17:51:22.0906 0448 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:51:22.0984 0448 Mcx2Svc - ok 17:51:23.0030 0448 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 17:51:23.0062 0448 megasas - ok 17:51:23.0108 0448 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 17:51:23.0171 0448 MegaSR - ok 17:51:23.0186 0448 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 17:51:23.0264 0448 MMCSS - ok 17:51:23.0296 0448 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 17:51:23.0358 0448 Modem - ok 17:51:23.0405 0448 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:51:23.0467 0448 monitor - ok 17:51:23.0530 0448 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:51:23.0561 0448 mouclass - ok 17:51:23.0608 0448 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:51:23.0670 0448 mouhid - ok 17:51:23.0701 0448 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 17:51:23.0732 0448 MountMgr - ok 17:51:23.0764 0448 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 17:51:23.0795 0448 mpio - ok 17:51:23.0810 0448 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:51:23.0888 0448 mpsdrv - ok 17:51:23.0935 0448 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll 17:51:23.0998 0448 MpsSvc - ok 17:51:24.0044 0448 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 17:51:24.0060 0448 Mraid35x - ok 17:51:24.0122 0448 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:51:24.0138 0448 MRxDAV - ok 17:51:24.0216 0448 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:51:24.0278 0448 mrxsmb - ok 17:51:24.0325 0448 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:51:24.0356 0448 mrxsmb10 - ok 17:51:24.0372 0448 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:51:24.0419 0448 mrxsmb20 - ok 17:51:24.0450 0448 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys 17:51:24.0481 0448 msahci - ok 17:51:24.0528 0448 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:51:24.0559 0448 msdsm - ok 17:51:24.0653 0448 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 17:51:24.0762 0448 MSDTC - ok 17:51:24.0793 0448 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:51:24.0871 0448 Msfs - ok 17:51:24.0887 0448 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:51:24.0918 0448 msisadrv - ok 17:51:24.0949 0448 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:51:25.0074 0448 MSiSCSI - ok 17:51:25.0074 0448 msiserver - ok 17:51:25.0105 0448 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:51:25.0168 0448 MSKSSRV - ok 17:51:25.0183 0448 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:51:25.0246 0448 MSPCLOCK - ok 17:51:25.0246 0448 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:51:25.0308 0448 MSPQM - ok 17:51:25.0355 0448 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:51:25.0370 0448 MsRPC - ok 17:51:25.0386 0448 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:51:25.0402 0448 mssmbios - ok 17:51:25.0448 0448 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:51:25.0495 0448 MSTEE - ok 17:51:25.0542 0448 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 17:51:25.0573 0448 Mup - ok 17:51:25.0636 0448 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 17:51:25.0698 0448 napagent - ok 17:51:25.0776 0448 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:51:25.0823 0448 NativeWifiP - ok 17:51:25.0885 0448 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:51:25.0963 0448 NDIS - ok 17:51:26.0041 0448 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:51:26.0088 0448 NdisTapi - ok 17:51:26.0119 0448 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:51:26.0213 0448 Ndisuio - ok 17:51:26.0275 0448 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:51:26.0338 0448 NdisWan - ok 17:51:26.0353 0448 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:51:26.0400 0448 NDProxy - ok 17:51:26.0416 0448 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:51:26.0494 0448 NetBIOS - ok 17:51:26.0540 0448 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 17:51:26.0603 0448 netbt - ok 17:51:26.0618 0448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe 17:51:26.0634 0448 Netlogon - ok 17:51:26.0696 0448 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 17:51:26.0852 0448 Netman - ok 17:51:26.0884 0448 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 17:51:26.0962 0448 netprofm - ok 17:51:27.0024 0448 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:51:27.0055 0448 NetTcpPortSharing - ok 17:51:27.0211 0448 [ F17EDA58C8C5B1A4F873B322729168FF ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys 17:51:27.0601 0448 NETw5v64 - ok 17:51:27.0632 0448 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 17:51:27.0664 0448 nfrd960 - ok 17:51:27.0726 0448 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 17:51:27.0820 0448 NlaSvc - ok 17:51:27.0882 0448 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:51:27.0960 0448 Npfs - ok 17:51:27.0976 0448 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 17:51:28.0022 0448 nsi - ok 17:51:28.0085 0448 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:51:28.0178 0448 nsiproxy - ok 17:51:28.0272 0448 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:51:28.0506 0448 Ntfs - ok 17:51:28.0568 0448 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 17:51:28.0631 0448 Null - ok 17:51:28.0662 0448 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:51:28.0693 0448 nvraid - ok 17:51:28.0709 0448 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:51:28.0740 0448 nvstor - ok 17:51:28.0756 0448 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:51:28.0787 0448 nv_agp - ok 17:51:28.0802 0448 NwlnkFlt - ok 17:51:28.0802 0448 NwlnkFwd - ok 17:51:28.0865 0448 [ 404B0121AE1A75D9A63B6934EB07C258 ] OA008Ufd C:\Windows\system32\DRIVERS\OA008Ufd.sys 17:51:28.0927 0448 OA008Ufd - ok 17:51:28.0974 0448 [ 126885007E8F601861165FC77C93F1BE ] OA008Vid C:\Windows\system32\DRIVERS\OA008Vid.sys 17:51:29.0005 0448 OA008Vid - ok 17:51:29.0036 0448 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 17:51:29.0083 0448 ohci1394 - ok 17:51:29.0192 0448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 17:51:29.0348 0448 p2pimsvc - ok 17:51:29.0380 0448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 17:51:29.0426 0448 p2psvc - ok 17:51:29.0504 0448 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 17:51:29.0598 0448 Parport - ok 17:51:29.0629 0448 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:51:29.0676 0448 partmgr - ok 17:51:29.0707 0448 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 17:51:29.0738 0448 PcaSvc - ok 17:51:29.0801 0448 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 17:51:29.0832 0448 pci - ok 17:51:29.0863 0448 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys 17:51:29.0879 0448 pciide - ok 17:51:29.0910 0448 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 17:51:29.0957 0448 pcmcia - ok 17:51:29.0988 0448 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:51:30.0128 0448 PEAUTH - ok 17:51:30.0269 0448 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:51:30.0331 0448 PerfHost - ok 17:51:30.0472 0448 [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS 17:51:30.0784 0448 PID_PEPI - ok 17:51:30.0908 0448 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 17:51:31.0064 0448 pla - ok 17:51:31.0111 0448 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:51:31.0174 0448 PlugPlay - ok 17:51:31.0220 0448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 17:51:31.0267 0448 PNRPAutoReg - ok 17:51:31.0314 0448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 17:51:31.0376 0448 PNRPsvc - ok 17:51:31.0439 0448 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:51:31.0564 0448 PolicyAgent - ok 17:51:31.0642 0448 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:51:31.0704 0448 PptpMiniport - ok 17:51:31.0720 0448 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys 17:51:31.0813 0448 Processor - ok 17:51:31.0860 0448 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 17:51:31.0922 0448 ProfSvc - ok 17:51:31.0938 0448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe 17:51:31.0969 0448 ProtectedStorage - ok 17:51:32.0000 0448 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 17:51:32.0047 0448 PSched - ok 17:51:32.0125 0448 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 17:51:32.0266 0448 ql2300 - ok 17:51:32.0281 0448 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 17:51:32.0312 0448 ql40xx - ok 17:51:32.0390 0448 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 17:51:32.0437 0448 QWAVE - ok 17:51:32.0484 0448 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:51:32.0515 0448 QWAVEdrv - ok 17:51:32.0531 0448 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:51:32.0609 0448 RasAcd - ok 17:51:32.0687 0448 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 17:51:32.0749 0448 RasAuto - ok 17:51:32.0765 0448 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:51:32.0827 0448 Rasl2tp - ok 17:51:32.0874 0448 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 17:51:32.0952 0448 RasMan - ok 17:51:32.0983 0448 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:51:33.0030 0448 RasPppoe - ok 17:51:33.0108 0448 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:51:33.0139 0448 RasSstp - ok 17:51:33.0248 0448 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:51:33.0295 0448 rdbss - ok 17:51:33.0342 0448 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:51:33.0404 0448 RDPCDD - ok 17:51:33.0420 0448 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 17:51:33.0482 0448 rdpdr - ok 17:51:33.0498 0448 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:51:33.0592 0448 RDPENCDD - ok 17:51:33.0638 0448 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:51:33.0670 0448 RDPWD - ok 17:51:33.0716 0448 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:51:33.0779 0448 RemoteAccess - ok 17:51:33.0826 0448 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:51:33.0904 0448 RemoteRegistry - ok 17:51:33.0935 0448 [ 9C23519FC1FD331AAAEDC145AB947293 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys 17:51:33.0966 0448 rimmptsk - ok 17:51:33.0966 0448 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys 17:51:34.0028 0448 rismxdp - ok 17:51:34.0060 0448 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 17:51:34.0106 0448 RpcLocator - ok 17:51:34.0138 0448 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 17:51:34.0200 0448 RpcSs - ok 17:51:34.0247 0448 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:51:34.0294 0448 rspndr - ok 17:51:34.0325 0448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe 17:51:34.0356 0448 SamSs - ok 17:51:34.0387 0448 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:51:34.0418 0448 sbp2port - ok 17:51:34.0481 0448 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:51:34.0528 0448 SCardSvr - ok 17:51:34.0590 0448 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 17:51:34.0652 0448 Schedule - ok 17:51:34.0684 0448 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 17:51:34.0730 0448 SCPolicySvc - ok 17:51:34.0777 0448 [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 17:51:34.0824 0448 sdbus - ok 17:51:34.0902 0448 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:51:34.0949 0448 SDRSVC - ok 17:51:34.0964 0448 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:51:35.0058 0448 secdrv - ok 17:51:35.0120 0448 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 17:51:35.0183 0448 seclogon - ok 17:51:35.0198 0448 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll 17:51:35.0261 0448 SENS - ok 17:51:35.0292 0448 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys 17:51:35.0401 0448 Serenum - ok 17:51:35.0432 0448 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 17:51:35.0510 0448 Serial - ok 17:51:35.0557 0448 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 17:51:35.0604 0448 sermouse - ok 17:51:35.0698 0448 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 17:51:35.0744 0448 SessionEnv - ok 17:51:35.0791 0448 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:51:35.0838 0448 sffdisk - ok 17:51:35.0869 0448 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:51:35.0932 0448 sffp_mmc - ok 17:51:35.0947 0448 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:51:36.0010 0448 sffp_sd - ok 17:51:36.0041 0448 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 17:51:36.0103 0448 sfloppy - ok 17:51:36.0212 0448 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:51:36.0275 0448 SharedAccess - ok 17:51:36.0353 0448 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:51:36.0415 0448 ShellHWDetection - ok 17:51:36.0571 0448 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 17:51:36.0602 0448 SiSRaid2 - ok 17:51:36.0649 0448 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 17:51:36.0680 0448 SiSRaid4 - ok 17:51:36.0805 0448 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 17:51:36.0899 0448 SkypeUpdate - ok 17:51:37.0055 0448 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 17:51:37.0273 0448 slsvc - ok 17:51:37.0289 0448 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 17:51:37.0382 0448 SLUINotify - ok 17:51:37.0476 0448 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:51:37.0554 0448 Smb - ok 17:51:37.0632 0448 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:51:37.0663 0448 SNMPTRAP - ok 17:51:37.0694 0448 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 17:51:37.0726 0448 spldr - ok 17:51:37.0772 0448 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 17:51:37.0804 0448 Spooler - ok 17:51:37.0897 0448 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys 17:51:37.0991 0448 srv - ok 17:51:38.0038 0448 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:51:38.0069 0448 srv2 - ok 17:51:38.0116 0448 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:51:38.0178 0448 srvnet - ok 17:51:38.0303 0448 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:51:38.0412 0448 SSDPSRV - ok 17:51:38.0443 0448 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:51:38.0490 0448 SstpSvc - ok 17:51:38.0646 0448 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 17:51:38.0677 0448 stisvc - ok 17:51:38.0724 0448 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:51:38.0740 0448 swenum - ok 17:51:38.0786 0448 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 17:51:38.0942 0448 swprv - ok 17:51:38.0974 0448 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 17:51:38.0989 0448 Symc8xx - ok 17:51:39.0083 0448 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 17:51:39.0098 0448 Sym_hi - ok 17:51:39.0176 0448 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 17:51:39.0192 0448 Sym_u3 - ok 17:51:39.0442 0448 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 17:51:39.0582 0448 SysMain - ok 17:51:39.0676 0448 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:51:39.0707 0448 TabletInputService - ok 17:51:39.0769 0448 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:51:39.0832 0448 TapiSrv - ok 17:51:39.0878 0448 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 17:51:39.0956 0448 TBS - ok 17:51:40.0112 0448 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:51:40.0331 0448 Tcpip - ok 17:51:40.0409 0448 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 17:51:40.0518 0448 Tcpip6 - ok 17:51:40.0534 0448 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:51:40.0580 0448 tcpipreg - ok 17:51:40.0658 0448 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:51:40.0752 0448 TDPIPE - ok 17:51:40.0768 0448 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:51:40.0877 0448 TDTCP - ok 17:51:40.0955 0448 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:51:41.0017 0448 tdx - ok 17:51:41.0189 0448 [ 1C46C27E9F1938B9589859C70450D275 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe 17:51:41.0329 0448 TeamViewer6 - ok 17:51:41.0672 0448 [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 17:51:42.0000 0448 TeamViewer7 - ok 17:51:42.0156 0448 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:51:42.0172 0448 TermDD - ok 17:51:42.0343 0448 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 17:51:42.0468 0448 TermService - ok 17:51:42.0577 0448 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll 17:51:42.0608 0448 Themes - ok 17:51:42.0655 0448 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 17:51:42.0718 0448 THREADORDER - ok 17:51:42.0780 0448 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 17:51:42.0889 0448 TrkWks - ok 17:51:43.0030 0448 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:51:43.0061 0448 TrustedInstaller - ok 17:51:43.0154 0448 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:51:43.0217 0448 tssecsrv - ok 17:51:43.0232 0448 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 17:51:43.0279 0448 tunmp - ok 17:51:43.0326 0448 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:51:43.0373 0448 tunnel - ok 17:51:43.0388 0448 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 17:51:43.0420 0448 uagp35 - ok 17:51:43.0482 0448 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:51:43.0544 0448 udfs - ok 17:51:43.0622 0448 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:51:43.0685 0448 UI0Detect - ok 17:51:43.0732 0448 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:51:43.0763 0448 uliagpkx - ok 17:51:43.0794 0448 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 17:51:43.0856 0448 uliahci - ok 17:51:43.0888 0448 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 17:51:43.0919 0448 UlSata - ok 17:51:43.0950 0448 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 17:51:43.0997 0448 ulsata2 - ok 17:51:44.0028 0448 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:51:44.0090 0448 umbus - ok 17:51:44.0184 0448 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 17:51:44.0278 0448 upnphost - ok 17:51:44.0324 0448 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 17:51:44.0434 0448 usbaudio - ok 17:51:44.0465 0448 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:51:44.0512 0448 usbccgp - ok 17:51:44.0527 0448 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:51:44.0621 0448 usbcir - ok 17:51:44.0668 0448 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:51:44.0730 0448 usbehci - ok 17:51:44.0777 0448 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:51:44.0824 0448 usbhub - ok 17:51:44.0855 0448 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:51:44.0980 0448 usbohci - ok 17:51:45.0026 0448 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys 17:51:45.0120 0448 usbprint - ok 17:51:45.0167 0448 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:51:45.0260 0448 USBSTOR - ok 17:51:45.0276 0448 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 17:51:45.0323 0448 usbuhci - ok 17:51:45.0385 0448 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 17:51:45.0448 0448 usbvideo - ok 17:51:45.0557 0448 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 17:51:45.0604 0448 UxSms - ok 17:51:45.0666 0448 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 17:51:45.0791 0448 vds - ok 17:51:45.0806 0448 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:51:45.0916 0448 vga - ok 17:51:45.0962 0448 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 17:51:46.0040 0448 VgaSave - ok 17:51:46.0072 0448 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys 17:51:46.0087 0448 viaide - ok 17:51:46.0134 0448 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:51:46.0165 0448 volmgr - ok 17:51:46.0212 0448 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:51:46.0243 0448 volmgrx - ok 17:51:46.0306 0448 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:51:46.0337 0448 volsnap - ok 17:51:46.0493 0448 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 17:51:46.0524 0448 vsmraid - ok 17:51:46.0727 0448 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 17:51:46.0883 0448 VSS - ok 17:51:46.0992 0448 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 17:51:47.0117 0448 W32Time - ok 17:51:47.0164 0448 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 17:51:47.0242 0448 WacomPen - ok 17:51:47.0304 0448 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 17:51:47.0351 0448 Wanarp - ok 17:51:47.0366 0448 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:51:47.0413 0448 Wanarpv6 - ok 17:51:47.0554 0448 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:51:47.0600 0448 wcncsvc - ok 17:51:47.0647 0448 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:51:47.0694 0448 WcsPlugInService - ok 17:51:47.0834 0448 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 17:51:47.0850 0448 Wd - ok 17:51:48.0022 0448 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:51:48.0084 0448 Wdf01000 - ok 17:51:48.0256 0448 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:51:48.0302 0448 WdiServiceHost - ok 17:51:48.0318 0448 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:51:48.0380 0448 WdiSystemHost - ok 17:51:48.0599 0448 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 17:51:48.0630 0448 WebClient - ok 17:51:48.0677 0448 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:51:48.0708 0448 Wecsvc - ok 17:51:48.0739 0448 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:51:48.0786 0448 wercplsupport - ok 17:51:48.0817 0448 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 17:51:48.0864 0448 WerSvc - ok 17:51:48.0926 0448 WinDefend - ok 17:51:48.0942 0448 WinHttpAutoProxySvc - ok 17:51:49.0051 0448 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:51:49.0114 0448 Winmgmt - ok 17:51:49.0207 0448 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll 17:51:49.0504 0448 WinRM - ok 17:51:49.0644 0448 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys 17:51:49.0675 0448 WinUSB - ok 17:51:49.0738 0448 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 17:51:49.0878 0448 Wlansvc - ok 17:51:50.0065 0448 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 17:51:50.0112 0448 WmiAcpi - ok 17:51:50.0221 0448 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:51:50.0268 0448 wmiApSrv - ok 17:51:50.0315 0448 WMPNetworkSvc - ok 17:51:50.0471 0448 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe 17:51:50.0533 0448 WMZuneComm - ok 17:51:50.0642 0448 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:51:50.0689 0448 WPCSvc - ok 17:51:50.0736 0448 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:51:50.0798 0448 WPDBusEnum - ok 17:51:50.0830 0448 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 17:51:50.0861 0448 WpdUsb - ok 17:51:51.0017 0448 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 17:51:51.0142 0448 WPFFontCache_v0400 - ok 17:51:51.0298 0448 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:51:51.0360 0448 ws2ifsl - ok 17:51:51.0516 0448 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll 17:51:51.0547 0448 wscsvc - ok 17:51:51.0547 0448 WSearch - ok 17:51:51.0766 0448 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 17:51:52.0078 0448 wuauserv - ok 17:51:52.0218 0448 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:51:52.0249 0448 WudfPf - ok 17:51:52.0390 0448 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:51:52.0452 0448 WUDFRd - ok 17:51:52.0530 0448 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:51:52.0577 0448 wudfsvc - ok 17:51:53.0700 0448 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe 17:51:54.0418 0448 ZuneNetworkSvc - ok 17:51:54.0464 0448 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe 17:51:54.0605 0448 ZuneWlanCfgSvc - ok 17:51:54.0605 0448 ================ Scan global =============================== 17:51:54.0652 0448 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 17:51:54.0730 0448 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll 17:51:54.0792 0448 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll 17:51:54.0932 0448 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 17:51:54.0932 0448 [Global] - ok 17:51:54.0932 0448 ================ Scan MBR ================================== 17:51:54.0948 0448 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 17:51:55.0510 0448 \Device\Harddisk0\DR0 - ok 17:51:55.0510 0448 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 17:51:58.0208 0448 \Device\Harddisk1\DR1 - ok 17:51:58.0208 0448 ================ Scan VBR ================================== 17:51:58.0255 0448 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1 17:51:58.0255 0448 \Device\Harddisk0\DR0\Partition1 - ok 17:51:58.0271 0448 [ 4BB6300BD22E756CC8972F26534AD469 ] \Device\Harddisk0\DR0\Partition2 17:51:58.0271 0448 \Device\Harddisk0\DR0\Partition2 - ok 17:51:58.0271 0448 [ CDABEC49F5953BF5F85CB69FED7FCE40 ] \Device\Harddisk1\DR1\Partition1 17:51:58.0271 0448 \Device\Harddisk1\DR1\Partition1 - ok 17:51:58.0286 0448 ============================================================ 17:51:58.0286 0448 Scan finished 17:51:58.0286 0448 ============================================================ 17:51:58.0286 4272 Detected object count: 0 17:51:58.0286 4272 Actual detected object count: 0 |
02.06.2013, 17:00 | #8 |
/// Malware-holic | Trojaner auf Vista-Rechner Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.06.2013, 17:39 | #9 |
| Trojaner auf Vista-Rechner Combofix Logfile: Code:
ATTFilter ComboFix 13-06-02.02 - Manni 02.06.2013 18:15:38.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4060.2545 [GMT 2:00] ausgeführt von:: c:\users\Manni\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\StartSearch plugin c:\program files (x86)\StartSearch plugin\IEhelperActiveX.dll c:\program files (x86)\StartSearch plugin\ssBarLcher.dll c:\program files (x86)\StartSearch plugin\StartBar.dll c:\program files (x86)\StartSearch plugin\uninst.exe c:\program files (x86)\StartSearch plugin\vshareplg.crx c:\users\Manni\AppData\Roaming\skype.ini . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-02 bis 2013-06-02 )))))))))))))))))))))))))))))) . . 2013-06-02 16:26 . 2013-06-02 16:26 -------- d-----w- c:\users\Manni\AppData\Local\temp 2013-06-02 16:26 . 2013-06-02 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-02 16:11 . 2013-06-02 16:14 -------- d-----w- C:\32788R22FWJFW 2013-06-02 15:36 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEFD8003-FD0C-48D3-B3B4-B95491C4ECEF}\mpengine.dll 2013-05-14 22:16 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-14 22:16 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-14 22:16 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-14 20:40 . 2013-04-09 01:55 2774016 ----a-w- c:\windows\system32\win32k.sys 2013-05-14 20:40 . 2013-04-15 14:17 901496 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-14 20:40 . 2013-04-13 03:34 47104 ----a-w- c:\windows\system32\cdd.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-14 22:22 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe 2013-05-14 19:33 . 2012-04-17 18:58 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 19:33 . 2011-05-29 21:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-02 00:06 . 2011-05-30 20:22 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-03-11 13:33 . 2013-04-10 21:04 4691304 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 04:16 . 2013-04-10 21:04 85504 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:48 . 2013-04-10 21:04 75264 ----a-w- c:\windows\system32\smss.exe 2013-03-08 04:18 . 2013-04-10 21:04 451072 ----a-w- c:\windows\system32\winsrv.dll 2013-03-08 04:17 . 2013-04-10 21:04 2425344 ----a-w- c:\windows\system32\mstscax.dll 2013-03-08 03:52 . 2013-04-10 21:04 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-03-07 18:45 . 2013-03-07 18:45 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-07 18:45 . 2012-06-24 19:24 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-07 18:45 . 2012-01-11 21:42 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D594333-0076-A76A-76A7-7A786E7484D7}] 2013-04-03 09:21 13448 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 14:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] "{4D594333-0076-A76A-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll" [2013-04-03 13448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{4d594333-0076-a76a-76a7-7a786e7484d7}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-06 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 87043176 *Deregistered* - 87043176 . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-09 20:13 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 19:33] . 2013-05-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3241477791-2848227877-102253460-1000Core.job - c:\users\Manni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-17 20:46] . 2013-05-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3241477791-2848227877-102253460-1000UA.job - c:\users\Manni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-17 20:46] . 2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 18:26] . 2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 18:26] . . --------- X64 Entries ----------- . . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mStart Page = hxxp://startsear.ch/?aff=2&cf=593fb093-840f-11e1-b7b8-0026b908bc43 mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - c:\program files (x86)\StartSearch plugin\ssBarLcher.dll Toolbar-10 - (no file) Toolbar-{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - c:\program files (x86)\StartSearch plugin\ssBarLcher.dll Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-WudfPf SafeBoot-WudfRd Toolbar-10 - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-LiveVDO plugin - c:\program files (x86)\StartSearch plugin\uninst.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Zeit der Fertigstellung: 2013-06-02 18:37:29 ComboFix-quarantined-files.txt 2013-06-02 16:37 . Vor Suchlauf: 10 Verzeichnis(se), 170.049.167.360 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 168.906.354.688 Bytes frei . - - End Of File - - BB480CC5CA864CB68CB6D630EB57A1BB |
02.06.2013, 17:42 | #10 |
/// Malware-holic | Trojaner auf Vista-Rechner Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.06.2013, 23:35 | #11 |
| Trojaner auf Vista-Rechner Hi, anbei der Logfile: 11 Dateien habe ich entfernt! Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.06.02.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Manni :: MANNI-PC [Administrator] Schutz: Aktiviert 02.06.2013 23:44:16 mbam-log-2013-06-02 (23-44-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 331631 Laufzeit: 48 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 9 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: StartSearchTB -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (StartPins) Gut: (Google) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
03.06.2013, 11:00 | #12 |
/// Malware-holic | Trojaner auf Vista-Rechner Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.06.2013, 20:05 | #13 |
| Trojaner auf Vista-Rechner Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 14.05.2013 11.7.700.202 notwendig Adobe Reader X (10.1.7) - Deutsch Adobe Systems Incorporated 26.05.2013 118MB 10.1.7 unbekannt Adobe Shockwave Player 11.6 Adobe Systems, Inc. 25.02.2012 11.6.4.634 unbekannt Ask Toolbar Ask Partner Network 18.10.2012 4,64MB 11.8.1.227 unnötig Ask Toolbar Updater Ask.com 18.10.2012 1,36MB 1.2.0.20007 unnötig ATI Catalyst Install Manager ATI Technologies, Inc. 29.05.2011 18,2MB 3.0.732.0 notwendig Avira Free Antivirus Avira 17.11.2012 141MB 12.1.9.1236 notwendig Avira SearchFree Toolbar plus Web Protection Ask.com 18.10.2012 4,64MB 1.14.1.0 notwendig Babylon toolbar on IE 11.04.2012 1,73MB unnötig Broadcom Gigabit NetLink Controller Broadcom Corporation 29.05.2011 364KB 11.22.02 unbekannt CCleaner Piriform 24.05.2013 11,5MB 4.02 unnötig Citrix Receiver Citrix Systems, Inc. 07.03.2013 56,4MB 13.4.0.25 unnötig Dell Resource CD Ihr Firmenname 29.05.2011 3,04MB 1.00.0000 unbekannt Facebook Video Calling 1.2.0.287 Skype Limited 24.10.2012 4,77MB 1.2.287 notwendig flatex trader 2.0 TeleTrader Software GmbH 29.10.2012 101MB 9.13.1780 notwendig Google Chrome Google Inc. 22.08.2012 348MB 27.0.1453.94 unnötig Google Earth Plug-in Google 23.03.2013 80,7MB 7.0.3.8542 notwendig Google Toolbar for Internet Explorer Google Inc. 14.01.2013 17,2MB 7.4.3607.2246 notwendig iLivid Bandoo Media Inc. 27.09.2011 122MB 1.92.0.115302 unbekannt Integrated Webcam Driver (1.04.01.0601) Creative Technology Ltd. 13.08.2011 1.04.01.0601 notwendig Intel(R) PROSet/Wireless WiFi-Software Intel(R) Corporation 29.05.2011 15,6MB 12.00.4000 notwendig Java 7 Update 17 Oracle 06.03.2013 129MB 7.0.170 notwendig LiveVDO plugin 1.3 LiveVDO.tv, Inc. 11.04.2012 1.3 unbekannt Logitech Webcam Software Logitech Inc. 24.04.2012 44,4MB 12.10.1113 unnötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 02.06.2013 13,4MB 1.75.0.1300 unnötig ManyCam 3.1.43 ManyCam LLC 14.04.2013 21,6MB 3.1.43 unnötig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 02.06.2011 42,1MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 31.05.2011 42,1MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.06.2011 189MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02.06.2011 46,4MB 4.0.30319 unbekannt Microsoft Office Excel Viewer Microsoft Corporation 17.12.2011 71,1MB 12.0.6219.1000 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 29.05.2011 702KB 8.0.56336 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.05.2011 590KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 01.04.2012 11,1MB 10.0.40219 unbekannt PartyPoker PartyGaming 03.06.2012 157MB unnötig PlayerPlus 11.04.2012 58,1MB unbekannt PowerDVD Dell 29.05.2011 41,0MB 8.1 notwendig Skype Click to Call Skype Technologies S.A. 09.03.2012 6,35MB 5.9.9216 notwendig Skype™ 6.3 Skype Technologies S.A. 26.05.2013 21,1MB 6.3.107 notwendig Spotify Spotify AB 19.03.2013 63,3MB 0.8.8.450.gd9413516 notwendig TeamViewer 6 TeamViewer GmbH 19.09.2011 15,3MB 6.0.11117 unnötig TeamViewer 7 TeamViewer 09.01.2012 106MB 7.0.12313 notwendig Zune Microsoft Corporation 05.01.2012 106MB 04.08.2345.00 notwendig |
03.06.2013, 20:14 | #14 |
/// Malware-holic | Trojaner auf Vista-Rechner deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Adobe Shockwave Ask : alle Avira SearchFree weg bitte Babylon Citrix Google Chrome Google Toolbar : bitte auch, toolbars sind nur ein extra Risiko iLivid Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: ManyCam PartyPoker TeamViewer : würd ich nur bei bedarf instalieren, ansonsten upgraden auf Version8 Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.06.2013, 21:03 | #15 |
| Trojaner auf Vista-Rechner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 03/06/2013 um 21:57:03 erstellt # Aktualisiert am 16/05/2013 von Xplode # Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) # Benutzer : Manni - MANNI-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Manni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RZ5WIEM\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\user.js Gelöscht mit Neustart : C:\ProgramData\~0 Gelöscht mit Neustart : C:\ProgramData\APN Gelöscht mit Neustart : C:\ProgramData\Ask Gelöscht mit Neustart : C:\ProgramData\Babylon Gelöscht mit Neustart : C:\Users\Manni\AppData\Local\Babylon Gelöscht mit Neustart : C:\Users\Manni\AppData\Local\Ilivid Player Gelöscht mit Neustart : C:\Users\Manni\AppData\Local\PackageAware Gelöscht mit Neustart : C:\Users\Manni\AppData\LocalLow\BabylonToolbar Gelöscht mit Neustart : C:\Users\Manni\AppData\Roaming\Babylon ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\LiveVDO plugin Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchCore for Browsers Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\SearchCore for Browsers Schlüssel Gelöscht : HKCU\Software\StartSearch Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gelöscht : HKLM\Software\PIP Schlüssel Gelöscht : HKLM\Software\TENCENT Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveVDO plugin Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[S1].txt - [5841 octets] - [03/06/2013 21:57:03] ########## EOF - C:\AdwCleaner[S1].txt - [5901 octets] ########## |
Themen zu Trojaner auf Vista-Rechner |
askpartnernetwork, avira, babylontoolbar, bho, bildschirm, browser, desktop, error, excel, fehler, firefox, flash player, google, home, homepage, iexplore.exe, install.exe, object, programm, registry, richtlinie, scan, security, software, startsearch, svchost.exe, trojaner, usb, vista |