|
Plagegeister aller Art und deren Bekämpfung: Trojaner - Computer gesperrt, Meldung angeblich von der BundespolizeiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.07.2013, 14:58 | #1 |
| Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Liebe Helfer! Gestern Abend hat sich mein Laptop einen Trojaner eingefangen. Der Computer wurde gesperrt, es kam eine Meldung angeblich vom BSI mit der Aufforderung 100 Euro zu bezahlen. Ich konnte den Rechner zunächst im gesicherten Modus neu starten und hab einen vollständigen Scan mit meinem Sophos-Antivirusprogramm durchgeführt. Zwei Dateien wurden gefunden und in Quarantäne verschoben: Troj/Zbot-EON und Troj/EncProc-M. Das Problem wurde dadurch natürlich nicht gelöst, der Rechner läuft immer noch nur im gesicherten Modus. Da ich null Ahnung von Computern habe und nichts auf eigene Faust unternehmen will, um das ganze nicht noch schlimmer zu machen, möchte ich Sie um Hilfe bitten. Mein System ist Win7 64bit. Ich habe die Anweisungen im Forum befolgt und defogger, OTL, gmer laufen lassen. Ich weiss nur nicht, wie ich den OTL-Logfile hier poste (Anhang funktioniert nicht, da die Datei größer als erlaubt ist). Ich wäre echt sehr dankbar, wenn Sie helfen könnten... Gruss und danke im Voraus! |
30.07.2013, 15:05 | #2 |
/// Malware-holic | Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Hi, wenn du noch so gut wbit, und otl.txt anhängst :-)
__________________
__________________ |
30.07.2013, 15:19 | #3 |
| Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Hi und danke schonmal für die schnelle Antwort!
__________________Die Datei ist zu groß, ich versuch mal einfach den "Text" hier rein zu kopieren. Sorry, ich bin zum ersten Mal hier und weiß nicht, wie ich es richtig mache OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.07.2013 13:45:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Polly1701\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 78,27% Memory free 7,36 Gb Paging File | 6,58 Gb Available in Paging File | 89,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,09 Gb Total Space | 345,16 Gb Free Space | 75,51% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: POLLY | User Name: Polly1701 | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.30 13:44:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Polly1701\Desktop\OTL.exe PRC - [2012.07.05 16:00:49 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV - [2013.07.04 17:29:08 | 003,022,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Digital Trends Club\HI-epanel-Reporting.exe -- (HI-epanel-Reporting-Service) SRV - [2013.07.04 17:29:04 | 001,377,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Digital Trends Club\HI-epanel-Updater.exe -- (HI-epanel-Update-Service) SRV - [2013.04.29 12:46:20 | 004,233,088 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2013.03.26 15:43:42 | 001,359,408 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.04 18:12:26 | 002,869,824 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012.12.04 18:12:20 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.12.04 18:12:11 | 001,998,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2012.09.29 20:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 20:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.08 16:23:50 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.07.05 16:00:49 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.05.09 18:30:02 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2011.05.27 16:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2010.08.11 09:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.02.19 19:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.30 20:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2009.11.20 16:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.11.15 20:31:04 | 000,050,688 | ---- | M] () [Auto | Stopped] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV - [2009.11.15 20:28:44 | 000,948,224 | ---- | M] () [Auto | Stopped] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked) SRV - [2009.11.15 20:26:26 | 000,690,688 | ---- | M] () [Auto | Stopped] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.10.15 17:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2009.10.15 17:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2009.10.15 17:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2009.10.15 17:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2009.10.15 17:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2009.09.14 20:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009.09.14 20:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009.09.14 19:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2009.09.04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.09.01 22:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2009.08.31 02:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.31 02:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.11.26 20:32:50 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.11.26 20:32:40 | 007,841,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.29 20:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.09 18:29:49 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.06 15:06:31 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2011.11.15 04:12:10 | 000,111,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.11.20 16:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.11.19 02:06:22 | 000,020,992 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2009.11.19 02:06:20 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2009.11.18 22:04:10 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.11.18 22:04:09 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.11.18 22:04:09 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.11.18 22:04:08 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.11.18 22:03:38 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.11.11 04:05:01 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.11.09 22:05:19 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.09 22:04:24 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.11.02 03:47:16 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.29 22:09:32 | 000,076,800 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2009.10.29 22:09:23 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.28 22:03:08 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf) DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.02.09 11:06:31 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms} IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP.RU: ?????, ?????, ???????, ??????????, ???? ? ??????????? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = QIP: ????? ? ????????? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = QIP: ????? ? ????????? IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = QIP: ????? ? ????????? IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Polly1701\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {919F170F-C56D-40E5-A6EF-6C1CDE3947DD} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms} IE - HKCU\..\SearchScopes\{06A3D848-9B7E-41E5-8E96-4F16F5A0079A}: "URL" = Shopping.com Deutschland - der große Produkt- und Preisvergleich IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4E2D0023140A0581&affID=121563&tt=040713_xmlful&tsp=4935 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{919F170F-C56D-40E5-A6EF-6C1CDE3947DD}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE367 IE - HKCU\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms} IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE IE - HKCU\..\SearchScopes\{E29F7AB2-53BB-41DB-9E04-09D74ED371D6}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKCU\..\SearchScopes\{F0792148-D0C5-4D29-915F-5ACBEF50A9F1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: [INSTALLDIR] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files (x86)\Digital Trends Club\ [2013.07.30 13:28:57 | 000,000,000 | ---D | M] [2013.07.06 16:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\x64\Gacela2.dll (HI-epanel) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\Gacela2.dll (HI-epanel) O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Polly1701\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [cvYTlJojJpL.exe] C:\ProgramData\cvYTlJojJpL.exe File not found O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) O4 - HKCU..\Run: [aSQw8ccL0] C:\Users\Polly1701\AppData\Local\JCmZFOv.exe (NCSOFT Company) O4 - HKCU..\Run: [Java Auto Update] C:\Users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\jsheded.exe File not found O4 - Startup: C:\Users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Polly1701\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Ãœber Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\x64\Gacela2.dll (HI-epanel) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Über Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\Digital Trends Club\Gacela2.dll (HI-epanel) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E37588F-0867-4D56-8CF9-459548D4F801}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4183AE89-854E-467C-9FCC-94DE00E792A2}: NameServer = 134.147.32.40,134.147.222.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C92FD408-5D15-42D8-B3D5-B8DBD2FF43E8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{303421e9-b2d1-11df-a27f-0024be65bd74}\Shell - "" = AutoRun O33 - MountPoints2\{303421e9-b2d1-11df-a27f-0024be65bd74}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{30342201-b2d1-11df-a27f-0024be65bd74}\Shell - "" = AutoRun O33 - MountPoints2\{30342201-b2d1-11df-a27f-0024be65bd74}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{a4b092e7-bc24-11df-8126-0024be65bd74}\Shell - "" = AutoRun O33 - MountPoints2\{a4b092e7-bc24-11df-8126-0024be65bd74}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{f693946d-b92a-11df-a95e-0024be65bd74}\Shell - "" = AutoRun O33 - MountPoints2\{f693946d-b92a-11df-a95e-0024be65bd74}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{f6939485-b92a-11df-a95e-0024be65bd74}\Shell - "" = AutoRun O33 - MountPoints2\{f6939485-b92a-11df-a95e-0024be65bd74}\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.30 13:44:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Polly1701\Desktop\OTL.exe [2013.07.29 22:22:04 | 000,183,296 | ---- | C] (NCSOFT Company) -- C:\Users\Polly1701\AppData\Local\JCmZFOv.exe [2013.07.23 20:11:44 | 000,000,000 | R--D | C] -- C:\Users\Polly1701\Dropbox [2013.07.23 20:09:19 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.07.23 20:08:33 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\Dropbox [2013.07.06 16:55:47 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\Tracing [2013.07.06 16:53:48 | 000,000,000 | ---D | C] -- C:\Windows\en [2013.07.06 16:53:32 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.07.06 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Local\Windows Live [2013.07.06 16:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2013.07.06 16:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software [2013.07.06 16:37:39 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\NCH Software [2013.07.06 16:28:05 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\TuneUp Software [2013.07.06 16:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.07.06 16:27:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.07.06 16:27:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.07.06 16:26:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.07.06 16:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.07.06 16:26:35 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\Babylon [2013.07.06 16:26:26 | 000,000,000 | ---D | C] -- C:\Users\Polly1701\AppData\Roaming\OpenCandy [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.30 13:44:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Polly1701\Desktop\OTL.exe [2013.07.30 13:42:45 | 000,000,000 | ---- | M] () -- C:\Users\Polly1701\defogger_reenable [2013.07.30 13:41:34 | 000,050,477 | ---- | M] () -- C:\Users\Polly1701\Desktop\Defogger.exe [2013.07.30 13:30:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.30 13:30:06 | 2962,395,136 | -HS- | M] () -- C:\hiberfil.sys [2013.07.30 13:27:59 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.29 22:40:56 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.29 22:40:56 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.29 22:22:07 | 000,181,452 | ---- | M] () -- C:\Users\Polly1701\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53 [2013.07.29 22:22:01 | 000,183,296 | ---- | M] (NCSOFT Company) -- C:\Users\Polly1701\AppData\Local\JCmZFOv.exe [2013.07.29 22:16:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.29 13:46:53 | 000,150,662 | ---- | M] () -- C:\Users\Polly1701\Desktop\Muellmax_2013_20130725_22379.pdf [2013.07.27 13:13:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.27 13:13:24 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.27 13:13:24 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.27 13:13:24 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.27 13:13:24 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.23 20:11:44 | 000,001,040 | ---- | M] () -- C:\Users\Polly1701\Desktop\Dropbox.lnk [2013.07.23 20:09:30 | 000,001,050 | ---- | M] () -- C:\Users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.07.11 16:58:38 | 000,437,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.08 22:11:14 | 000,111,068 | ---- | M] () -- C:\test.xml [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.30 13:42:45 | 000,000,000 | ---- | C] () -- C:\Users\Polly1701\defogger_reenable [2013.07.30 13:41:34 | 000,050,477 | ---- | C] () -- C:\Users\Polly1701\Desktop\Defogger.exe [2013.07.29 22:22:07 | 000,181,452 | ---- | C] () -- C:\Users\Polly1701\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53 [2013.07.29 13:46:53 | 000,150,662 | ---- | C] () -- C:\Users\Polly1701\Desktop\Muellmax_2013_20130725_22379.pdf [2013.07.23 20:11:44 | 000,001,040 | ---- | C] () -- C:\Users\Polly1701\Desktop\Dropbox.lnk [2013.07.23 20:09:30 | 000,001,050 | ---- | C] () -- C:\Users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.07.06 16:53:30 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.07.06 16:53:20 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.07.06 16:52:44 | 000,001,418 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2013.07.06 16:52:18 | 000,002,446 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012.11.26 20:32:41 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.09.29 01:16:48 | 000,002,176 | ---- | C] () -- C:\Users\Polly1701\AppData\Local\recently-used.xbel [2012.06.23 23:11:44 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe [2012.05.25 01:59:10 | 001,523,712 | ---- | C] () -- C:\Windows\SysWow64\falsesetproxy.exe [2011.12.30 20:59:21 | 000,000,444 | ---- | C] () -- C:\Windows\MyHeritage.INI [2011.12.30 20:57:55 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2011.12.13 01:46:54 | 000,000,129 | ---- | C] () -- C:\Windows\winamp.ini [2011.10.27 00:34:51 | 000,000,000 | ---- | C] () -- C:\Users\Polly1701\AppData\Local\{B6B46446-11CD-4103-9CAF-718DFC697B12} [2011.07.01 22:05:57 | 000,000,070 | ---- | C] () -- C:\Users\Polly1701\.bouml [2011.07.01 22:04:53 | 000,000,052 | ---- | C] () -- C:\Users\Polly1701\.boumlrc [2010.10.27 19:04:53 | 002,000,324 | ---- | C] () -- C:\Program Files (x86)\cdex_151.exe [2010.05.04 17:20:06 | 000,000,016 | ---- | C] () -- C:\Users\Polly1701\persistent_state [2010.02.01 21:43:04 | 000,028,672 | ---- | C] () -- C:\Users\Polly1701\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.01 20:48:43 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.02 06:05:31 | 000,000,000 | -HSD | M] -- C:\Users\Polly1701\AppData\Roaming\.# [2013.03.13 13:58:20 | 000,000,000 | -HSD | M] -- C:\Users\Polly1701\AppData\Roaming\2DF42B [2010.11.08 00:06:41 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Amazon [2010.04.02 01:50:42 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Auslogics [2013.07.06 16:26:35 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Babylon [2013.07.06 16:35:34 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\DesktopIconForAmazon [2013.07.30 00:24:37 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Dropbox [2013.07.06 16:35:19 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\GinyasBrowserCompanion [2013.03.13 00:31:09 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Java [2011.12.30 21:11:23 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\MyHeritage [2013.07.06 16:26:26 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\OpenCandy [2010.05.07 00:40:35 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Opera [2012.04.29 16:39:51 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Pixlromatic [2010.02.01 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\Protector Suite [2011.02.02 17:22:29 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\QIP [2013.05.24 14:21:57 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\The Bat! [2011.12.30 20:57:55 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\The Complete Genealogy Reporter - FTB [2013.07.06 16:28:05 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\TuneUp Software [2013.07.29 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\Polly1701\AppData\Roaming\XnView ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011.07.30 02:49:34 | 000,016,165 | ---- | M] ()(C:\Users\Polly1701\Documents\????????_2011.docx) -- C:\Users\Polly1701\Documents\Беларусь_2011.docx [2011.07.30 02:49:33 | 000,016,165 | ---- | C] ()(C:\Users\Polly1701\Documents\????????_2011.docx) -- C:\Users\Polly1701\Documents\Беларусь_2011.docx [2010.06.18 14:16:53 | 000,026,112 | ---- | M] ()(C:\Users\Polly1701\Documents\? ? ? ? ? ? ? ? ? ? ? ?.doc) -- C:\Users\Polly1701\Documents\Д О В Е Р Е Н Н О С Т Ь.doc [2010.06.18 14:16:53 | 000,026,112 | ---- | C] ()(C:\Users\Polly1701\Documents\? ? ? ? ? ? ? ? ? ? ? ?.doc) -- C:\Users\Polly1701\Documents\Д О В Е Р Е Н Н О С Т Ь.doc [2010.04.30 11:29:53 | 000,030,720 | ---- | M] ()(C:\Users\Polly1701\Documents\?? ???????.doc) -- C:\Users\Polly1701\Documents\За туманам.doc [2010.04.28 03:02:04 | 000,030,720 | ---- | C] ()(C:\Users\Polly1701\Documents\?? ???????.doc) -- C:\Users\Polly1701\Documents\За туманам.doc < End of report > |
30.07.2013, 15:26 | #4 |
/// Malware-holic | Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL O4 - HKCU..\Run: [aSQw8ccL0] C:\Users\Polly1701\AppData\Local\JCmZFOv.exe (NCSOFT Company) [2013.07.29 22:16:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job :files :Commands [emptytemp]
falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.07.2013, 15:49 | #5 |
| Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei OTL fix durchgeführt. Die Meldung ist schonmal veschwunden und der Rechner läuft im normalen Modus. Der Upload hat auch geklappt. Hier der Inhalt des Textdokuments: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\aSQw8ccL0 deleted successfully. C:\Users\Polly1701\AppData\Local\JCmZFOv.exe moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 57472 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Polly1701 ->Temp folder emptied: 1260326721 bytes ->Temporary Internet Files folder emptied: 12400058 bytes ->Java cache emptied: 63499290 bytes ->Opera cache emptied: 15524496 bytes ->Flash cache emptied: 59542 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1533519 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 734284864 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42979450 bytes RecycleBin emptied: 828453332 bytes Total Files Cleaned = 2.822,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07302013_163026 Files\Folders moved on Reboot... C:\Users\Polly1701\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Polly1701\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
30.07.2013, 15:53 | #6 |
/// Malware-holic | Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Sehr gut. Scan mit Combofix
__________________ --> Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei |
30.07.2013, 16:57 | #7 |
| Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Erledigt! Allerdings bin ich mir nicht sicher, ob alles glatt verlaufen ist. Es kam in blauen combofix-fenster oft die Zeile "Zugriff verweigert" - lag vielleicht daran, dass ich Sophos nicht richtig deaktivieren konnte. Combofix ist trotzdem weiter gelaufen, anschließend hat es windows neu gestartet, ein Logfile wurde erstellt, jedoch nach der mehrfachen Meldung "die Datei "NircmdB.exe" konnte nicht gefunden werden". Beim Starten des Browsers kam dann die andere Fehlermeldung, auf die Sie hingewiesen haben. Hab den Rechner neu gestartet - jetzt funktioniert alles wieder. Hier ist die Log-Datei (hoffentlich klappt es jetzt mit den code-tags) Combofix Logfile: Code:
ATTFilter ComboFix 13-07-30.02 - Polly1701 30.07.2013 17:14:15.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3767.1894 [GMT 2:00] ausgeführt von:: c:\users\Polly1701\Desktop\ComboFix.exe AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A} SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files (x86)\SecureW2 c:\program files (x86)\SecureW2\Uninstall.exe c:\programdata\boost_interprocess\20130730163145.125599 c:\programdata\boost_interprocess\20130730163145.125599\Nobu64AgentService2.7.2.25 c:\programdata\boost_interprocess\20130730163145.125599\Nobu64TrayIcon2.7.2.25 c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2 c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk c:\users\POLLY1~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll c:\users\Polly1701\AppData\Local\Temp\1.tmp\F_IN_BOX.dll c:\users\Polly1701\AppData\Roaming\.# c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\check_update.bat c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\csrss.exe c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\diakgcn121016.cl c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\libeay32.dll c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\libidn-11.dll c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\libusb-1.0.dll c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\OpenCL.dll c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\phatk121016.cl c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\ssleay32.dll c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\zlib1.dll c:\users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2 . . ((((((((((((((((((((((( Dateien erstellt von 2013-06-28 bis 2013-07-30 )))))))))))))))))))))))))))))) . . 2013-07-30 14:40 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDBB21A1-93C4-4911-9DAA-0BF040464269}\mpengine.dll 2013-07-30 14:30 . 2013-07-30 14:41 -------- d-----w- C:\_OTL 2013-07-23 18:11 . 2013-07-30 14:35 -------- d-----r- c:\users\Polly1701\Dropbox 2013-07-23 18:08 . 2013-07-30 14:35 -------- d-----w- c:\users\Polly1701\AppData\Roaming\Dropbox 2013-07-10 11:07 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-10 11:07 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-10 11:07 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-10 11:07 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll 2013-07-10 11:07 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll 2013-07-10 11:07 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll 2013-07-10 11:07 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll 2013-07-10 11:07 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll 2013-07-10 11:07 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-07-10 11:07 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-10 11:07 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-10 11:06 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-07-10 11:06 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-10 11:06 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-10 11:06 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-10 11:06 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 11:06 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 11:06 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-07-10 11:06 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-07-06 14:55 . 2013-07-06 14:55 -------- d-----w- c:\users\Polly1701\Tracing 2013-07-06 14:53 . 2013-07-06 14:53 -------- d-----w- c:\windows\en 2013-07-06 14:53 . 2013-07-06 14:53 -------- d-----w- c:\windows\de 2013-07-06 14:48 . 2013-02-05 20:06 57840 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2013-07-06 14:46 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2013-07-06 14:46 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll 2013-07-06 14:46 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll 2013-07-06 14:46 . 2010-06-02 02:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll 2013-07-06 14:46 . 2010-05-26 09:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll 2013-07-06 14:46 . 2010-05-26 09:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2013-07-06 14:46 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2013-07-06 14:46 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2013-07-06 14:45 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2013-07-06 14:45 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2013-07-06 14:43 . 2013-07-06 14:43 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3d5ecab21ce7a5707\DSETUP.dll 2013-07-06 14:43 . 2013-07-06 14:43 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3d5ecab21ce7a5707\DXSETUP.exe 2013-07-06 14:43 . 2013-07-06 14:43 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3d5ecab21ce7a5707\dsetup32.dll 2013-07-06 14:43 . 2013-07-06 14:43 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\35f50ce51ce7a5704\DSETUP.dll 2013-07-06 14:43 . 2013-07-06 14:43 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\35f50ce51ce7a5704\DXSETUP.exe 2013-07-06 14:43 . 2013-07-06 14:43 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\35f50ce51ce7a5704\dsetup32.dll 2013-07-06 14:43 . 2013-07-06 14:43 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31e710821ce7a5702\DSETUP.dll 2013-07-06 14:43 . 2013-07-06 14:43 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31e710821ce7a5702\DXSETUP.exe 2013-07-06 14:43 . 2013-07-06 14:43 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31e710821ce7a5702\dsetup32.dll 2013-07-06 14:43 . 2013-07-16 22:03 -------- d-----w- c:\users\Polly1701\AppData\Local\Windows Live 2013-07-06 14:38 . 2013-07-06 14:38 -------- d-----w- c:\programdata\NCH Software 2013-07-06 14:37 . 2013-07-06 14:40 -------- d-----w- c:\program files (x86)\NCH Software 2013-07-06 14:37 . 2013-07-06 14:40 -------- d-----w- c:\users\Polly1701\AppData\Roaming\NCH Software 2013-07-06 14:28 . 2013-07-06 14:28 -------- d-----w- c:\users\Polly1701\AppData\Roaming\TuneUp Software 2013-07-06 14:27 . 2013-07-06 14:28 -------- d-----w- c:\programdata\TuneUp Software 2013-07-06 14:27 . 2013-07-06 14:27 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-07-06 14:27 . 2013-07-06 14:27 -------- d--h--w- c:\programdata\Common Files 2013-07-06 14:26 . 2013-07-06 14:26 -------- d-----w- c:\programdata\Babylon 2013-07-06 14:26 . 2013-07-06 14:26 -------- d-----w- c:\users\Polly1701\AppData\Roaming\Babylon 2013-07-06 14:26 . 2013-07-06 14:26 -------- d-----w- c:\users\Polly1701\AppData\Roaming\OpenCandy . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-10 16:57 . 2010-02-09 15:59 78185248 ----a-w- c:\windows\system32\MRT.exe 2013-07-06 14:47 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-07-06 14:14 . 2010-02-01 20:37 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2013-07-06 14:14 . 2010-12-10 21:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-07-06 14:13 . 2010-02-19 16:14 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2013-06-07 12:19 . 2013-06-07 12:19 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-06-07 12:19 . 2013-06-07 12:19 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-06-07 12:19 . 2013-06-07 12:19 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-06-07 12:19 . 2013-06-07 12:19 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-06-07 12:19 . 2013-06-07 12:19 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-06-07 12:19 . 2013-06-07 12:19 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-06-07 12:19 . 2013-06-07 12:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-06-07 12:19 . 2013-06-07 12:19 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-06-07 12:19 . 2013-06-07 12:19 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-06-07 12:19 . 2013-06-07 12:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-06-07 12:19 . 2013-06-07 12:19 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-06-07 12:19 . 2013-06-07 12:19 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-06-07 12:19 . 2013-06-07 12:19 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-06-07 12:19 . 2013-06-07 12:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-06-07 12:19 . 2013-06-07 12:19 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-06-07 12:19 . 2013-06-07 12:19 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-06-07 12:19 . 2013-06-07 12:19 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-06-07 12:19 . 2013-06-07 12:19 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-06-07 12:19 . 2013-06-07 12:19 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-06-07 12:19 . 2013-06-07 12:19 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-06-07 12:19 . 2013-06-07 12:19 81408 ----a-w- c:\windows\system32\icardie.dll 2013-06-07 12:19 . 2013-06-07 12:19 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-06-07 12:19 . 2013-06-07 12:19 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-06-07 12:19 . 2013-06-07 12:19 441856 ----a-w- c:\windows\system32\html.iec 2013-06-07 12:19 . 2013-06-07 12:19 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-06-07 12:19 . 2013-06-07 12:19 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-07 12:19 . 2013-06-07 12:19 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-06-07 12:19 . 2013-06-07 12:19 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-06-07 12:19 . 2013-06-07 12:19 235008 ----a-w- c:\windows\system32\url.dll 2013-06-07 12:19 . 2013-06-07 12:19 216064 ----a-w- c:\windows\system32\msls31.dll 2013-06-07 12:19 . 2013-06-07 12:19 197120 ----a-w- c:\windows\system32\msrating.dll 2013-06-07 12:19 . 2013-06-07 12:19 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-06-07 12:19 . 2013-06-07 12:19 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-07 12:19 . 2013-06-07 12:19 144896 ----a-w- c:\windows\system32\wextract.exe 2013-06-07 12:19 . 2013-06-07 12:19 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-06-07 12:19 . 2013-06-07 12:19 102912 ----a-w- c:\windows\system32\inseng.dll 2013-06-07 12:19 . 2013-06-07 12:19 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-06-07 12:19 . 2013-06-07 12:19 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-06-07 12:19 . 2013-06-07 12:19 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-06-07 12:19 . 2013-06-07 12:19 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-06-07 12:19 . 2013-06-07 12:19 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-06-07 12:19 . 2013-06-07 12:19 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-06-07 12:19 . 2013-06-07 12:19 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-06-07 12:19 . 2013-06-07 12:19 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-06-07 12:19 . 2013-06-07 12:19 149504 ----a-w- c:\windows\system32\occache.dll 2013-06-07 12:19 . 2013-06-07 12:19 13824 ----a-w- c:\windows\system32\mshta.exe 2013-06-07 12:19 . 2013-06-07 12:19 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-06-07 12:19 . 2013-06-07 12:19 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-06-07 12:19 . 2013-06-07 12:19 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-05-13 05:51 . 2013-06-12 10:30 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-12 10:30 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-12 10:30 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-12 10:30 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-12 10:30 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-12 10:30 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 10:30 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-12 10:30 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 10:30 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-12 10:30 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-05-10 05:49 . 2013-06-12 10:30 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-10 03:20 . 2013-06-12 10:30 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-05-08 06:39 . 2013-06-12 10:30 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-02 00:06 . 2010-02-17 00:33 278800 ------w- c:\windows\system32\MpSigStub.exe 2010-10-27 17:04 . 2010-10-27 17:04 2000324 ----a-w- c:\program files (x86)\cdex_151.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-21 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-01-21 26624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-08-08 900160] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136] "Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] . c:\users\Polly1701\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Polly1701\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808] OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-11-30 18:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x] R3 netr7364;RT73-Drahtlostreiber für Vista von Conceptronic;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x] R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x] R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x] R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x] R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x] R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys;c:\windows\SYSNATIVE\DRIVERS\shpf.sys [x] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x] S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x] S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe;c:\program files\ShrewSoft\VPN Client\dtpd.exe [x] S2 HI-epanel-Reporting-Service;HI-epanel-Reporting-Service;c:\program files (x86)\Digital Trends Club\HI-epanel-Reporting.exe;c:\program files (x86)\Digital Trends Club\HI-epanel-Reporting.exe [x] S2 HI-epanel-Update-Service;HI-epanel-Update-Service;c:\program files (x86)\Digital Trends Club\HI-epanel-Updater.exe;c:\program files (x86)\Digital Trends Club\HI-epanel-Updater.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe;c:\program files\ShrewSoft\VPN Client\iked.exe [x] S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x] S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x] S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x] S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x] S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x] S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x] . . Inhalt des "geplante Tasks" Ordners . 2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 12:10] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Polly1701\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-07-20 13:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-07-20 13:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-07 9636896] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-21 171520] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-26 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-26 390680] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-26 410136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://search.qip.ru mDefault_Search_URL = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = about:blank mWindow Title = Microsoft Internet Explorer uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://search.qip.ru/ie IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000 IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll TCP: Interfaces\{4183AE89-854E-467C-9FCC-94DE00E792A2}: NameServer = 134.147.32.40,134.147.222.4 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-Java Auto Update - c:\users\Polly1701\AppData\Roaming\Java\Update\Download\Cache\jsheded.exe Wow6432Node-HKLM-Run-cvYTlJojJpL.exe - c:\programdata\cvYTlJojJpL.exe SafeBoot-mcmscsvc SafeBoot-MCODS HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe c:\program files (x86)\SONY\VAIO Event Service\VESMgr.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\SONY\VAIO Event Service\VESMgrSub.exe c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Sony\VAIO Care\listener.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-07-30 17:30:20 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-07-30 15:30 . Vor Suchlauf: 19 Verzeichnis(se), 372.890.681.344 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 372.717.383.680 Bytes frei . - - End Of File - - C376C5F390F5520ED7ACE97A55F3F0A4 D41D8CD98F00B204E9800998ECF8427E [/CODE] |
30.07.2013, 17:08 | #8 |
/// Malware-holic | Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei passt. bist du mal so gut und öffnest Computer, c: qoobox. packe den ordner Quarantain und lade ihn im Uploadchannel hoch, bescheid geben, wenn fertig
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.07.2013, 17:16 | #9 |
| Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Erledigt, aber beim Packen kam die Meldung, dass die Datei nicht geöffnet (oder gefunden?) werden konnte und "zugriff verweigert". zip-Datei wurde trotzdem erstellt und der Upload hat geklappt. |
30.07.2013, 17:20 | #10 |
/// Malware-holic | Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Hi, passt. 1. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
2. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.07.2013, 19:43 | #11 |
| Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Hi, beide Schritte geschafft! 1. Logfile TDSSKiller Code:
ATTFilter 18:32:43.0594 6536 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:32:43.0610 6536 ============================================================ 18:32:43.0610 6536 Current date / time: 2013/07/30 18:32:43.0610 18:32:43.0610 6536 SystemInfo: 18:32:43.0610 6536 18:32:43.0610 6536 OS Version: 6.1.7601 ServicePack: 1.0 18:32:43.0610 6536 Product type: Workstation 18:32:43.0610 6536 ComputerName: POLLY 18:32:43.0610 6536 UserName: Polly1701 18:32:43.0610 6536 Windows directory: C:\Windows 18:32:43.0610 6536 System windows directory: C:\Windows 18:32:43.0610 6536 Running under WOW64 18:32:43.0610 6536 Processor architecture: Intel x64 18:32:43.0610 6536 Number of processors: 4 18:32:43.0610 6536 Page size: 0x1000 18:32:43.0610 6536 Boot type: Normal boot 18:32:43.0610 6536 ============================================================ 18:32:44.0280 6536 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:32:44.0296 6536 ============================================================ 18:32:44.0296 6536 \Device\Harddisk0\DR0: 18:32:44.0296 6536 MBR partitions: 18:32:44.0296 6536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1127800, BlocksNum 0x32000 18:32:44.0296 6536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1159800, BlocksNum 0x3922C030 18:32:44.0296 6536 ============================================================ 18:32:44.0327 6536 C: <-> \Device\Harddisk0\DR0\Partition2 18:32:44.0327 6536 ============================================================ 18:32:44.0327 6536 Initialize success 18:32:44.0327 6536 ============================================================ 18:33:15.0481 4912 ============================================================ 18:33:15.0481 4912 Scan started 18:33:15.0481 4912 Mode: Manual; SigCheck; TDLFS; 18:33:15.0481 4912 ============================================================ 18:33:15.0652 4912 ================ Scan system memory ======================== 18:33:15.0652 4912 System memory - ok 18:33:15.0652 4912 ================ Scan services ============================= 18:33:15.0839 4912 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:33:15.0949 4912 1394ohci - ok 18:33:16.0073 4912 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 18:33:16.0120 4912 ACDaemon - ok 18:33:16.0183 4912 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:33:16.0198 4912 ACPI - ok 18:33:16.0261 4912 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:33:16.0339 4912 AcpiPmi - ok 18:33:16.0401 4912 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:33:16.0448 4912 adp94xx - ok 18:33:16.0463 4912 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:33:16.0495 4912 adpahci - ok 18:33:16.0495 4912 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:33:16.0510 4912 adpu320 - ok 18:33:16.0557 4912 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:33:16.0713 4912 AeLookupSvc - ok 18:33:16.0775 4912 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:33:16.0853 4912 AFD - ok 18:33:16.0947 4912 [ B29BC445561F1AC7B1DAF67AF954C36B ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe 18:33:16.0978 4912 AffinegyService - ok 18:33:17.0025 4912 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:33:17.0056 4912 agp440 - ok 18:33:17.0103 4912 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:33:17.0181 4912 ALG - ok 18:33:17.0243 4912 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:33:17.0275 4912 aliide - ok 18:33:17.0290 4912 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:33:17.0306 4912 amdide - ok 18:33:17.0353 4912 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 18:33:17.0415 4912 AmdK8 - ok 18:33:17.0415 4912 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 18:33:17.0477 4912 AmdPPM - ok 18:33:17.0509 4912 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:33:17.0540 4912 amdsata - ok 18:33:17.0571 4912 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 18:33:17.0602 4912 amdsbs - ok 18:33:17.0618 4912 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:33:17.0633 4912 amdxata - ok 18:33:17.0665 4912 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:33:17.0852 4912 AppID - ok 18:33:17.0883 4912 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:33:17.0961 4912 AppIDSvc - ok 18:33:18.0023 4912 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 18:33:18.0086 4912 Appinfo - ok 18:33:18.0164 4912 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 18:33:18.0195 4912 arc - ok 18:33:18.0211 4912 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:33:18.0226 4912 arcsas - ok 18:33:18.0273 4912 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys 18:33:18.0304 4912 ArcSoftKsUFilter - ok 18:33:18.0335 4912 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:33:18.0413 4912 AsyncMac - ok 18:33:18.0476 4912 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:33:18.0491 4912 atapi - ok 18:33:18.0569 4912 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys 18:33:18.0694 4912 athr - ok 18:33:18.0741 4912 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:33:18.0819 4912 AudioEndpointBuilder - ok 18:33:18.0835 4912 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:33:18.0866 4912 AudioSrv - ok 18:33:18.0913 4912 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:33:19.0006 4912 AxInstSV - ok 18:33:19.0069 4912 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 18:33:19.0131 4912 b06bdrv - ok 18:33:19.0178 4912 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:33:19.0225 4912 b57nd60a - ok 18:33:19.0287 4912 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:33:19.0334 4912 BDESVC - ok 18:33:19.0381 4912 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:33:19.0474 4912 Beep - ok 18:33:19.0552 4912 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:33:19.0599 4912 BFE - ok 18:33:19.0646 4912 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 18:33:19.0708 4912 BITS - ok 18:33:19.0755 4912 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 18:33:19.0786 4912 blbdrive - ok 18:33:19.0833 4912 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:33:19.0880 4912 bowser - ok 18:33:19.0927 4912 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 18:33:20.0020 4912 BrFiltLo - ok 18:33:20.0051 4912 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 18:33:20.0083 4912 BrFiltUp - ok 18:33:20.0145 4912 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 18:33:20.0207 4912 BridgeMP - ok 18:33:20.0254 4912 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:33:20.0317 4912 Browser - ok 18:33:20.0348 4912 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:33:20.0441 4912 Brserid - ok 18:33:20.0473 4912 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:33:20.0504 4912 BrSerWdm - ok 18:33:20.0535 4912 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:33:20.0566 4912 BrUsbMdm - ok 18:33:20.0597 4912 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:33:20.0629 4912 BrUsbSer - ok 18:33:20.0675 4912 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 18:33:20.0738 4912 BthEnum - ok 18:33:20.0785 4912 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 18:33:20.0831 4912 BTHMODEM - ok 18:33:20.0878 4912 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 18:33:20.0909 4912 BthPan - ok 18:33:20.0972 4912 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 18:33:21.0019 4912 BTHPORT - ok 18:33:21.0050 4912 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:33:21.0128 4912 bthserv - ok 18:33:21.0159 4912 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 18:33:21.0221 4912 BTHUSB - ok 18:33:21.0284 4912 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys 18:33:21.0315 4912 btusbflt - ok 18:33:21.0362 4912 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 18:33:21.0393 4912 btwaudio - ok 18:33:21.0455 4912 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 18:33:21.0502 4912 btwavdt - ok 18:33:21.0611 4912 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 18:33:21.0643 4912 btwdins - ok 18:33:21.0674 4912 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 18:33:21.0689 4912 btwl2cap - ok 18:33:21.0736 4912 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 18:33:21.0752 4912 btwrchid - ok 18:33:21.0908 4912 catchme - ok 18:33:21.0955 4912 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:33:22.0017 4912 cdfs - ok 18:33:22.0079 4912 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 18:33:22.0126 4912 cdrom - ok 18:33:22.0173 4912 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:33:22.0251 4912 CertPropSvc - ok 18:33:22.0313 4912 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 18:33:22.0360 4912 circlass - ok 18:33:22.0407 4912 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:33:22.0438 4912 CLFS - ok 18:33:22.0516 4912 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:33:22.0594 4912 clr_optimization_v2.0.50727_32 - ok 18:33:22.0641 4912 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:33:22.0672 4912 clr_optimization_v2.0.50727_64 - ok 18:33:22.0766 4912 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:33:22.0781 4912 clr_optimization_v4.0.30319_32 - ok 18:33:22.0844 4912 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:33:22.0859 4912 clr_optimization_v4.0.30319_64 - ok 18:33:22.0906 4912 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 18:33:22.0922 4912 CmBatt - ok 18:33:22.0953 4912 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:33:22.0969 4912 cmdide - ok 18:33:23.0015 4912 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 18:33:23.0031 4912 CNG - ok 18:33:23.0093 4912 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 18:33:23.0109 4912 Compbatt - ok 18:33:23.0156 4912 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:33:23.0203 4912 CompositeBus - ok 18:33:23.0218 4912 COMSysApp - ok 18:33:23.0265 4912 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 18:33:23.0281 4912 crcdisk - ok 18:33:23.0327 4912 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:33:23.0390 4912 CryptSvc - ok 18:33:23.0437 4912 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:33:23.0483 4912 DcomLaunch - ok 18:33:23.0530 4912 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:33:23.0577 4912 defragsvc - ok 18:33:23.0624 4912 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:33:23.0717 4912 DfsC - ok 18:33:23.0733 4912 DFUBTUSB - ok 18:33:23.0764 4912 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:33:23.0811 4912 Dhcp - ok 18:33:23.0842 4912 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:33:23.0905 4912 discache - ok 18:33:23.0936 4912 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 18:33:23.0951 4912 Disk - ok 18:33:23.0983 4912 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:33:24.0014 4912 Dnscache - ok 18:33:24.0045 4912 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:33:24.0139 4912 dot3svc - ok 18:33:24.0170 4912 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:33:24.0232 4912 DPS - ok 18:33:24.0279 4912 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:33:24.0310 4912 drmkaud - ok 18:33:24.0341 4912 dtpd - ok 18:33:24.0404 4912 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:33:24.0466 4912 DXGKrnl - ok 18:33:24.0497 4912 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:33:24.0560 4912 EapHost - ok 18:33:24.0669 4912 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 18:33:24.0794 4912 ebdrv - ok 18:33:24.0825 4912 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:33:24.0887 4912 EFS - ok 18:33:24.0965 4912 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:33:25.0059 4912 ehRecvr - ok 18:33:25.0090 4912 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:33:25.0137 4912 ehSched - ok 18:33:25.0199 4912 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 18:33:25.0246 4912 elxstor - ok 18:33:25.0262 4912 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:33:25.0293 4912 ErrDev - ok 18:33:25.0340 4912 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:33:25.0418 4912 EventSystem - ok 18:33:25.0496 4912 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 18:33:25.0543 4912 EvtEng - ok 18:33:25.0558 4912 ewusbnet - ok 18:33:25.0574 4912 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:33:25.0621 4912 exfat - ok 18:33:25.0636 4912 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:33:25.0699 4912 fastfat - ok 18:33:25.0745 4912 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:33:25.0808 4912 Fax - ok 18:33:25.0823 4912 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 18:33:25.0839 4912 fdc - ok 18:33:25.0855 4912 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:33:25.0917 4912 fdPHost - ok 18:33:25.0933 4912 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:33:25.0979 4912 FDResPub - ok 18:33:26.0011 4912 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:33:26.0026 4912 FileInfo - ok 18:33:26.0042 4912 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:33:26.0089 4912 Filetrace - ok 18:33:26.0104 4912 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 18:33:26.0135 4912 flpydisk - ok 18:33:26.0167 4912 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:33:26.0182 4912 FltMgr - ok 18:33:26.0260 4912 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 18:33:26.0323 4912 FontCache - ok 18:33:26.0369 4912 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:33:26.0385 4912 FontCache3.0.0.0 - ok 18:33:26.0401 4912 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:33:26.0432 4912 FsDepends - ok 18:33:26.0479 4912 [ B3EB502D2C3F47C47415F85387DFAEF1 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 18:33:26.0510 4912 fssfltr - ok 18:33:26.0635 4912 [ B6AB40819ECEC4BA07266EC0EBBC85A7 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 18:33:26.0728 4912 fsssvc - ok 18:33:26.0775 4912 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:33:26.0775 4912 Fs_Rec - ok 18:33:26.0822 4912 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:33:26.0853 4912 fvevol - ok 18:33:26.0900 4912 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:33:26.0931 4912 gagp30kx - ok 18:33:26.0993 4912 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:33:27.0056 4912 gpsvc - ok 18:33:27.0149 4912 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:33:27.0165 4912 gupdate - ok 18:33:27.0181 4912 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:33:27.0196 4912 gupdatem - ok 18:33:27.0259 4912 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 18:33:27.0321 4912 gusvc - ok 18:33:27.0337 4912 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:33:27.0399 4912 hcw85cir - ok 18:33:27.0446 4912 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:33:27.0508 4912 HdAudAddService - ok 18:33:27.0555 4912 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:33:27.0602 4912 HDAudBus - ok 18:33:27.0649 4912 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys 18:33:27.0680 4912 HECIx64 - ok 18:33:27.0867 4912 [ AF53DDCC45B762176B6AC7FB2A9A4B6B ] HI-epanel-Reporting-Service C:\Program Files (x86)\Digital Trends Club\HI-epanel-Reporting.exe 18:33:27.0929 4912 HI-epanel-Reporting-Service - ok 18:33:27.0992 4912 [ 5AE7BBA88C1F0F5FDC719205B9006D85 ] HI-epanel-Update-Service C:\Program Files (x86)\Digital Trends Club\HI-epanel-Updater.exe 18:33:28.0023 4912 HI-epanel-Update-Service - ok 18:33:28.0054 4912 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 18:33:28.0085 4912 HidBatt - ok 18:33:28.0085 4912 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 18:33:28.0117 4912 HidBth - ok 18:33:28.0148 4912 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 18:33:28.0179 4912 HidIr - ok 18:33:28.0210 4912 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 18:33:28.0257 4912 hidserv - ok 18:33:28.0288 4912 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:33:28.0319 4912 HidUsb - ok 18:33:28.0351 4912 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:33:28.0397 4912 hkmsvc - ok 18:33:28.0429 4912 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:33:28.0491 4912 HomeGroupListener - ok 18:33:28.0522 4912 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:33:28.0553 4912 HomeGroupProvider - ok 18:33:28.0600 4912 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:33:28.0631 4912 HpSAMD - ok 18:33:28.0694 4912 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:33:28.0772 4912 HTTP - ok 18:33:28.0834 4912 hwdatacard - ok 18:33:28.0850 4912 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:33:28.0881 4912 hwpolicy - ok 18:33:28.0975 4912 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:33:28.0990 4912 i8042prt - ok 18:33:29.0084 4912 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\Windows\system32\drivers\iaStor.sys 18:33:29.0115 4912 iaStor - ok 18:33:29.0193 4912 [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 18:33:29.0224 4912 IAStorDataMgrSvc - ok 18:33:29.0287 4912 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:33:29.0333 4912 iaStorV - ok 18:33:29.0396 4912 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:33:29.0474 4912 idsvc - ok 18:33:29.0723 4912 [ 2835C0808BA40FA8BC141E6015EB2414 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:33:30.0020 4912 igfx - ok 18:33:30.0051 4912 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:33:30.0067 4912 iirsp - ok 18:33:30.0082 4912 iked - ok 18:33:30.0129 4912 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:33:30.0207 4912 IKEEXT - ok 18:33:30.0254 4912 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 18:33:30.0301 4912 Impcd - ok 18:33:30.0394 4912 [ 0F144E5F46CB9043004B5E84AA4BCA6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:33:30.0457 4912 IntcAzAudAddService - ok 18:33:30.0503 4912 [ D248AAE81C156C0D47A77CD61BC24CD4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 18:33:30.0566 4912 IntcDAud - ok 18:33:30.0613 4912 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:33:30.0628 4912 intelide - ok 18:33:30.0675 4912 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 18:33:30.0706 4912 intelppm - ok 18:33:30.0722 4912 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:33:30.0784 4912 IPBusEnum - ok 18:33:30.0800 4912 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:33:30.0862 4912 IpFilterDriver - ok 18:33:30.0909 4912 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:33:30.0971 4912 iphlpsvc - ok 18:33:31.0003 4912 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:33:31.0034 4912 IPMIDRV - ok 18:33:31.0049 4912 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:33:31.0112 4912 IPNAT - ok 18:33:31.0127 4912 ipsecd - ok 18:33:31.0159 4912 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:33:31.0237 4912 IRENUM - ok 18:33:31.0283 4912 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:33:31.0315 4912 isapnp - ok 18:33:31.0346 4912 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:33:31.0393 4912 iScsiPrt - ok 18:33:31.0424 4912 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 18:33:31.0455 4912 kbdclass - ok 18:33:31.0502 4912 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 18:33:31.0533 4912 kbdhid - ok 18:33:31.0564 4912 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:33:31.0580 4912 KeyIso - ok 18:33:31.0611 4912 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:33:31.0627 4912 KSecDD - ok 18:33:31.0658 4912 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:33:31.0673 4912 KSecPkg - ok 18:33:31.0705 4912 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:33:31.0751 4912 ksthunk - ok 18:33:31.0783 4912 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:33:31.0892 4912 KtmRm - ok 18:33:31.0923 4912 [ E84DA1A93978B3700EA63414357B9BA3 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 18:33:31.0954 4912 L1C - ok 18:33:32.0017 4912 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 18:33:32.0095 4912 LanmanServer - ok 18:33:32.0141 4912 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:33:32.0219 4912 LanmanWorkstation - ok 18:33:32.0266 4912 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:33:32.0344 4912 lltdio - ok 18:33:32.0375 4912 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:33:32.0485 4912 lltdsvc - ok 18:33:32.0500 4912 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:33:32.0547 4912 lmhosts - ok 18:33:32.0594 4912 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 18:33:32.0594 4912 LMS ( UnsignedFile.Multi.Generic ) - warning 18:33:32.0594 4912 LMS - detected UnsignedFile.Multi.Generic (1) 18:33:32.0641 4912 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 18:33:32.0672 4912 LSI_FC - ok 18:33:32.0672 4912 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:33:32.0703 4912 LSI_SAS - ok 18:33:32.0703 4912 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 18:33:32.0719 4912 LSI_SAS2 - ok 18:33:32.0734 4912 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:33:32.0750 4912 LSI_SCSI - ok 18:33:32.0765 4912 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:33:32.0828 4912 luafv - ok 18:33:32.0875 4912 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:33:32.0906 4912 MBAMProtector - ok 18:33:32.0984 4912 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:33:33.0015 4912 MBAMScheduler - ok 18:33:33.0062 4912 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:33:33.0093 4912 MBAMService - ok 18:33:33.0124 4912 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:33:33.0155 4912 Mcx2Svc - ok 18:33:33.0187 4912 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 18:33:33.0218 4912 megasas - ok 18:33:33.0233 4912 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 18:33:33.0249 4912 MegaSR - ok 18:33:33.0327 4912 Microsoft SharePoint Workspace Audit Service - ok 18:33:33.0358 4912 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:33:33.0436 4912 MMCSS - ok 18:33:33.0452 4912 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:33:33.0483 4912 Modem - ok 18:33:33.0514 4912 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:33:33.0545 4912 monitor - ok 18:33:33.0577 4912 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:33:33.0592 4912 mouclass - ok 18:33:33.0639 4912 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:33:33.0686 4912 mouhid - ok 18:33:33.0733 4912 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:33:33.0748 4912 mountmgr - ok 18:33:33.0764 4912 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:33:33.0795 4912 mpio - ok 18:33:33.0826 4912 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:33:33.0857 4912 mpsdrv - ok 18:33:33.0904 4912 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:33:33.0967 4912 MpsSvc - ok 18:33:33.0998 4912 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:33:34.0045 4912 MRxDAV - ok 18:33:34.0076 4912 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:33:34.0123 4912 mrxsmb - ok 18:33:34.0154 4912 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:33:34.0185 4912 mrxsmb10 - ok 18:33:34.0216 4912 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:33:34.0263 4912 mrxsmb20 - ok 18:33:34.0294 4912 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:33:34.0325 4912 msahci - ok 18:33:34.0357 4912 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:33:34.0388 4912 msdsm - ok 18:33:34.0403 4912 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:33:34.0435 4912 MSDTC - ok 18:33:34.0481 4912 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:33:34.0528 4912 Msfs - ok 18:33:34.0559 4912 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:33:34.0622 4912 mshidkmdf - ok 18:33:34.0653 4912 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:33:34.0669 4912 msisadrv - ok 18:33:34.0700 4912 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:33:34.0762 4912 MSiSCSI - ok 18:33:34.0778 4912 msiserver - ok 18:33:34.0809 4912 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:33:34.0887 4912 MSKSSRV - ok 18:33:34.0903 4912 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:33:34.0965 4912 MSPCLOCK - ok 18:33:34.0981 4912 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:33:35.0027 4912 MSPQM - ok 18:33:35.0059 4912 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:33:35.0090 4912 MsRPC - ok 18:33:35.0121 4912 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:33:35.0121 4912 mssmbios - ok 18:33:35.0168 4912 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:33:35.0215 4912 MSTEE - ok 18:33:35.0246 4912 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 18:33:35.0261 4912 MTConfig - ok 18:33:35.0277 4912 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:33:35.0277 4912 Mup - ok 18:33:35.0308 4912 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:33:35.0371 4912 napagent - ok 18:33:35.0402 4912 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:33:35.0449 4912 NativeWifiP - ok 18:33:35.0511 4912 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:33:35.0542 4912 NDIS - ok 18:33:35.0589 4912 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:33:35.0636 4912 NdisCap - ok 18:33:35.0667 4912 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:33:35.0729 4912 NdisTapi - ok 18:33:35.0761 4912 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:33:35.0807 4912 Ndisuio - ok 18:33:35.0839 4912 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:33:35.0917 4912 NdisWan - ok 18:33:35.0948 4912 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:33:35.0995 4912 NDProxy - ok 18:33:36.0057 4912 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:33:36.0119 4912 NetBIOS - ok 18:33:36.0166 4912 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:33:36.0229 4912 NetBT - ok 18:33:36.0260 4912 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:33:36.0275 4912 Netlogon - ok 18:33:36.0322 4912 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:33:36.0385 4912 Netman - ok 18:33:36.0416 4912 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:33:36.0463 4912 netprofm - ok 18:33:36.0541 4912 [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys 18:33:36.0587 4912 netr7364 - ok 18:33:36.0619 4912 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:33:36.0728 4912 NetTcpPortSharing - ok 18:33:36.0899 4912 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys 18:33:37.0133 4912 NETw5s64 - ok 18:33:37.0196 4912 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:33:37.0227 4912 nfrd960 - ok 18:33:37.0258 4912 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:33:37.0289 4912 NlaSvc - ok 18:33:37.0492 4912 [ D884316E70D9BD296EDA37890DAC7BAA ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 18:33:37.0555 4912 NOBU - ok 18:33:37.0570 4912 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:33:37.0617 4912 Npfs - ok 18:33:37.0648 4912 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:33:37.0679 4912 nsi - ok 18:33:37.0711 4912 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:33:37.0773 4912 nsiproxy - ok 18:33:37.0835 4912 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:33:37.0882 4912 Ntfs - ok 18:33:37.0913 4912 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:33:37.0945 4912 Null - ok 18:33:37.0991 4912 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 18:33:38.0007 4912 NVHDA - ok 18:33:38.0288 4912 [ 9D1B69708732B57D1DBC0F648692A04B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:33:38.0631 4912 nvlddmkm - ok 18:33:38.0662 4912 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:33:38.0678 4912 nvraid - ok 18:33:38.0709 4912 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:33:38.0756 4912 nvstor - ok 18:33:38.0803 4912 [ 95D57F391BF4E81A5A9348B57A509E31 ] nvsvc C:\Windows\system32\nvvsvc.exe 18:33:38.0818 4912 nvsvc - ok 18:33:38.0865 4912 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:33:38.0881 4912 nv_agp - ok 18:33:38.0912 4912 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:33:38.0927 4912 ohci1394 - ok 18:33:38.0990 4912 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:33:39.0052 4912 ose - ok 18:33:39.0255 4912 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:33:39.0583 4912 osppsvc - ok 18:33:39.0614 4912 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:33:39.0661 4912 p2pimsvc - ok 18:33:39.0692 4912 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:33:39.0723 4912 p2psvc - ok 18:33:39.0754 4912 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 18:33:39.0770 4912 Parport - ok 18:33:39.0801 4912 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:33:39.0817 4912 partmgr - ok 18:33:39.0848 4912 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:33:39.0879 4912 PcaSvc - ok 18:33:39.0910 4912 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:33:39.0926 4912 pci - ok 18:33:39.0957 4912 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:33:39.0973 4912 pciide - ok 18:33:40.0004 4912 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 18:33:40.0051 4912 pcmcia - ok 18:33:40.0051 4912 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:33:40.0066 4912 pcw - ok 18:33:40.0097 4912 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:33:40.0144 4912 PEAUTH - ok 18:33:40.0222 4912 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:33:40.0269 4912 PerfHost - ok 18:33:40.0331 4912 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:33:40.0425 4912 pla - ok 18:33:40.0456 4912 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:33:40.0519 4912 PlugPlay - ok 18:33:40.0597 4912 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe 18:33:40.0612 4912 PMBDeviceInfoProvider - ok 18:33:40.0643 4912 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:33:40.0690 4912 PNRPAutoReg - ok 18:33:40.0721 4912 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:33:40.0737 4912 PNRPsvc - ok 18:33:40.0784 4912 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:33:40.0862 4912 PolicyAgent - ok 18:33:40.0909 4912 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:33:40.0971 4912 Power - ok 18:33:41.0018 4912 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:33:41.0080 4912 PptpMiniport - ok 18:33:41.0111 4912 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 18:33:41.0127 4912 Processor - ok 18:33:41.0158 4912 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:33:41.0221 4912 ProfSvc - ok 18:33:41.0236 4912 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:33:41.0236 4912 ProtectedStorage - ok 18:33:41.0283 4912 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:33:41.0361 4912 Psched - ok 18:33:41.0408 4912 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 18:33:41.0408 4912 PxHlpa64 - ok 18:33:41.0470 4912 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 18:33:41.0533 4912 ql2300 - ok 18:33:41.0564 4912 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 18:33:41.0579 4912 ql40xx - ok 18:33:41.0611 4912 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:33:41.0626 4912 QWAVE - ok 18:33:41.0642 4912 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:33:41.0673 4912 QWAVEdrv - ok 18:33:41.0689 4912 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:33:41.0751 4912 RasAcd - ok 18:33:41.0782 4912 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:33:41.0829 4912 RasAgileVpn - ok 18:33:41.0845 4912 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:33:41.0907 4912 RasAuto - ok 18:33:41.0954 4912 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:33:42.0032 4912 Rasl2tp - ok 18:33:42.0094 4912 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:33:42.0125 4912 RasMan - ok 18:33:42.0172 4912 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:33:42.0250 4912 RasPppoe - ok 18:33:42.0266 4912 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:33:42.0328 4912 RasSstp - ok 18:33:42.0359 4912 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:33:42.0422 4912 rdbss - ok 18:33:42.0453 4912 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 18:33:42.0500 4912 rdpbus - ok 18:33:42.0515 4912 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:33:42.0578 4912 RDPCDD - ok 18:33:42.0609 4912 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:33:43.0280 4912 RDPENCDD - ok 18:33:43.0327 4912 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:33:43.0358 4912 RDPREFMP - ok 18:33:43.0389 4912 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:33:43.0436 4912 RDPWD - ok 18:33:43.0483 4912 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:33:43.0514 4912 rdyboost - ok 18:33:43.0592 4912 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 18:33:43.0623 4912 RegSrvc - ok 18:33:43.0654 4912 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:33:43.0701 4912 RemoteAccess - ok 18:33:43.0732 4912 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:33:43.0795 4912 RemoteRegistry - ok 18:33:43.0841 4912 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 18:33:43.0873 4912 RFCOMM - ok 18:33:43.0904 4912 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\drivers\rimssne64.sys 18:33:43.0951 4912 rimspci - ok 18:33:44.0013 4912 [ AA7B4AC7CB1281349CD61DE067F00D5D ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys 18:33:44.0060 4912 risdsnpe - ok 18:33:44.0138 4912 [ D151224BC11078895A60FA970728FF59 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe 18:33:44.0216 4912 Roxio UPnP Renderer 10 - ok 18:33:44.0247 4912 [ 5022A927944878BD750960BD21E751AF ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe 18:33:44.0263 4912 Roxio Upnp Server 10 - ok 18:33:44.0278 4912 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:33:44.0325 4912 RpcEptMapper - ok 18:33:44.0356 4912 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:33:44.0372 4912 RpcLocator - ok 18:33:44.0403 4912 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:33:44.0450 4912 RpcSs - ok 18:33:44.0497 4912 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:33:44.0528 4912 rspndr - ok 18:33:44.0575 4912 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:33:44.0590 4912 SamSs - ok 18:33:44.0731 4912 [ 26A05F8833938BD989199E8681B53B86 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe 18:33:44.0746 4912 SAVAdminService - ok 18:33:44.0809 4912 [ 2192AE4D310ADB821B38595150F5A384 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys 18:33:44.0840 4912 SAVOnAccess - ok 18:33:44.0918 4912 [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe 18:33:44.0933 4912 SAVService - ok 18:33:44.0965 4912 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:33:44.0996 4912 sbp2port - ok 18:33:45.0027 4912 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:33:45.0089 4912 SCardSvr - ok 18:33:45.0105 4912 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:33:45.0152 4912 scfilter - ok 18:33:45.0199 4912 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:33:45.0261 4912 Schedule - ok 18:33:45.0292 4912 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:33:45.0323 4912 SCPolicySvc - ok 18:33:45.0370 4912 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 18:33:45.0401 4912 sdbus - ok 18:33:45.0448 4912 [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys 18:33:45.0464 4912 sdcfilter - ok 18:33:45.0495 4912 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:33:45.0557 4912 SDRSVC - ok 18:33:45.0604 4912 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:33:45.0667 4912 secdrv - ok 18:33:45.0698 4912 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:33:45.0729 4912 seclogon - ok 18:33:45.0760 4912 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 18:33:45.0838 4912 SENS - ok 18:33:45.0869 4912 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:33:45.0901 4912 SensrSvc - ok 18:33:45.0916 4912 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 18:33:45.0932 4912 Serenum - ok 18:33:45.0932 4912 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 18:33:45.0963 4912 Serial - ok 18:33:45.0994 4912 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 18:33:46.0025 4912 sermouse - ok 18:33:46.0057 4912 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:33:46.0135 4912 SessionEnv - ok 18:33:46.0166 4912 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\drivers\SFEP.sys 18:33:46.0213 4912 SFEP - ok 18:33:46.0244 4912 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:33:46.0275 4912 sffdisk - ok 18:33:46.0275 4912 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:33:46.0306 4912 sffp_mmc - ok 18:33:46.0322 4912 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:33:46.0369 4912 sffp_sd - ok 18:33:46.0400 4912 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 18:33:46.0447 4912 sfloppy - ok 18:33:46.0493 4912 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:33:46.0571 4912 SharedAccess - ok 18:33:46.0603 4912 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:33:46.0649 4912 ShellHWDetection - ok 18:33:46.0681 4912 [ C06CCD29F5C15B610237E86F82085E77 ] shpf C:\Windows\system32\DRIVERS\shpf.sys 18:33:46.0696 4912 shpf - ok 18:33:46.0727 4912 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 18:33:46.0743 4912 SiSRaid2 - ok 18:33:46.0759 4912 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:33:46.0774 4912 SiSRaid4 - ok 18:33:46.0852 4912 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 18:33:46.0868 4912 SkypeUpdate - ok 18:33:46.0899 4912 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:33:46.0961 4912 Smb - ok 18:33:47.0024 4912 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:33:47.0055 4912 SNMPTRAP - ok 18:33:47.0133 4912 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe 18:33:47.0164 4912 SOHCImp - ok 18:33:47.0180 4912 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe 18:33:47.0211 4912 SOHDBSvr - ok 18:33:47.0227 4912 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe 18:33:47.0258 4912 SOHDms - ok 18:33:47.0289 4912 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe 18:33:47.0305 4912 SOHDs - ok 18:33:47.0320 4912 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe 18:33:47.0351 4912 SOHPlMgr - ok 18:33:47.0414 4912 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe 18:33:47.0429 4912 Sophos AutoUpdate Service - ok 18:33:47.0507 4912 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe 18:33:47.0539 4912 Sophos Web Control Service - ok 18:33:47.0617 4912 [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys 18:33:47.0648 4912 SophosBootDriver - ok 18:33:47.0663 4912 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:33:47.0679 4912 spldr - ok 18:33:47.0726 4912 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 18:33:47.0773 4912 Spooler - ok 18:33:47.0882 4912 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:33:47.0991 4912 sppsvc - ok 18:33:48.0022 4912 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:33:48.0085 4912 sppuinotify - ok 18:33:48.0116 4912 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:33:48.0163 4912 srv - ok 18:33:48.0194 4912 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:33:48.0225 4912 srv2 - ok 18:33:48.0256 4912 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:33:48.0303 4912 srvnet - ok 18:33:48.0350 4912 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:33:48.0443 4912 SSDPSRV - ok 18:33:48.0459 4912 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:33:48.0490 4912 SstpSvc - ok 18:33:48.0521 4912 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 18:33:48.0537 4912 stexstor - ok 18:33:48.0584 4912 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:33:48.0599 4912 stisvc - ok 18:33:48.0631 4912 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:33:48.0646 4912 swenum - ok 18:33:48.0771 4912 [ B3379659D773BFDD3B631F5FEE2FF2B3 ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe 18:33:48.0833 4912 swi_service - ok 18:33:48.0989 4912 [ F6A5E474ED27BA7938A1D0CA19F7008B ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe 18:33:49.0083 4912 swi_update_64 - ok 18:33:49.0114 4912 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:33:49.0177 4912 swprv - ok 18:33:49.0223 4912 [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 18:33:49.0255 4912 SynTP - ok 18:33:49.0333 4912 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:33:49.0395 4912 SysMain - ok 18:33:49.0426 4912 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:33:49.0442 4912 TabletInputService - ok 18:33:49.0457 4912 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:33:49.0520 4912 TapiSrv - ok 18:33:49.0551 4912 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:33:49.0629 4912 TBS - ok 18:33:49.0723 4912 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:33:49.0754 4912 Tcpip - ok 18:33:49.0832 4912 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:33:49.0879 4912 TCPIP6 - ok 18:33:49.0910 4912 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:33:49.0941 4912 tcpipreg - ok 18:33:49.0972 4912 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:33:50.0019 4912 TDPIPE - ok 18:33:50.0035 4912 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:33:50.0081 4912 TDTCP - ok 18:33:50.0128 4912 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:33:50.0191 4912 tdx - ok 18:33:50.0222 4912 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:33:50.0253 4912 TermDD - ok 18:33:50.0284 4912 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:33:50.0331 4912 TermService - ok 18:33:50.0362 4912 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:33:50.0409 4912 Themes - ok 18:33:50.0456 4912 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:33:50.0503 4912 THREADORDER - ok 18:33:50.0534 4912 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:33:50.0581 4912 TrkWks - ok 18:33:50.0643 4912 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:33:50.0705 4912 TrustedInstaller - ok 18:33:50.0721 4912 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:33:50.0768 4912 tssecsrv - ok 18:33:50.0846 4912 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:33:50.0893 4912 TsUsbFlt - ok 18:33:50.0939 4912 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:33:51.0002 4912 tunnel - ok 18:33:51.0033 4912 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:33:51.0049 4912 uagp35 - ok 18:33:51.0111 4912 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe 18:33:51.0142 4912 uCamMonitor - ok 18:33:51.0173 4912 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:33:51.0267 4912 udfs - ok 18:33:51.0298 4912 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:33:51.0314 4912 UI0Detect - ok 18:33:51.0345 4912 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:33:51.0392 4912 uliagpkx - ok 18:33:51.0439 4912 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 18:33:51.0485 4912 umbus - ok 18:33:51.0532 4912 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 18:33:51.0563 4912 UmPass - ok 18:33:51.0673 4912 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 18:33:51.0735 4912 UNS ( UnsignedFile.Multi.Generic ) - warning 18:33:51.0735 4912 UNS - detected UnsignedFile.Multi.Generic (1) 18:33:51.0766 4912 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:33:51.0813 4912 upnphost - ok 18:33:51.0844 4912 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:33:51.0891 4912 usbccgp - ok 18:33:51.0907 4912 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:33:51.0922 4912 usbcir - ok 18:33:51.0953 4912 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 18:33:51.0985 4912 usbehci - ok 18:33:52.0031 4912 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:33:52.0094 4912 usbhub - ok 18:33:52.0125 4912 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:33:52.0156 4912 usbohci - ok 18:33:52.0187 4912 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:33:52.0234 4912 usbprint - ok 18:33:52.0265 4912 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:33:52.0328 4912 USBSTOR - ok 18:33:52.0328 4912 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:33:52.0375 4912 usbuhci - ok 18:33:52.0421 4912 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 18:33:52.0453 4912 usbvideo - ok 18:33:52.0484 4912 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:33:52.0546 4912 UxSms - ok 18:33:52.0593 4912 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe 18:33:52.0640 4912 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning 18:33:52.0640 4912 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1) 18:33:52.0718 4912 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe 18:33:52.0733 4912 VAIO Event Service - ok 18:33:52.0780 4912 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe 18:33:52.0811 4912 VAIO Power Management - ok 18:33:52.0827 4912 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:33:52.0827 4912 VaultSvc - ok 18:33:52.0889 4912 [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe 18:33:52.0921 4912 VCFw - ok 18:33:53.0030 4912 [ 10E212BFB7EAB152A64C1AAEC2F7F4E0 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe 18:33:53.0045 4912 VcmIAlzMgr - ok 18:33:53.0092 4912 [ 9D9B34B430B4DC683112F59C80D20AB8 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe 18:33:53.0155 4912 VcmINSMgr - ok 18:33:53.0248 4912 [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe 18:33:53.0279 4912 VcmXmlIfHelper - ok 18:33:53.0342 4912 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe 18:33:53.0357 4912 VCService - ok 18:33:53.0404 4912 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:33:53.0420 4912 vdrvroot - ok 18:33:53.0467 4912 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:33:53.0545 4912 vds - ok 18:33:53.0560 4912 [ 70EB327D68D7CEC357B734B0BE5B4A21 ] vflt C:\Windows\system32\DRIVERS\vfilter.sys 18:33:53.0623 4912 vflt - ok 18:33:53.0654 4912 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:33:53.0669 4912 vga - ok 18:33:53.0685 4912 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:33:53.0732 4912 VgaSave - ok 18:33:53.0763 4912 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:33:53.0794 4912 vhdmp - ok 18:33:53.0825 4912 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:33:53.0841 4912 viaide - ok 18:33:53.0872 4912 [ 71BF90872B6A7B34A26F4794DDA7AEC3 ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys 18:33:53.0919 4912 vnet - ok 18:33:53.0966 4912 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:33:53.0981 4912 volmgr - ok 18:33:54.0013 4912 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:33:54.0044 4912 volmgrx - ok 18:33:54.0059 4912 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:33:54.0075 4912 volsnap - ok 18:33:54.0122 4912 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:33:54.0169 4912 vsmraid - ok 18:33:54.0247 4912 [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe 18:33:54.0278 4912 VSNService ( UnsignedFile.Multi.Generic ) - warning 18:33:54.0278 4912 VSNService - detected UnsignedFile.Multi.Generic (1) 18:33:54.0340 4912 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:33:54.0449 4912 VSS - ok 18:33:54.0715 4912 [ 630BC8454C8F1398CE4FAEA1FBF62789 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe 18:33:54.0746 4912 VUAgent - ok 18:33:54.0777 4912 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:33:54.0808 4912 vwifibus - ok 18:33:54.0824 4912 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:33:54.0855 4912 vwififlt - ok 18:33:54.0902 4912 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 18:33:54.0933 4912 vwifimp - ok 18:33:54.0980 4912 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe 18:33:54.0995 4912 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning 18:33:54.0995 4912 VzCdbSvc - detected UnsignedFile.Multi.Generic (1) 18:33:55.0042 4912 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:33:55.0120 4912 W32Time - ok 18:33:55.0136 4912 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 18:33:55.0167 4912 WacomPen - ok 18:33:55.0214 4912 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:33:55.0276 4912 WANARP - ok 18:33:55.0307 4912 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:33:55.0339 4912 Wanarpv6 - ok 18:33:55.0432 4912 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 18:33:55.0495 4912 WatAdminSvc - ok 18:33:55.0573 4912 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:33:55.0666 4912 wbengine - ok 18:33:55.0713 4912 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:33:55.0760 4912 WbioSrvc - ok 18:33:55.0791 4912 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:33:55.0838 4912 wcncsvc - ok 18:33:55.0869 4912 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:33:55.0900 4912 WcsPlugInService - ok 18:33:55.0931 4912 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 18:33:55.0947 4912 Wd - ok 18:33:55.0994 4912 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:33:56.0009 4912 Wdf01000 - ok 18:33:56.0041 4912 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:33:56.0119 4912 WdiServiceHost - ok 18:33:56.0150 4912 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:33:56.0165 4912 WdiSystemHost - ok 18:33:56.0197 4912 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:33:56.0243 4912 WebClient - ok 18:33:56.0259 4912 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:33:56.0337 4912 Wecsvc - ok 18:33:56.0353 4912 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:33:56.0399 4912 wercplsupport - ok 18:33:56.0446 4912 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:33:56.0477 4912 WerSvc - ok 18:33:56.0524 4912 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:33:56.0587 4912 WfpLwf - ok 18:33:56.0602 4912 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:33:56.0618 4912 WIMMount - ok 18:33:56.0633 4912 WinDefend - ok 18:33:56.0633 4912 WinHttpAutoProxySvc - ok 18:33:56.0711 4912 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:33:56.0758 4912 Winmgmt - ok 18:33:56.0836 4912 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:33:56.0945 4912 WinRM - ok 18:33:56.0992 4912 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 18:33:57.0039 4912 WinUsb - ok 18:33:57.0086 4912 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:33:57.0133 4912 Wlansvc - ok 18:33:57.0273 4912 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:33:57.0320 4912 wlidsvc - ok 18:33:57.0351 4912 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:33:57.0382 4912 WmiAcpi - ok 18:33:57.0413 4912 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:33:57.0460 4912 wmiApSrv - ok 18:33:57.0491 4912 WMPNetworkSvc - ok 18:33:57.0491 4912 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:33:57.0538 4912 WPCSvc - ok 18:33:57.0585 4912 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:33:57.0601 4912 WPDBusEnum - ok 18:33:57.0632 4912 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:33:57.0710 4912 ws2ifsl - ok 18:33:57.0741 4912 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 18:33:57.0788 4912 wscsvc - ok 18:33:57.0788 4912 WSearch - ok 18:33:57.0881 4912 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:33:57.0928 4912 wuauserv - ok 18:33:57.0944 4912 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:33:57.0991 4912 WudfPf - ok 18:33:58.0022 4912 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:33:58.0053 4912 WUDFRd - ok 18:33:58.0100 4912 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:33:58.0131 4912 wudfsvc - ok 18:33:58.0162 4912 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 18:33:58.0209 4912 WwanSvc - ok 18:33:58.0256 4912 ================ Scan global =============================== 18:33:58.0287 4912 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:33:58.0318 4912 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:33:58.0334 4912 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:33:58.0365 4912 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:33:58.0381 4912 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:33:58.0381 4912 [Global] - ok 18:33:58.0396 4912 ================ Scan MBR ================================== 18:33:58.0396 4912 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 18:33:59.0457 4912 \Device\Harddisk0\DR0 - ok 18:33:59.0457 4912 ================ Scan VBR ================================== 18:33:59.0488 4912 [ 908042BAFC5F5B88552BFFA9ADA6EC0C ] \Device\Harddisk0\DR0\Partition1 18:33:59.0488 4912 \Device\Harddisk0\DR0\Partition1 - ok 18:33:59.0504 4912 [ E7F60DEC86C4EE3CD610F96DEF960160 ] \Device\Harddisk0\DR0\Partition2 18:33:59.0504 4912 \Device\Harddisk0\DR0\Partition2 - ok 18:33:59.0519 4912 ============================================================ 18:33:59.0519 4912 Scan finished 18:33:59.0519 4912 ============================================================ 18:33:59.0519 4380 Detected object count: 5 18:33:59.0519 4380 Actual detected object count: 5 18:34:50.0001 4380 LMS ( UnsignedFile.Multi.Generic ) - skipped by user 18:34:50.0001 4380 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:34:50.0001 4380 UNS ( UnsignedFile.Multi.Generic ) - skipped by user 18:34:50.0001 4380 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:34:50.0001 4380 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user 18:34:50.0001 4380 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:34:50.0017 4380 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user 18:34:50.0017 4380 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:34:50.0017 4380 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user 18:34:50.0017 4380 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:35:31.0484 2664 Deinitialize success Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.30.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Polly1701 :: POLLY [Administrator] 30.07.2013 18:49:43 mbam-log-2013-07-30 (18-49-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 423163 Laufzeit: 1 Stunde(n), 36 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Polly1701\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 4 C:\Users\Polly1701\AppData\Roaming\OpenCandy\4E9A37112048444581B2FB36B389EA58\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles.zip (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\07302013_163026\C_Users\Polly1701\AppData\Local\JCmZFOv.exe (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Polly1701\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
30.07.2013, 19:52 | #12 |
/// Malware-holic | Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Hi, lade den CCleaner standard: http://filepony.de/download-ccleaner/ falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.07.2013, 20:50 | #13 |
| Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Hi, hier ist die Liste. Bei manchen Programmen hab ich "unbekannt" dahinter geschrieben, wobei ich nicht weiß, ob die Programme nicht für irgendwelche Hintergrundprozesse oder ähnliches benötigt werden (z.B. Programme von Microsoft, Sony/Vaio, Skype). Ich kann aber auch die Liste gern überarbeiten! Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 17.06.2013 3.7.0.2090 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.06.2012 6,00 MB 11.3.300.257 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 19.12.2012 6,00 MB 11.5.502.135 notwendig Adobe Reader 9.5.2 - Deutsch Adobe Systems Incorporated 06.11.2012 119 MB 9.5.2 notwendig Amazon MP3-Downloader 1.0.17 Amazon Services LLC 21.12.2012 1.0.17 notwendig Apple Application Support Apple Inc. 17.04.2011 52,8 MB 1.4.1 unbekannt Apple Software Update Apple Inc. 07.08.2011 2,38 MB 2.1.3.127 unbekannt ArcSoft Magic-i Visual Effects 2 ArcSoft 21.01.2010 2.0.1.85 notwendig ArcSoft PhotoBase 3 17.02.2010 unnötig ArcSoft PhotoStudio 5 17.02.2010 notwendig ArcSoft WebCam Companion 3 ArcSoft 06.08.2011 3.0.21.390 notwendig ArgoUML Latest Stable Release 0.32.2 Tigris.org (Open Source) 29.06.2011 unbekannt Belkin Installationsprogramm und Router Monitor 03.11.2011 47,5 MB notwendig CCleaner Piriform 22.07.2013 4.04 notwendig CDex extraction audio 27.10.2010 notwendig Digital Trends Club HI-epanel 23.08.2011 8,92 MB 11.1.3067 notwendig Dropbox Dropbox, Inc. 23.07.2013 2.0.26 notwendig Einstellungen für VAIO-Inhaltsüberwachung Sony Corporation 21.01.2010 2.4.1.09180 unbekannt Evernote Evernote Corp. 03.02.2010 88,2 MB 3.5.0.1258 unnötig Google Chrome Google Inc. 21.01.2010 3.0.195.21 unnötig Google Earth Plug-in Google 23.03.2013 80,7 MB 7.0.3.8542 notwendig Google Toolbar for Internet Explorer Google Inc. 25.06.2013 7.5.4209.2358 unnötig Intel(R) Control Center Intel Corporation 26.11.2012 1.2.1.1007 notwendig Intel(R) Graphics Media Accelerator Driver Intel Corporation 26.11.2012 8.15.10.2040 notwendig Intel(R) Management Engine Components Intel Corporation 08.11.2012 6.0.0.1179 notwendig Intel(R) PROSet/Wireless WiFi-Software Intel Corporation 21.01.2010 109 MB 13.00.0000 notwendig Intel(R) Rapid Storage Technology Intel Corporation 26.11.2012 9.5.4.1001 notwendig Java(TM) 6 Update 16 (64-bit) Sun Microsystems, Inc. 21.01.2010 90,8 MB 6.0.160 notwendig Java(TM) 6 Update 20 Sun Microsystems, Inc. 21.01.2010 97,6 MB 6.0.200 notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 30.07.2013 19,2 MB 1.75.0.1300 notwendig Media Gallery Sony Corporation 21.01.2010 1.1.0.10210 unnötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 22.09.2010 38,8 MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 22.09.2010 2,93 MB 4.0.30319 unbekannt Microsoft Office Professional Plus 2010 Microsoft Corporation 30.11.2011 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 10.07.2013 100 MB 5.1.20513.0 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 21.01.2010 1,72 MB 3.1.0000 unbekannt Microsoft SQL Server Compact 3.5 SP1 English Microsoft Corporation 21.01.2010 2,59 MB 3.5.5692.0 unbekannt Microsoft SQL Server Compact 3.5 SP1 x64 English Microsoft Corporation 21.01.2010 3,69 MB 3.5.5692.0 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 03.02.2010 250 KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 20.06.2011 300 KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 30.12.2011 2,06 MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 16.02.2012 234 KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 01.01.2012 600 KB 9.0.30729.6161 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 03.02.2010 1,27 MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 03.02.2010 1,33 MB 4.20.9876.0 unbekannt MusicStation Omnifone 21.01.2010 21,4 MB 2.0.0.1067 unbekannt MyHeritage Family Tree Builder MyHeritage.com 30.12.2011 6.0.0.5634 notwendig Norton Online Backup Symantec Corporation 26.05.2013 9,01 MB 2.7.2.25 unnötig NVIDIA Drivers NVIDIA Corporation 26.11.2009 1.9 notwendig Opera 11.50 Opera Software ASA 30.06.2011 11.50.1074 unnötig Opera 12.16 Opera Software ASA 06.07.2013 12.16.1860 notwendig PDFCreator Frank Heindörfer, Philip Chinery 29.03.2010 0.9.9 notwendig Pixlr-o-matic UNKNOWN 09.10.2012 2.1 notwendig PMB Sony Corporation 21.01.2010 257 MB 5.0.00.10260 notwendig PMB VAIO Edition Guide Sony Corporation 21.01.2010 197 MB 1.0.00.09250 unbekannt PMB VAIO Edition plug-in (Click to Disc) Sony Corporation 08.05.2010 188 MB 3.2.00.16060 unbekannt PMB VAIO Edition plug-in (VAIO Image Optimizer) Sony Corporation 26.11.2012 54,8 MB 1.2.00.15250 unbekannt PMB VAIO Edition plug-in (VAIO Movie Story) Sony Corporation 08.05.2010 69,4 MB 2.2.00.15250 unbekannt PMB-Aktualisierungsprogramm Sony Corporation 09.02.2011 63,5 MB 5.2.00.03250 unbekannt Protector Suite 2009 UPEK Inc. 21.01.2010 120 MB 5.9.2.5746 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 21.01.2010 6.0.1.5992 notwendig Roxio Easy Media Creator 10 LJ Roxio 21.01.2010 125 MB 10.3 unbekannt SecureW2 EAP Suite 2.0.4 for Windows 19.05.2011 unbekannt Setting Utility Series Sony Corporation 21.01.2010 5.1.0.11200 unbekannt Shrew Soft VPN Client 09.02.2010 notwendig SimAquarium grafio 07.05.2010 notwendig Skype Click to Call Skype Technologies S.A. 17.04.2012 10,0 MB 5.9.9216 unbekannt Skype™ 6.3 Skype Technologies S.A. 22.07.2013 21,1 MB 6.3.107 notwendig Sony Home Network Library Sony Corporation 21.01.2010 2.0.2.12150 unbekannt Sophos Anti-Virus Sophos Limited 10.07.2013 70,8 MB 10.0.10 notwendig Sophos AutoUpdate Sophos Limited 08.08.2012 15,1 MB 2.7.4.317 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 21.01.2010 14.0.10.0 notwendig The Bat! International Pack v4.2.23 Ritlabs 18.03.2010 20,6 MB 4.2.23 notwendig TheBat! Home v5.0.8 Ritlabs 11.04.2011 38,0 MB 5.0.8 notwendig VAIO Care Sony Corporation 06.12.2011 6.4.2.11150 notwendig VAIO Content Metadata Intelligent Analyzing Manager Sony Corporation 21.01.2010 3.6.0.09250 unbekannt VAIO Content Metadata Intelligent Network Service Manager Sony Corporation 21.01.2010 3.6.0.09080 unbekannt VAIO Content Metadata Manager Settings Sony Corporation 21.01.2010 3.6.0.09240 unbekannt VAIO Content Metadata XML Interface Library Sony Corporation 21.01.2010 3.6.0.09080 unbekannt VAIO Control Center Sony Corporation 26.11.2012 4.1.1.07160 unbekannt VAIO Data Restore Tool Sony Corporation 21.01.2010 1.2.0.09150 unbekannt VAIO DVD Menu Data Sony Corporation 21.01.2010 2.1.00.15050 unbekannt VAIO Energie Verwaltung Sony Corporation 21.01.2010 5.0.0.11300 notwendig VAIO Entertainment Platform Sony Corporation 21.01.2010 3.6.0.09150 unbekannt VAIO Event Service Sony Corporation 21.01.2010 5.1.0.11300 unbekannt VAIO Gate Sony Corporation 21.01.2010 1.2.0.09240 notwendig VAIO Gate Default Sony Corporation 21.01.2010 1.0.0.10290 notwendig VAIO Marketing Tools Sony Corporation 21.01.2010 unbekannt VAIO Media plus Sony Corporation 21.01.2010 2.0.1.10160 unbekannt VAIO Media plus Opening Movie Sony Corporation 21.01.2010 1.2.0.09100 unbekannt VAIO Movie Story Template Data Sony Corporation 21.01.2010 438 MB 2.2.00.15250 unbekannt VAIO Original Funktion Einstellungen Sony Corporation 21.01.2010 2.0.0.07010 unbekannt VAIO Personalization Manager Sony Corporation 21.01.2010 2.0.0.06220 unbekannt VAIO Premium Partners Sony Europe 21.01.2010 1.0 unbekannt VAIO screensaver Sony Europe 21.01.2010 1.0.0.0 notwendig VAIO Smart Network Sony Corporation 26.11.2012 3.3.1.08110 notwendig VAIO Update Sony Corporation 12.06.2013 6.2.1.03260 notwendig VAIO Wallpaper Contents Sony Corporation 21.01.2010 2.0.0.06010 notwendig VAIO-Support für Übertragungen Sony Corporation 30.06.2010 1.1.2.06030 unbekannt VideoPad Videobearbeitungs-Software NCH Software 06.07.2013 unbekannt VLC media player 1.0.5 VideoLAN Team 03.04.2010 1.0.5 notwendig WIDCOMM Bluetooth Software Broadcom Corporation 25.11.2009 144 MB 6.2.1.500 notwendig Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) Broadcom 21.01.2010 09/09/2009 6.2.0.9405 notwendig Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 21.01.2010 07/28/2009 6.2.0.9800 notwendig Windows Live Essentials Microsoft Corporation 06.07.2013 16.4.3508.0205 unnötig Windows Live Sync Microsoft Corporation 21.01.2010 2,79 MB 14.0.8089.726 unbekannt WinRAR 4.01 (32-Bit) win.rar GmbH 04.07.2011 4.01.0 notwendig XnView 1.97.8 Gougelet Pierre-e 10.12.2010 8,17 MB 1.97.8 notwendig |
31.07.2013, 12:27 | #14 |
/// Malware-holic | Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Hi, es sind 2 Logs zu erstellen, poste diese möglichst gleichzeitig. 1. deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Evernote Google : beide unnötigen Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Media Gallery Norton VideoPad Öffne bitte CCleaner, analysieren, starten, PC neustarten. 2. Downloade Dir bitte AdwCleaner auf deinen Desktop.
neustarten. 3. Lade Hitmanpro: HitmanPro - Download - Filepony Doppelklicken, Scan klicken. Nichts löschen, weiter klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängen.b
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.07.2013, 14:49 | #15 |
| Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei Hi, Schritt 1: durchgeführt Schritt 2: durchgeführt, hier die Logdatei AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 31/07/2013 um 15:17:23 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Polly1701 - POLLY # Bootmodus : Normal # Ausgeführt unter : C:\Users\Polly1701\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\END Datei Gelöscht : C:\Users\Polly1701\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll Ordner Gelöscht : C:\Program Files (x86)\GinyasBrowserCompanion Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Users\Polly1701\AppData\Roaming\DesktopIconForAmazon Ordner Gelöscht : C:\Users\Polly1701\AppData\Roaming\GinyasBrowserCompanion Ordner Gelöscht : C:\Users\Polly1701\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\BabSolution Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie --> hxxp://www.google.com -\\ Opera v12.16.1860.0 Datei : C:\Users\Polly1701\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [4177 octets] - [31/07/2013 15:17:23] ########## EOF - C:\AdwCleaner[S1].txt - [4237 octets] ########## Schritt 3: gescannt, angezeigt wurden die Scanergebnisse und die Meldung "Klicken Sie auf Weiter um die Schadsoftware zu entfernen" - ich hab erstmal nicht auf "weiter" geklickt (falls ich die Anweisung "nichts löschen" richtig verstanden habe?) und nur die Logdatei gespeichert Code:
ATTFilter HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : POLLY Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Polly\Polly1701 UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2013-07-31 15:27:51 Scan mode . . . . . . : Normal Scan duration . . . . : 10m 36s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 346 Traces . . . . . . . : 346 Objects scanned . . . : 1.762.761 Files scanned . . . . : 47.239 Remnants scanned . . : 490.576 files / 1.224.946 keys Malware _____________________________________________________________________ C:\Users\Public\Documents\Install\ACD Systems\ACD Systems Canvas X KeyGenerator\Keygen.exe Size . . . . . . . : 50.176 bytes Age . . . . . . . : 1234.6 days (2010-03-15 00:53:59) Entropy . . . . . : 7.6 SHA-256 . . . . . : C19E0C6E617E12BD05BAC8E70B9D6916B7E768DAD827EFD5943F3716CBD74561 > G Data . . . . . . : Gen:Variant.Kazy.6996 Fuzzy . . . . . . : 118.0 C:\Users\Public\Documents\Install\Adobe Photoshop CS 8.0\crack\CRACK.EXE Size . . . . . . . : 36.312 bytes Age . . . . . . . : 1234.6 days (2010-03-15 00:53:57) Entropy . . . . . : 6.1 SHA-256 . . . . . : 0E1AF3B829DF94F4ECBA07A0B339103778FA031A100A873FDEF34BA41EDBC5E2 > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\Users\Public\Documents\Install\Media Player Classic 6.4.8.4 For Windows 2000, XP.exe Size . . . . . . . : 53.760 bytes Age . . . . . . . : 1234.6 days (2010-03-15 00:52:55) Entropy . . . . . : 7.5 SHA-256 . . . . . : 7869525CA294882CA9330370F6891FA7EA8A7062E5CE20DC856767028F0E498D > G Data . . . . . . : Gen:Trojan.Heur.dmGfrbHHe2hcu Fuzzy . . . . . . : 114.0 C:\Users\Public\Documents\Install\Symantec AntiVirus Corporate Edition 10.0 [EN]\Rollout\AVServer\AMS2\WINNT\amsremote.exe Size . . . . . . . : 70.632 bytes Age . . . . . . . : 1234.6 days (2010-03-15 00:53:13) Entropy . . . . . : 6.5 SHA-256 . . . . . : EF88D4511006E61DB5411FC8628C4F9C7113595FBF43D45EC7FE0FB85FC94596 > G Data . . . . . . : Gen:Variant.Symmi.25404 Fuzzy . . . . . . : 106.0 C:\Users\Public\Documents\Install\Symantec AntiVirus Corporate Edition 10.0 [EN]\Rollout\AVServer\CopySrv.exe Size . . . . . . . : 134.576 bytes Age . . . . . . . : 1234.6 days (2010-03-15 00:53:09) Entropy . . . . . : 6.3 SHA-256 . . . . . : 9CC3013FA879E0E4253B7DBEC2C95FD537105C40531BD9161F1F4BD436D555E2 > G Data . . . . . . : Gen:Variant.Symmi.25404 Fuzzy . . . . . . : 106.0 C:\Users\Public\Documents\Install\Symantec AntiVirus Corporate Edition 10.0 [EN]\Tools\Nosuprt\QuarDel\QuarDel.exe Size . . . . . . . : 58.376 bytes Age . . . . . . . : 1234.6 days (2010-03-15 00:53:02) Entropy . . . . . : 5.0 SHA-256 . . . . . : 85BE7BF1CBBAF21D381609A1C3C0B664D277F0E2DFDD5D38D6D6547966D7FA59 > Ikarus . . . . . . : Rootkit.Win32.Agent!IK Fuzzy . . . . . . : 106.0 C:\Users\Public\Documents\Install\WinAmp\Plugins\SHOUTcast DSP 1.8.2.exe Size . . . . . . . : 36.312 bytes Age . . . . . . . : 1234.6 days (2010-03-15 00:52:59) Entropy . . . . . : 6.2 SHA-256 . . . . . : 3077DC4B329B5362380DDFF5E5F771DD01F9A3F16B335CF6AADF8775A9716C57 > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\Users\Public\Documents\Install\WinAmp\Plugins\Vorbis Decoder 1.17c.exe Size . . . . . . . : 35.800 bytes Age . . . . . . . : 1234.6 days (2010-03-15 00:53:00) Entropy . . . . . : 6.2 SHA-256 . . . . . : B0C27597D63FF3A0B5E1E2CAF76210452DE386770E2D07A03D6317E3EB15E22A > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\Users\Public\Documents\Install\WinAmp\WinAmp 3.0 Full.exe Size . . . . . . . : 36.992 bytes Age . . . . . . . : 1234.6 days (2010-03-15 00:52:57) Entropy . . . . . : 6.3 SHA-256 . . . . . : 058F8454FE3B29448CF0C1C51FCD39B0BC3E3F5F5C07777AEE6195A4096F1B54 > G Data . . . . . . : Gen:Trojan.Heur.GM.0020818020 (Engine-A) > Ikarus . . . . . . : Gen.Trojan!IK Fuzzy . . . . . . : 110.0 |
Themen zu Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei |
100 euro, ahnung, anhang, bundespolizei, computer, dateien, euro, forum, funktioniert, funktioniert nicht, gelöst, gesperrt, laptop, meldung, neu, nichts, pup.optional.babylon.a, quarantäne, rechner, spyware.password, starten, system, win, win7 |