| |
| |||||||
Log-Analyse und Auswertung: Trojaner durch emailWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
22.05.2012, 09:29
| #1 |
 |  Trojaner durch email Hallo ihr, ich bin neu hier und habe das erste mal einen Trojaner auf meinen PC. Habe soweit meinen PC wieder am laufen,nachdem ich eine Systemwiederherstellung gemacht habe,dabei hat er alle Windowsupdates gelöscht auch mein SP3 (Windows7). Und er hat meine ganzen privaten Dateien wie mp3 oder jpeg oder gifs oder meinen Schreibkram in andere komische Sachen umbenannt (Hier mal ein Beispiel.....daswar vorher ein normales jpeg bild, jetzt heißt es TlelpseDXalXsaDX,steht nur noch da Datei ohne Endung,wie zb, .jpeg,.mp3......es ist nix mehr da. Beim öffnen der Datei steht dann da öffnen mit,diese Dateien lassen sich nicht mit den entsprechenden Programmen öffnen. Kann mir jemand helfen.?! Ich habe gestern eine Email bekommen,wo drin stand das meine Waren-Bestellung an DHL übergeben wurde und im Anhang sei die Rechnung,....natürlich so dumm wie ich bin habe ich diese datei geöffnet und 5 min säter ging nix mehr Danke schon mal LG NANCY  Meine Log Datei |
|
22.05.2012, 20:01
| #2 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner durch emailZitat:
Zitat:
 Wenn nicht, dann musst du die o.g. Hinweise lesen und dich in Geduld üben, denn zu manchen neuen Verschlüsselungs-Schädlingen gibt es einfach noch kein Gegenmittel bzgl der Entschlüsselung Zitat:
__________________ |
|
22.05.2012, 20:33
| #3 |
| | Trojaner durch email Herzlichen Dank cosinus für deine rasche Antwort.
__________________Habe gestern die Datei Malwarebytes herunter geladen und den Scan gemacht habe danach auch alles was gefunden wurde entfernt. Wenn ich das richtig verstanden habe muss ich mich noch ein wenig gedulden um meine Dateien wieder herstellen zu können.   noch mal dafürLG NANCY |
|
22.05.2012, 20:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner durch email Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.05.2012, 22:21
| #5 |
| | Trojaner durch email Hallo, habe das so ausgeführt und die LogDatei angehängt, ich hoffe es ist nicht gar so schlimm,wie ich das hier so im Forum lese |
|
23.05.2012, 09:28
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner durch email Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> Trojaner durch email |
|
23.05.2012, 09:37
| #7 |
| | Trojaner durch email Guten morgen erst mal,also der normale Modus funktioniert eigentlich wie immer und im Startmenü sind auch alle Programme bzw. Ordner belegt,kein leeres dabei. LG NANCY |
|
23.05.2012, 10:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner durch email Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2012, 11:12
| #9 |
| | Trojaner durch email Habe das Programm runter geladen und nach Anweisung durchgeführt. Hier das ResultatOTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2012 11:47:59 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Nancy Dietrich\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,14 Mb Total Physical Memory | 566,64 Mb Available Physical Memory | 55,87% Memory free 1,99 Gb Paging File | 1,27 Gb Available in Paging File | 63,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 80,00 Gb Total Space | 29,78 Gb Free Space | 37,22% Space Free | Partition Type: NTFS Drive D: | 58,99 Gb Total Space | 2,12 Gb Free Space | 3,60% Space Free | Partition Type: NTFS Computer Name: NANCYDIETRICH | User Name: Nancy Dietrich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.23 11:45:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nancy Dietrich\Downloads\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.09.22 13:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.20 11:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.22 13:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.10.17 18:45:58 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.10.05 10:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.09.02 19:27:40 | 000,107,008 | ---- | M] (BandRich Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\br3gmdm.sys -- (br3gmdm) DRV - [2009.07.27 09:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009.07.20 11:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.06 04:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009.07.01 06:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2008.11.11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/solidyoutube/{B0A374CF-B887-4EDA-A4D8-EE46F019E9F8} IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\..\SearchScopes\{1A3725CF-16C8-4636-87A5-9F01EF82484A}: "URL" = hxxp://www.questbrowse.com/?prt=QUESTBROWSE157&keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes\{1A3725CF-16C8-4636-87A5-9F01EF82484A}: "URL" = hxxp://www.questbrowse.com/?prt=QUESTBROWSE157&keywords={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com/ [binary data] IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=wbst IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 55 BE 77 EB 44 CB 01 [binary data] IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\URLSearchHook: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} - No CLSID value found IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=de_DE IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=wbst&q={searchTerms} IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\SearchScopes\{D95E517D-6ECD-42CD-BB5C-A06B00CDAB7F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.funmoods.com/?f=1&a=wbst" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.20 11:20:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.21 21:24:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2010.08.20 11:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Extensions [2012.05.22 21:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions [2012.05.21 21:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} [2012.05.21 21:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.05.21 21:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.05.21 21:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2012.05.21 21:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f} [2010.12.27 10:31:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\engine@conduit.com [2010.12.31 16:53:41 | 000,000,873 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\EqAoyjELEqLjqnA [2010.12.24 11:18:54 | 000,002,256 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\jqLoEqnEoLAoyy [2012.04.22 16:49:46 | 000,001,798 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\JvJvJvJvJvJvJvJvJvvvJ [2011.12.18 17:55:33 | 000,003,915 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\VsxsGsfdVGtsVGUtVx [2012.05.22 09:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.21 21:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.05.21 21:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found O4 - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Nancy Dietrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DieKuhIstWeg.lnk = File not found O4 - Startup: C:\Users\Nancy Dietrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nancy Dietrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4942AF8D-7FCB-4B67-97C8-7891CF63A08E}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.XVID - C:\windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.22 21:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.22 21:41:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Nancy Dietrich\Desktop\esetsmartinstaller_enu.exe [2012.05.22 09:44:20 | 000,000,000 | ---D | C] -- C:\Users\Nancy Dietrich\Documents\DCIM [2012.05.22 09:20:15 | 000,000,000 | ---D | C] -- C:\Users\Nancy Dietrich\AppData\Roaming\Malwarebytes [2012.05.22 09:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.22 09:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.22 09:20:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012.05.22 09:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.22 09:19:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.21 22:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.05.21 22:18:43 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2012.05.21 22:13:53 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders [2012.05.21 21:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.05.21 21:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.05.21 21:22:11 | 000,000,000 | ---D | C] -- C:\Users\Nancy Dietrich\AppData\Local\{E1B8C566-6B09-4EC3-80C3-5AE20644121A} [2012.05.21 21:21:49 | 000,000,000 | ---D | C] -- C:\Users\Nancy Dietrich\AppData\Local\{15FDF95C-DA5E-4175-ADE3-842D2837DA00} [2012.05.15 14:26:55 | 000,000,000 | ---D | C] -- C:\Users\Nancy Dietrich\AppData\Roaming\elsterformular [2012.05.15 14:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2012.05.15 14:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2012.05.15 14:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular ========== Files - Modified Within 30 Days ========== [2012.05.23 11:13:26 | 000,013,900 | ---- | M] () -- C:\Users\Nancy Dietrich\Documents\easyct.ini [2012.05.23 07:13:20 | 000,020,288 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 07:13:20 | 000,020,288 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 07:10:43 | 000,658,766 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.05.23 07:10:43 | 000,619,952 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.05.23 07:10:43 | 000,132,336 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.05.23 07:10:43 | 000,108,134 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.05.23 07:06:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.05.23 07:06:01 | 797,552,640 | -HS- | M] () -- C:\hiberfil.sys [2012.05.22 21:41:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Nancy Dietrich\Desktop\esetsmartinstaller_enu.exe [2012.05.22 09:24:13 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif [2012.05.22 09:20:08 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 08:08:21 | 000,334,664 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.05.15 14:26:07 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk ========== Files Created - No Company Name ========== [2012.05.22 09:45:20 | 003,563,553 | ---- | C] () -- C:\Users\Nancy Dietrich\Documents\polonaise.mp3 [2012.05.22 09:45:20 | 002,743,935 | ---- | C] () -- C:\Users\Nancy Dietrich\Documents\zicke zacke.mp3 [2012.05.22 09:44:20 | 003,745,365 | ---- | C] () -- C:\Users\Nancy Dietrich\Documents\laurenzia.mp3 [2012.05.22 09:44:20 | 003,731,154 | ---- | C] () -- C:\Users\Nancy Dietrich\Documents\megamix.mp3 [2012.05.22 09:20:08 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.21 23:16:03 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif [2012.05.15 14:26:07 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2011.12.18 17:59:02 | 000,032,256 | ---- | C] () -- C:\windows\System32\AVSredirect.dll [2011.01.02 17:28:40 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE [2010.12.31 16:09:22 | 000,815,104 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2010.12.31 16:09:22 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2010.12.24 13:27:11 | 000,003,584 | ---- | C] () -- C:\Users\Nancy Dietrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.12 10:15:00 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI [2010.10.18 18:33:06 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll [2010.10.18 10:11:36 | 000,000,000 | ---- | C] () -- C:\Users\Nancy Dietrich\AppData\Roaming\LjnEALELAqLono [2010.08.20 18:26:52 | 000,000,132 | ---- | C] () -- C:\Users\Nancy Dietrich\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2010.02.01 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\E-Cam [2010.02.01 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\E-Cam [2011.12.19 19:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\AnvSoft [2012.05.21 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\avidemux [2012.05.21 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus [2011.02.09 15:14:43 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\BitZipper [2010.10.17 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Boilsoft [2012.05.21 21:02:55 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.01 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\E-Cam [2011.11.30 14:38:00 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Eendsoft [2012.05.15 14:27:09 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\elsterformular [2012.05.21 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\FreeFLVConverter [2011.03.16 14:50:51 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\gtk-2.0 [2010.10.18 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Leawo [2011.01.09 15:14:51 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\LG Electronics [2012.05.21 21:03:08 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\SmartDVDCreator [2012.05.21 21:03:08 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\SoundSpectrum [2010.08.20 18:28:05 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Template [2011.03.16 14:19:38 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Windows Live Writer [2012.03.16 09:28:49 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.20 11:13:33 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Adobe [2011.12.19 19:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\AnvSoft [2012.05.21 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\avidemux [2010.12.25 16:28:52 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\AVS4YOU [2012.05.21 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus [2011.02.09 15:14:43 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\BitZipper [2010.10.17 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Boilsoft [2011.08.06 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\DVD Flick [2011.12.17 22:22:03 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\dvdcss [2012.05.21 21:02:55 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.01 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\E-Cam [2011.11.30 14:38:00 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Eendsoft [2012.05.15 14:27:09 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\elsterformular [2012.05.21 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\FreeFLVConverter [2011.03.16 14:50:51 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\gtk-2.0 [2009.07.14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Identities [2011.02.08 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\InstallShield [2010.10.18 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Leawo [2011.01.09 15:14:51 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\LG Electronics [2010.02.01 15:46:09 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Macromedia [2012.05.22 09:20:15 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Malwarebytes [2012.05.21 23:07:13 | 000,000,000 | --SD | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Microsoft [2010.08.20 11:21:10 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla [2010.10.18 10:17:50 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Nero [2010.10.18 17:46:28 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\NeroDigital(TM) [2012.05.21 21:03:08 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\SmartDVDCreator [2012.05.21 21:03:08 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\SoundSpectrum [2010.08.20 18:28:05 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Template [2012.05.21 21:41:03 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\vlc [2011.03.16 14:19:38 | 000,000,000 | ---D | M] -- C:\Users\Nancy Dietrich\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > [2011.02.07 09:01:56 | 000,469,304 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\azburn_v\bin\cdrecord.exe [2010.10.17 19:03:38 | 000,123,856 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\azburn_v\bin\dvdauthor.exe [2011.02.07 09:01:56 | 000,451,544 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\azburn_v\bin\dvdauthor070.exe [2011.02.07 09:01:56 | 000,449,720 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\azburn_v\bin\mkisofs.exe [2011.02.07 09:01:56 | 000,349,632 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\azburn_v\bin\mpeg2enc.exe [2011.02.07 09:01:56 | 000,194,496 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\azburn_v\bin\mplex.exe [2011.02.07 09:01:56 | 000,173,504 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\azburn_v\bin\p2y.exe [2010.10.17 19:03:38 | 000,095,696 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\azburn_v\bin\spumux.exe [2011.02.07 09:01:56 | 000,368,304 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\azburn_v\bin\spumux070.exe [2011.02.07 09:01:56 | 000,051,648 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\azburn_v\bin\vzspath.exe [2010.08.18 18:34:02 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2011.02.07 09:02:37 | 007,288,256 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe [2011.02.07 09:02:37 | 004,146,688 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe [2011.11.13 16:05:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Nancy Dietrich\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.11.29 14:12:16 | 000,026,006 | R--- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Microsoft\Installer\{4CAF1B06-DD5A-4DE1-A41A-0111C2F4226C}\_16495a28.exe [2011.11.29 14:12:16 | 000,026,006 | R--- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Microsoft\Installer\{4CAF1B06-DD5A-4DE1-A41A-0111C2F4226C}\_766e5caa.exe [2011.11.29 13:56:38 | 000,000,766 | R--- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Microsoft\Installer\{85B68662-5392-412B-94E4-2C614E73A309}\_3b843323.exe < %SYSTEMDRIVE%\*.exe > [2005.10.13 14:49:52 | 001,433,600 | ---- | M] (www.he-privat.de) -- C:\HE_Laserscan.exe < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.10.17 18:45:58 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2012.03.09 01:02:31 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\dxtmsft.dll [2012.03.09 01:02:31 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\dxtrans.dll [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\LocationApi.dll < > < End of report > |
|
23.05.2012, 19:54
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner durch email Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/solidyoutube/{B0A374CF-B887-4EDA-A4D8-EE46F019E9F8}
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\.DEFAULT\..\SearchScopes\{1A3725CF-16C8-4636-87A5-9F01EF82484A}: "URL" = http://www.questbrowse.com/?prt=QUESTBROWSE157&keywords={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{1A3725CF-16C8-4636-87A5-9F01EF82484A}: "URL" = http://www.questbrowse.com/?prt=QUESTBROWSE157&keywords={searchTerms}
IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=wbst
IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\URLSearchHook: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} - No CLSID value found
IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=de_DE
IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://start.funmoods.com/results.php?f=4&a=wbst&q={searchTerms}
IE - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=wbst"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
[2010.12.27 10:31:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\engine@conduit.com
[2010.12.31 16:53:41 | 000,000,873 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\EqAoyjELEqLjqnA
[2010.12.24 11:18:54 | 000,002,256 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\jqLoEqnEoLAoyy
[2012.04.22 16:49:46 | 000,001,798 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\JvJvJvJvJvJvJvJvJvvvJ
[2011.12.18 17:55:33 | 000,003,915 | ---- | M] () -- C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\VsxsGsfdVGtsVGUtVx
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2010.10.18 10:11:36 | 000,000,000 | ---- | C] () -- C:\Users\Nancy Dietrich\AppData\Roaming\LjnEALELAqLono
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2012, 20:17
| #11 |
| | Trojaner durch email Echt erstmal großes Lob für deine Hilfe und die Zeit die dadurch in anspruch genommen wird auf jeden einzeln hier einzugehen,DANKE dafür. Jetzt zu der Sache All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{1A3725CF-16C8-4636-87A5-9F01EF82484A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A3725CF-16C8-4636-87A5-9F01EF82484A}\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{1A3725CF-16C8-4636-87A5-9F01EF82484A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A3725CF-16C8-4636-87A5-9F01EF82484A}\ not found. HKU\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1300949366-1523165212-3671452292-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. Registry value HKEY_USERS\S-1-5-21-1300949366-1523165212-3671452292-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7f7b7dc-7dec-4e84-9a87-ece02e8a160a}\ not found. HKEY_USERS\S-1-5-21-1300949366-1523165212-3671452292-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1300949366-1523165212-3671452292-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_USERS\S-1-5-21-1300949366-1523165212-3671452292-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found. Registry key HKEY_USERS\S-1-5-21-1300949366-1523165212-3671452292-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Yahoo" removed from browser.search.defaultenginename Prefs.js: "Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "hxxp://start.funmoods.com/?f=1&a=wbst" removed from browser.startup.homepage Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 removed from extensions.enabledItems Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=" removed from keyword.URL C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\engine@conduit.com\searchplugin folder moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\engine@conduit.com\META-INF folder moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\engine@conduit.com\lib folder moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\engine@conduit.com\DualPackage folder moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\engine@conduit.com\defaults folder moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\engine@conduit.com\components folder moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\engine@conduit.com\chrome folder moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\mozilla\Firefox\Profiles\m8z0c9fr.default\extensions\engine@conduit.com folder moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\EqAoyjELEqLjqnA moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\jqLoEqnEoLAoyy moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\JvJvJvJvJvJvJvJvJvvvJ moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\searchplugins\VsxsGsfdVGtsVGUtVx moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Programme\ConduitEngine\ConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-1300949366-1523165212-3671452292-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_USERS\S-1-5-21-1300949366-1523165212-3671452292-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Programme\ConduitEngine\ConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_USERS\S-1-5-21-1300949366-1523165212-3671452292-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. C:\Users\Nancy Dietrich\AppData\Roaming\LjnEALELAqLono moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 121064 bytes ->Temporary Internet Files folder emptied: 66340 bytes ->Flash cache emptied: 56789 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Nancy Dietrich ->Temp folder emptied: 421219508 bytes ->Temporary Internet Files folder emptied: 23374181 bytes ->Java cache emptied: 9490324 bytes ->FireFox cache emptied: 152627218 bytes ->Google Chrome cache emptied: 32319559 bytes ->Flash cache emptied: 202055 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 198574201 bytes RecycleBin emptied: 10802067 bytes Total Files Cleaned = 810,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Nancy Dietrich ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.43.1 log created on 05232012_210953 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
23.05.2012, 21:06
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner durch email Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2012, 21:20
| #13 |
| | Trojaner durch email 22:14:16.0078 3328 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30 22:14:16.0298 3328 ============================================================ 22:14:16.0298 3328 Current date / time: 2012/05/23 22:14:16.0298 22:14:16.0298 3328 SystemInfo: 22:14:16.0298 3328 22:14:16.0299 3328 OS Version: 6.1.7601 ServicePack: 1.0 22:14:16.0299 3328 Product type: Workstation 22:14:16.0299 3328 ComputerName: NANCYDIETRICH 22:14:16.0299 3328 UserName: Nancy Dietrich 22:14:16.0299 3328 Windows directory: C:\windows 22:14:16.0299 3328 System windows directory: C:\windows 22:14:16.0299 3328 Processor architecture: Intel x86 22:14:16.0299 3328 Number of processors: 2 22:14:16.0299 3328 Page size: 0x1000 22:14:16.0299 3328 Boot type: Normal boot 22:14:16.0299 3328 ============================================================ 22:14:17.0551 3328 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:14:17.0555 3328 ============================================================ 22:14:17.0555 3328 \Device\Harddisk0\DR0: 22:14:17.0555 3328 MBR partitions: 22:14:17.0555 3328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000000 22:14:17.0555 3328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA000800, BlocksNum 0x75FC800 22:14:17.0555 3328 ============================================================ 22:14:17.0606 3328 C: <-> \Device\Harddisk0\DR0\Partition0 22:14:17.0645 3328 D: <-> \Device\Harddisk0\DR0\Partition1 22:14:17.0689 3328 ============================================================ 22:14:17.0689 3328 Initialize success 22:14:17.0689 3328 ============================================================ 22:16:32.0906 0212 ============================================================ 22:16:32.0906 0212 Scan started 22:16:32.0906 0212 Mode: Manual; SigCheck; TDLFS; 22:16:32.0906 0212 ============================================================ 22:16:33.0218 0212 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys 22:16:33.0342 0212 1394ohci - ok 22:16:33.0405 0212 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys 22:16:33.0436 0212 ACPI - ok 22:16:33.0467 0212 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys 22:16:33.0530 0212 AcpiPmi - ok 22:16:33.0592 0212 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 22:16:33.0639 0212 adp94xx - ok 22:16:33.0654 0212 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 22:16:33.0686 0212 adpahci - ok 22:16:33.0748 0212 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 22:16:33.0779 0212 adpu320 - ok 22:16:33.0810 0212 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll 22:16:33.0873 0212 AeLookupSvc - ok 22:16:33.0951 0212 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys 22:16:34.0029 0212 AFD - ok 22:16:34.0076 0212 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys 22:16:34.0091 0212 agp440 - ok 22:16:34.0122 0212 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 22:16:34.0138 0212 aic78xx - ok 22:16:34.0200 0212 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe 22:16:34.0247 0212 ALG - ok 22:16:34.0278 0212 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys 22:16:34.0294 0212 aliide - ok 22:16:34.0325 0212 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys 22:16:34.0341 0212 amdagp - ok 22:16:34.0372 0212 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys 22:16:34.0388 0212 amdide - ok 22:16:34.0434 0212 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 22:16:34.0481 0212 AmdK8 - ok 22:16:34.0512 0212 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 22:16:34.0544 0212 AmdPPM - ok 22:16:34.0575 0212 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys 22:16:34.0590 0212 amdsata - ok 22:16:34.0622 0212 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 22:16:34.0653 0212 amdsbs - ok 22:16:34.0684 0212 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys 22:16:34.0700 0212 amdxata - ok 22:16:34.0762 0212 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys 22:16:34.0934 0212 AppID - ok 22:16:34.0965 0212 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll 22:16:35.0012 0212 AppIDSvc - ok 22:16:35.0058 0212 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll 22:16:35.0105 0212 Appinfo - ok 22:16:35.0152 0212 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 22:16:35.0168 0212 arc - ok 22:16:35.0183 0212 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 22:16:35.0199 0212 arcsas - ok 22:16:35.0230 0212 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys 22:16:35.0261 0212 AsUpIO - ok 22:16:35.0292 0212 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 22:16:35.0386 0212 AsyncMac - ok 22:16:35.0433 0212 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys 22:16:35.0448 0212 atapi - ok 22:16:35.0526 0212 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys 22:16:35.0604 0212 athr - ok 22:16:35.0667 0212 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 22:16:35.0729 0212 AudioEndpointBuilder - ok 22:16:35.0745 0212 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 22:16:35.0776 0212 Audiosrv - ok 22:16:35.0823 0212 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll 22:16:35.0916 0212 AxInstSV - ok 22:16:35.0994 0212 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 22:16:36.0057 0212 b06bdrv - ok 22:16:36.0088 0212 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 22:16:36.0119 0212 b57nd60x - ok 22:16:36.0166 0212 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll 22:16:36.0213 0212 BDESVC - ok 22:16:36.0228 0212 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 22:16:36.0275 0212 Beep - ok 22:16:36.0338 0212 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll 22:16:36.0416 0212 BFE - ok 22:16:36.0462 0212 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll 22:16:36.0525 0212 BITS - ok 22:16:36.0556 0212 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 22:16:36.0603 0212 blbdrive - ok 22:16:36.0665 0212 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys 22:16:36.0712 0212 bowser - ok 22:16:36.0743 0212 br3gmdm (e3b1deba009c700bac9b49195ab60944) C:\windows\system32\DRIVERS\br3gmdm.sys 22:16:36.0774 0212 br3gmdm ( UnsignedFile.Multi.Generic ) - warning 22:16:36.0774 0212 br3gmdm - detected UnsignedFile.Multi.Generic (1) 22:16:36.0806 0212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 22:16:36.0852 0212 BrFiltLo - ok 22:16:36.0868 0212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 22:16:36.0899 0212 BrFiltUp - ok 22:16:36.0962 0212 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll 22:16:37.0008 0212 Browser - ok 22:16:37.0040 0212 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 22:16:37.0102 0212 Brserid - ok 22:16:37.0133 0212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 22:16:37.0149 0212 BrSerWdm - ok 22:16:37.0164 0212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 22:16:37.0211 0212 BrUsbMdm - ok 22:16:37.0227 0212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 22:16:37.0258 0212 BrUsbSer - ok 22:16:37.0320 0212 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys 22:16:37.0367 0212 BthEnum - ok 22:16:37.0383 0212 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 22:16:37.0414 0212 BTHMODEM - ok 22:16:37.0445 0212 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys 22:16:37.0476 0212 BthPan - ok 22:16:37.0523 0212 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys 22:16:37.0586 0212 BTHPORT - ok 22:16:37.0617 0212 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll 22:16:37.0648 0212 bthserv - ok 22:16:37.0679 0212 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys 22:16:37.0710 0212 BTHUSB - ok 22:16:37.0742 0212 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys 22:16:37.0757 0212 btusbflt - ok 22:16:37.0757 0212 btwaudio - ok 22:16:37.0773 0212 btwavdt - ok 22:16:37.0788 0212 btwl2cap - ok 22:16:37.0788 0212 btwrchid - ok 22:16:37.0820 0212 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 22:16:37.0866 0212 cdfs - ok 22:16:37.0929 0212 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys 22:16:37.0976 0212 cdrom - ok 22:16:38.0022 0212 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 22:16:38.0085 0212 CertPropSvc - ok 22:16:38.0116 0212 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 22:16:38.0147 0212 circlass - ok 22:16:38.0178 0212 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 22:16:38.0210 0212 CLFS - ok 22:16:38.0272 0212 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:16:38.0288 0212 clr_optimization_v2.0.50727_32 - ok 22:16:38.0381 0212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:16:38.0412 0212 clr_optimization_v4.0.30319_32 - ok 22:16:38.0428 0212 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 22:16:38.0444 0212 CmBatt - ok 22:16:38.0475 0212 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys 22:16:38.0490 0212 cmdide - ok 22:16:38.0537 0212 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys 22:16:38.0600 0212 CNG - ok 22:16:38.0631 0212 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 22:16:38.0646 0212 Compbatt - ok 22:16:38.0678 0212 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys 22:16:38.0709 0212 CompositeBus - ok 22:16:38.0740 0212 COMSysApp - ok 22:16:38.0756 0212 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 22:16:38.0771 0212 crcdisk - ok 22:16:38.0818 0212 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll 22:16:38.0880 0212 CryptSvc - ok 22:16:38.0927 0212 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 22:16:38.0974 0212 DcomLaunch - ok 22:16:39.0021 0212 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll 22:16:39.0068 0212 defragsvc - ok 22:16:39.0114 0212 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys 22:16:39.0161 0212 DfsC - ok 22:16:39.0224 0212 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll 22:16:39.0286 0212 Dhcp - ok 22:16:39.0317 0212 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 22:16:39.0364 0212 discache - ok 22:16:39.0395 0212 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 22:16:39.0411 0212 Disk - ok 22:16:39.0442 0212 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll 22:16:39.0504 0212 Dnscache - ok 22:16:39.0536 0212 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll 22:16:39.0598 0212 dot3svc - ok 22:16:39.0645 0212 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll 22:16:39.0692 0212 DPS - ok 22:16:39.0723 0212 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 22:16:39.0770 0212 drmkaud - ok 22:16:39.0816 0212 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys 22:16:39.0863 0212 DXGKrnl - ok 22:16:39.0894 0212 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll 22:16:39.0941 0212 EapHost - ok 22:16:40.0082 0212 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 22:16:40.0206 0212 ebdrv - ok 22:16:40.0300 0212 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe 22:16:40.0347 0212 EFS - ok 22:16:40.0409 0212 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 22:16:40.0456 0212 elxstor - ok 22:16:40.0487 0212 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys 22:16:40.0518 0212 ErrDev - ok 22:16:40.0581 0212 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll 22:16:40.0643 0212 EventSystem - ok 22:16:40.0674 0212 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 22:16:40.0737 0212 exfat - ok 22:16:40.0752 0212 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 22:16:40.0815 0212 fastfat - ok 22:16:40.0877 0212 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe 22:16:40.0955 0212 Fax - ok 22:16:40.0971 0212 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 22:16:41.0002 0212 fdc - ok 22:16:41.0033 0212 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll 22:16:41.0080 0212 fdPHost - ok 22:16:41.0096 0212 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll 22:16:41.0158 0212 FDResPub - ok 22:16:41.0189 0212 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 22:16:41.0205 0212 FileInfo - ok 22:16:41.0220 0212 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 22:16:41.0252 0212 Filetrace - ok 22:16:41.0252 0212 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 22:16:41.0283 0212 flpydisk - ok 22:16:41.0314 0212 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 22:16:41.0345 0212 FltMgr - ok 22:16:41.0408 0212 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll 22:16:41.0470 0212 FontCache - ok 22:16:41.0548 0212 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 22:16:41.0564 0212 FontCache3.0.0.0 - ok 22:16:41.0579 0212 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 22:16:41.0595 0212 FsDepends - ok 22:16:41.0626 0212 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys 22:16:41.0642 0212 Fs_Rec - ok 22:16:41.0704 0212 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys 22:16:41.0735 0212 fvevol - ok 22:16:41.0782 0212 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 22:16:41.0798 0212 gagp30kx - ok 22:16:41.0860 0212 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll 22:16:41.0922 0212 gpsvc - ok 22:16:41.0954 0212 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 22:16:42.0000 0212 hcw85cir - ok 22:16:42.0063 0212 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys 22:16:42.0110 0212 HdAudAddService - ok 22:16:42.0141 0212 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys 22:16:42.0188 0212 HDAudBus - ok 22:16:42.0219 0212 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 22:16:42.0250 0212 HidBatt - ok 22:16:42.0266 0212 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 22:16:42.0312 0212 HidBth - ok 22:16:42.0328 0212 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 22:16:42.0359 0212 HidIr - ok 22:16:42.0390 0212 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll 22:16:42.0437 0212 hidserv - ok 22:16:42.0484 0212 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\drivers\hidusb.sys 22:16:42.0515 0212 HidUsb - ok 22:16:42.0562 0212 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll 22:16:42.0609 0212 hkmsvc - ok 22:16:42.0640 0212 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll 22:16:42.0702 0212 HomeGroupListener - ok 22:16:42.0749 0212 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll 22:16:42.0796 0212 HomeGroupProvider - ok 22:16:42.0843 0212 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys 22:16:42.0858 0212 HpSAMD - ok 22:16:42.0921 0212 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys 22:16:42.0983 0212 HTTP - ok 22:16:42.0999 0212 hwdatacard - ok 22:16:43.0046 0212 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys 22:16:43.0061 0212 hwpolicy - ok 22:16:43.0077 0212 hwusbdev - ok 22:16:43.0124 0212 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys 22:16:43.0170 0212 i8042prt - ok 22:16:43.0280 0212 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 22:16:43.0311 0212 IAANTMON - ok 22:16:43.0358 0212 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys 22:16:43.0389 0212 iaStor - ok 22:16:43.0436 0212 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys 22:16:43.0467 0212 iaStorV - ok 22:16:43.0592 0212 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:16:43.0623 0212 idsvc - ok 22:16:43.0826 0212 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys 22:16:43.0997 0212 igfx - ok 22:16:44.0138 0212 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 22:16:44.0153 0212 iirsp - ok 22:16:44.0231 0212 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll 22:16:44.0294 0212 IKEEXT - ok 22:16:44.0434 0212 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys 22:16:44.0528 0212 IntcAzAudAddService - ok 22:16:44.0637 0212 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys 22:16:44.0652 0212 intelide - ok 22:16:44.0699 0212 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 22:16:44.0730 0212 intelppm - ok 22:16:44.0762 0212 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll 22:16:44.0808 0212 IPBusEnum - ok 22:16:44.0824 0212 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 22:16:44.0871 0212 IpFilterDriver - ok 22:16:44.0933 0212 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll 22:16:45.0011 0212 iphlpsvc - ok 22:16:45.0042 0212 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys 22:16:45.0074 0212 IPMIDRV - ok 22:16:45.0105 0212 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 22:16:45.0152 0212 IPNAT - ok 22:16:45.0183 0212 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 22:16:45.0230 0212 IRENUM - ok 22:16:45.0261 0212 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys 22:16:45.0276 0212 isapnp - ok 22:16:45.0308 0212 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys 22:16:45.0339 0212 iScsiPrt - ok 22:16:45.0370 0212 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys 22:16:45.0386 0212 kbdclass - ok 22:16:45.0432 0212 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys 22:16:45.0464 0212 kbdhid - ok 22:16:45.0510 0212 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys 22:16:45.0510 0212 kbfiltr - ok 22:16:45.0557 0212 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 22:16:45.0573 0212 KeyIso - ok 22:16:45.0588 0212 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys 22:16:45.0604 0212 KSecDD - ok 22:16:45.0620 0212 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys 22:16:45.0651 0212 KSecPkg - ok 22:16:45.0682 0212 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll 22:16:45.0744 0212 KtmRm - ok 22:16:45.0776 0212 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys 22:16:45.0822 0212 L1C - ok 22:16:45.0869 0212 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll 22:16:45.0932 0212 LanmanServer - ok 22:16:45.0963 0212 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll 22:16:46.0010 0212 LanmanWorkstation - ok 22:16:46.0056 0212 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 22:16:46.0103 0212 lltdio - ok 22:16:46.0150 0212 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll 22:16:46.0197 0212 lltdsvc - ok 22:16:46.0197 0212 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll 22:16:46.0244 0212 lmhosts - ok 22:16:46.0275 0212 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 22:16:46.0306 0212 LSI_FC - ok 22:16:46.0322 0212 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 22:16:46.0353 0212 LSI_SAS - ok 22:16:46.0368 0212 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 22:16:46.0384 0212 LSI_SAS2 - ok 22:16:46.0400 0212 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 22:16:46.0415 0212 LSI_SCSI - ok 22:16:46.0446 0212 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 22:16:46.0478 0212 luafv - ok 22:16:46.0524 0212 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys 22:16:46.0540 0212 MBAMProtector - ok 22:16:46.0649 0212 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 22:16:46.0696 0212 MBAMService - ok 22:16:46.0727 0212 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 22:16:46.0758 0212 megasas - ok 22:16:46.0790 0212 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 22:16:46.0836 0212 MegaSR - ok 22:16:46.0852 0212 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 22:16:46.0930 0212 MMCSS - ok 22:16:46.0992 0212 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 22:16:47.0055 0212 Modem - ok 22:16:47.0070 0212 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 22:16:47.0117 0212 monitor - ok 22:16:47.0180 0212 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys 22:16:47.0195 0212 mouclass - ok 22:16:47.0242 0212 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 22:16:47.0273 0212 mouhid - ok 22:16:47.0304 0212 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys 22:16:47.0320 0212 mountmgr - ok 22:16:47.0336 0212 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys 22:16:47.0367 0212 mpio - ok 22:16:47.0382 0212 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 22:16:47.0429 0212 mpsdrv - ok 22:16:47.0476 0212 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll 22:16:47.0538 0212 MpsSvc - ok 22:16:47.0570 0212 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys 22:16:47.0601 0212 MRxDAV - ok 22:16:47.0663 0212 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys 22:16:47.0710 0212 mrxsmb - ok 22:16:47.0757 0212 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys 22:16:47.0804 0212 mrxsmb10 - ok 22:16:47.0819 0212 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys 22:16:47.0866 0212 mrxsmb20 - ok 22:16:47.0897 0212 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys 22:16:47.0913 0212 msahci - ok 22:16:47.0960 0212 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys 22:16:47.0991 0212 msdsm - ok 22:16:48.0006 0212 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe 22:16:48.0069 0212 MSDTC - ok 22:16:48.0100 0212 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 22:16:48.0131 0212 Msfs - ok 22:16:48.0147 0212 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 22:16:48.0178 0212 mshidkmdf - ok 22:16:48.0194 0212 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys 22:16:48.0209 0212 msisadrv - ok 22:16:48.0256 0212 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll 22:16:48.0303 0212 MSiSCSI - ok 22:16:48.0303 0212 msiserver - ok 22:16:48.0350 0212 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 22:16:48.0396 0212 MSKSSRV - ok 22:16:48.0428 0212 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 22:16:48.0474 0212 MSPCLOCK - ok 22:16:48.0490 0212 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 22:16:48.0537 0212 MSPQM - ok 22:16:48.0584 0212 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 22:16:48.0599 0212 MsRPC - ok 22:16:48.0646 0212 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys 22:16:48.0662 0212 mssmbios - ok 22:16:48.0693 0212 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 22:16:48.0724 0212 MSTEE - ok 22:16:48.0724 0212 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 22:16:48.0755 0212 MTConfig - ok 22:16:48.0786 0212 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 22:16:48.0802 0212 Mup - ok 22:16:48.0849 0212 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll 22:16:48.0911 0212 napagent - ok 22:16:48.0974 0212 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 22:16:49.0005 0212 NativeWifiP - ok 22:16:49.0067 0212 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys 22:16:49.0114 0212 NDIS - ok 22:16:49.0145 0212 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 22:16:49.0192 0212 NdisCap - ok 22:16:49.0223 0212 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 22:16:49.0254 0212 NdisTapi - ok 22:16:49.0317 0212 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys 22:16:49.0364 0212 Ndisuio - ok 22:16:49.0410 0212 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys 22:16:49.0457 0212 NdisWan - ok 22:16:49.0504 0212 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys 22:16:49.0535 0212 NDProxy - ok 22:16:49.0551 0212 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll 22:16:49.0551 0212 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 22:16:49.0551 0212 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 22:16:49.0598 0212 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 22:16:49.0644 0212 NetBIOS - ok 22:16:49.0676 0212 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys 22:16:49.0738 0212 NetBT - ok 22:16:49.0754 0212 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 22:16:49.0785 0212 Netlogon - ok 22:16:49.0832 0212 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll 22:16:49.0894 0212 Netman - ok 22:16:49.0941 0212 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll 22:16:49.0988 0212 netprofm - ok 22:16:50.0081 0212 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:16:50.0112 0212 NetTcpPortSharing - ok 22:16:50.0144 0212 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 22:16:50.0159 0212 nfrd960 - ok 22:16:50.0206 0212 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll 22:16:50.0268 0212 NlaSvc - ok 22:16:50.0284 0212 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 22:16:50.0331 0212 Npfs - ok 22:16:50.0362 0212 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll 22:16:50.0393 0212 nsi - ok 22:16:50.0409 0212 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 22:16:50.0456 0212 nsiproxy - ok 22:16:50.0534 0212 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys 22:16:50.0580 0212 Ntfs - ok 22:16:50.0612 0212 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 22:16:50.0658 0212 Null - ok 22:16:50.0705 0212 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys 22:16:50.0721 0212 nvraid - ok 22:16:50.0752 0212 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys 22:16:50.0768 0212 nvstor - ok 22:16:50.0814 0212 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys 22:16:50.0830 0212 nv_agp - ok 22:16:50.0955 0212 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:16:50.0986 0212 odserv - ok 22:16:51.0002 0212 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys 22:16:51.0048 0212 ohci1394 - ok 22:16:51.0095 0212 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:16:51.0111 0212 ose - ok 22:16:51.0142 0212 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 22:16:51.0189 0212 p2pimsvc - ok 22:16:51.0236 0212 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll 22:16:51.0282 0212 p2psvc - ok 22:16:51.0314 0212 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 22:16:51.0345 0212 Parport - ok 22:16:51.0376 0212 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys 22:16:51.0392 0212 partmgr - ok 22:16:51.0407 0212 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 22:16:51.0438 0212 Parvdm - ok 22:16:51.0470 0212 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll 22:16:51.0501 0212 PcaSvc - ok 22:16:51.0548 0212 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys 22:16:51.0579 0212 pci - ok 22:16:51.0594 0212 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys 22:16:51.0610 0212 pciide - ok 22:16:51.0641 0212 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 22:16:51.0672 0212 pcmcia - ok 22:16:51.0688 0212 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 22:16:51.0704 0212 pcw - ok 22:16:51.0766 0212 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 22:16:51.0828 0212 PEAUTH - ok 22:16:51.0938 0212 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll 22:16:52.0031 0212 pla - ok 22:16:52.0140 0212 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll 22:16:52.0203 0212 PlugPlay - ok 22:16:52.0234 0212 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll 22:16:52.0234 0212 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 22:16:52.0234 0212 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 22:16:52.0265 0212 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll 22:16:52.0312 0212 PNRPAutoReg - ok 22:16:52.0343 0212 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 22:16:52.0359 0212 PNRPsvc - ok 22:16:52.0406 0212 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll 22:16:52.0468 0212 PolicyAgent - ok 22:16:52.0499 0212 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll 22:16:52.0546 0212 Power - ok 22:16:52.0593 0212 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 22:16:52.0624 0212 PptpMiniport - ok 22:16:52.0640 0212 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 22:16:52.0671 0212 Processor - ok 22:16:52.0718 0212 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll 22:16:52.0764 0212 ProfSvc - ok 22:16:52.0796 0212 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 22:16:52.0811 0212 ProtectedStorage - ok 22:16:52.0858 0212 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 22:16:52.0905 0212 Psched - ok 22:16:52.0983 0212 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 22:16:53.0045 0212 ql2300 - ok 22:16:53.0154 0212 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 22:16:53.0186 0212 ql40xx - ok 22:16:53.0217 0212 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll 22:16:53.0264 0212 QWAVE - ok 22:16:53.0295 0212 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 22:16:53.0310 0212 QWAVEdrv - ok 22:16:53.0326 0212 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 22:16:53.0373 0212 RasAcd - ok 22:16:53.0404 0212 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 22:16:53.0435 0212 RasAgileVpn - ok 22:16:53.0466 0212 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll 22:16:53.0513 0212 RasAuto - ok 22:16:53.0544 0212 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 22:16:53.0591 0212 Rasl2tp - ok 22:16:53.0654 0212 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll 22:16:53.0716 0212 RasMan - ok 22:16:53.0747 0212 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 22:16:53.0794 0212 RasPppoe - ok 22:16:53.0825 0212 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 22:16:53.0872 0212 RasSstp - ok 22:16:53.0919 0212 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys 22:16:53.0966 0212 rdbss - ok 22:16:54.0012 0212 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 22:16:54.0044 0212 rdpbus - ok 22:16:54.0090 0212 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys 22:16:54.0137 0212 RDPCDD - ok 22:16:54.0168 0212 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 22:16:54.0200 0212 RDPENCDD - ok 22:16:54.0231 0212 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 22:16:54.0278 0212 RDPREFMP - ok 22:16:54.0309 0212 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys 22:16:54.0371 0212 RDPWD - ok 22:16:54.0418 0212 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys 22:16:54.0449 0212 rdyboost - ok 22:16:54.0480 0212 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll 22:16:54.0527 0212 RemoteAccess - ok 22:16:54.0558 0212 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll 22:16:54.0605 0212 RemoteRegistry - ok 22:16:54.0652 0212 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys 22:16:54.0683 0212 RFCOMM - ok 22:16:54.0714 0212 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll 22:16:54.0746 0212 RpcEptMapper - ok 22:16:54.0777 0212 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe 22:16:54.0808 0212 RpcLocator - ok 22:16:54.0839 0212 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 22:16:54.0886 0212 RpcSs - ok 22:16:54.0917 0212 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 22:16:54.0964 0212 rspndr - ok 22:16:54.0995 0212 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 22:16:55.0011 0212 SamSs - ok 22:16:55.0058 0212 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys 22:16:55.0073 0212 sbp2port - ok 22:16:55.0104 0212 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll 22:16:55.0151 0212 SCardSvr - ok 22:16:55.0198 0212 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys 22:16:55.0245 0212 scfilter - ok 22:16:55.0292 0212 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll 22:16:55.0370 0212 Schedule - ok 22:16:55.0416 0212 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 22:16:55.0448 0212 SCPolicySvc - ok 22:16:55.0494 0212 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll 22:16:55.0557 0212 SDRSVC - ok 22:16:55.0682 0212 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 22:16:55.0713 0212 SeaPort - ok 22:16:55.0760 0212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 22:16:55.0806 0212 secdrv - ok 22:16:55.0838 0212 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll 22:16:55.0900 0212 seclogon - ok 22:16:55.0931 0212 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll 22:16:55.0978 0212 SENS - ok 22:16:56.0025 0212 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 22:16:56.0056 0212 Serenum - ok 22:16:56.0087 0212 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 22:16:56.0134 0212 Serial - ok 22:16:56.0165 0212 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 22:16:56.0212 0212 sermouse - ok 22:16:56.0259 0212 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll 22:16:56.0306 0212 SessionEnv - ok 22:16:56.0321 0212 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys 22:16:56.0337 0212 sffdisk - ok 22:16:56.0352 0212 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys 22:16:56.0384 0212 sffp_mmc - ok 22:16:56.0399 0212 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys 22:16:56.0415 0212 sffp_sd - ok 22:16:56.0430 0212 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 22:16:56.0462 0212 sfloppy - ok 22:16:56.0493 0212 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll 22:16:56.0555 0212 SharedAccess - ok 22:16:56.0602 0212 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll 22:16:56.0649 0212 ShellHWDetection - ok 22:16:56.0680 0212 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys 22:16:56.0696 0212 sisagp - ok 22:16:56.0742 0212 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 22:16:56.0758 0212 SiSRaid2 - ok 22:16:56.0774 0212 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 22:16:56.0789 0212 SiSRaid4 - ok 22:16:56.0820 0212 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 22:16:56.0852 0212 Smb - ok 22:16:56.0914 0212 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\windows\system32\drivers\smwdm.sys 22:16:56.0945 0212 smwdm - ok 22:16:56.0992 0212 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe 22:16:57.0008 0212 SNMPTRAP - ok 22:16:57.0039 0212 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 22:16:57.0054 0212 spldr - ok 22:16:57.0117 0212 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe 22:16:57.0179 0212 Spooler - ok 22:16:57.0320 0212 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe 22:16:57.0429 0212 sppsvc - ok 22:16:57.0522 0212 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll 22:16:57.0569 0212 sppuinotify - ok 22:16:57.0663 0212 sptd (a199171385be17973fd800fa91f8f78a) C:\windows\system32\Drivers\sptd.sys 22:16:57.0663 0212 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a 22:16:57.0663 0212 sptd ( LockedFile.Multi.Generic ) - warning 22:16:57.0663 0212 sptd - detected LockedFile.Multi.Generic (1) 22:16:57.0725 0212 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys 22:16:57.0756 0212 srv - ok 22:16:57.0788 0212 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys 22:16:57.0834 0212 srv2 - ok 22:16:57.0866 0212 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys 22:16:57.0912 0212 srvnet - ok 22:16:57.0959 0212 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll 22:16:58.0006 0212 SSDPSRV - ok 22:16:58.0022 0212 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll 22:16:58.0068 0212 SstpSvc - ok 22:16:58.0100 0212 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 22:16:58.0115 0212 stexstor - ok 22:16:58.0178 0212 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll 22:16:58.0224 0212 StiSvc - ok 22:16:58.0271 0212 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys 22:16:58.0287 0212 swenum - ok 22:16:58.0334 0212 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll 22:16:58.0380 0212 swprv - ok 22:16:58.0427 0212 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys 22:16:58.0458 0212 SynTP - ok 22:16:58.0536 0212 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll 22:16:58.0583 0212 SysMain - ok 22:16:58.0630 0212 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll 22:16:58.0661 0212 TabletInputService - ok 22:16:58.0708 0212 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll 22:16:58.0739 0212 TapiSrv - ok 22:16:58.0786 0212 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll 22:16:58.0833 0212 TBS - ok 22:16:58.0958 0212 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys 22:16:59.0020 0212 Tcpip - ok 22:16:59.0051 0212 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys 22:16:59.0082 0212 TCPIP6 - ok 22:16:59.0129 0212 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys 22:16:59.0176 0212 tcpipreg - ok 22:16:59.0207 0212 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys 22:16:59.0238 0212 TDPIPE - ok 22:16:59.0270 0212 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys 22:16:59.0285 0212 TDTCP - ok 22:16:59.0332 0212 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys 22:16:59.0379 0212 tdx - ok 22:16:59.0410 0212 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys 22:16:59.0426 0212 TermDD - ok 22:16:59.0488 0212 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll 22:16:59.0535 0212 TermService - ok 22:16:59.0566 0212 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll 22:16:59.0613 0212 Themes - ok 22:16:59.0644 0212 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 22:16:59.0691 0212 THREADORDER - ok 22:16:59.0722 0212 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll 22:16:59.0769 0212 TrkWks - ok 22:16:59.0831 0212 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe 22:16:59.0894 0212 TrustedInstaller - ok 22:16:59.0925 0212 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys 22:16:59.0956 0212 tssecsrv - ok 22:17:00.0018 0212 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys 22:17:00.0050 0212 TsUsbFlt - ok 22:17:00.0096 0212 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys 22:17:00.0143 0212 tunnel - ok 22:17:00.0190 0212 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 22:17:00.0206 0212 uagp35 - ok 22:17:00.0252 0212 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys 22:17:00.0315 0212 udfs - ok 22:17:00.0346 0212 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe 22:17:00.0377 0212 UI0Detect - ok 22:17:00.0424 0212 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys 22:17:00.0440 0212 uliagpkx - ok 22:17:00.0502 0212 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys 22:17:00.0533 0212 umbus - ok 22:17:00.0564 0212 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 22:17:00.0596 0212 UmPass - ok 22:17:00.0642 0212 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll 22:17:00.0689 0212 upnphost - ok 22:17:00.0736 0212 usbbus (9419faac6552a51542dbba02971c841c) C:\windows\system32\DRIVERS\lgusbbus.sys 22:17:00.0752 0212 usbbus - ok 22:17:00.0798 0212 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys 22:17:00.0845 0212 usbccgp - ok 22:17:00.0876 0212 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys 22:17:00.0908 0212 usbcir - ok 22:17:00.0939 0212 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\windows\system32\DRIVERS\lgusbdiag.sys 22:17:00.0954 0212 UsbDiag - ok 22:17:00.0970 0212 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys 22:17:00.0986 0212 usbehci - ok 22:17:01.0017 0212 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys 22:17:01.0079 0212 usbhub - ok 22:17:01.0110 0212 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\windows\system32\DRIVERS\lgusbmodem.sys 22:17:01.0157 0212 USBModem - ok 22:17:01.0173 0212 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys 22:17:01.0204 0212 usbohci - ok 22:17:01.0235 0212 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 22:17:01.0251 0212 usbprint - ok 22:17:01.0298 0212 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys 22:17:01.0344 0212 usbscan - ok 22:17:01.0376 0212 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS 22:17:01.0422 0212 USBSTOR - ok 22:17:01.0438 0212 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys 22:17:01.0454 0212 usbuhci - ok 22:17:01.0485 0212 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys 22:17:01.0532 0212 usbvideo - ok 22:17:01.0563 0212 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll 22:17:01.0594 0212 UxSms - ok 22:17:01.0625 0212 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 22:17:01.0656 0212 VaultSvc - ok 22:17:01.0703 0212 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys 22:17:01.0719 0212 vdrvroot - ok 22:17:01.0781 0212 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe 22:17:01.0828 0212 vds - ok 22:17:01.0859 0212 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 22:17:01.0875 0212 vga - ok 22:17:01.0906 0212 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 22:17:01.0937 0212 VgaSave - ok 22:17:01.0984 0212 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys 22:17:02.0000 0212 vhdmp - ok 22:17:02.0046 0212 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys 22:17:02.0062 0212 viaagp - ok 22:17:02.0093 0212 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 22:17:02.0140 0212 ViaC7 - ok 22:17:02.0171 0212 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys 22:17:02.0187 0212 viaide - ok 22:17:02.0202 0212 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys 22:17:02.0218 0212 volmgr - ok 22:17:02.0249 0212 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 22:17:02.0280 0212 volmgrx - ok 22:17:02.0312 0212 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys 22:17:02.0343 0212 volsnap - ok 22:17:02.0358 0212 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 22:17:02.0390 0212 vsmraid - ok 22:17:02.0468 0212 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe 22:17:02.0546 0212 VSS - ok 22:17:02.0577 0212 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 22:17:02.0608 0212 vwifibus - ok 22:17:02.0639 0212 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 22:17:02.0670 0212 vwififlt - ok 22:17:02.0702 0212 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll 22:17:02.0748 0212 W32Time - ok 22:17:02.0780 0212 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 22:17:02.0811 0212 WacomPen - ok 22:17:02.0873 0212 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 22:17:02.0920 0212 WANARP - ok 22:17:02.0920 0212 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 22:17:02.0951 0212 Wanarpv6 - ok 22:17:03.0029 0212 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe 22:17:03.0123 0212 wbengine - ok 22:17:03.0154 0212 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll 22:17:03.0201 0212 WbioSrvc - ok 22:17:03.0248 0212 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll 22:17:03.0294 0212 wcncsvc - ok 22:17:03.0326 0212 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll 22:17:03.0372 0212 WcsPlugInService - ok 22:17:03.0419 0212 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 22:17:03.0435 0212 Wd - ok 22:17:03.0466 0212 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 22:17:03.0497 0212 Wdf01000 - ok 22:17:03.0528 0212 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 22:17:03.0606 0212 WdiServiceHost - ok 22:17:03.0606 0212 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 22:17:03.0638 0212 WdiSystemHost - ok 22:17:03.0684 0212 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll 22:17:03.0731 0212 WebClient - ok 22:17:03.0778 0212 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll 22:17:03.0825 0212 Wecsvc - ok 22:17:03.0840 0212 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll 22:17:03.0887 0212 wercplsupport - ok 22:17:03.0918 0212 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll 22:17:03.0965 0212 WerSvc - ok 22:17:03.0981 0212 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 22:17:04.0012 0212 WfpLwf - ok 22:17:04.0028 0212 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 22:17:04.0043 0212 WIMMount - ok 22:17:04.0168 0212 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 22:17:04.0215 0212 WinDefend - ok 22:17:04.0230 0212 WinHttpAutoProxySvc - ok 22:17:04.0293 0212 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll 22:17:04.0324 0212 Winmgmt - ok 22:17:04.0402 0212 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll 22:17:04.0480 0212 WinRM - ok 22:17:04.0589 0212 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys 22:17:04.0621 0212 WinUsb - ok 22:17:04.0683 0212 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll 22:17:04.0745 0212 Wlansvc - ok 22:17:04.0933 0212 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:17:04.0995 0212 wlidsvc - ok 22:17:05.0120 0212 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys 22:17:05.0135 0212 WmiAcpi - ok 22:17:05.0198 0212 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe 22:17:05.0245 0212 wmiApSrv - ok 22:17:05.0354 0212 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 22:17:05.0432 0212 WMPNetworkSvc - ok 22:17:05.0463 0212 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll 22:17:05.0510 0212 WPCSvc - ok 22:17:05.0557 0212 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll 22:17:05.0572 0212 WPDBusEnum - ok 22:17:05.0635 0212 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 22:17:05.0681 0212 ws2ifsl - ok 22:17:05.0713 0212 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll 22:17:05.0759 0212 wscsvc - ok 22:17:05.0759 0212 WSearch - ok 22:17:05.0869 0212 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll 22:17:05.0947 0212 wuauserv - ok 22:17:06.0087 0212 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys 22:17:06.0118 0212 WudfPf - ok 22:17:06.0181 0212 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys 22:17:06.0212 0212 WUDFRd - ok 22:17:06.0259 0212 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll 22:17:06.0290 0212 wudfsvc - ok 22:17:06.0337 0212 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll 22:17:06.0383 0212 WwanSvc - ok 22:17:06.0415 0212 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 22:17:06.0961 0212 \Device\Harddisk0\DR0 - ok 22:17:07.0007 0212 Boot (0x1200) (8789429009fbbbbdb767831db9329e5b) \Device\Harddisk0\DR0\Partition0 22:17:07.0007 0212 \Device\Harddisk0\DR0\Partition0 - ok 22:17:07.0023 0212 Boot (0x1200) (71f63619e22545d266983ea748b45140) \Device\Harddisk0\DR0\Partition1 22:17:07.0023 0212 \Device\Harddisk0\DR0\Partition1 - ok 22:17:07.0023 0212 ============================================================ 22:17:07.0023 0212 Scan finished 22:17:07.0023 0212 ============================================================ 22:17:07.0039 3528 Detected object count: 4 22:17:07.0039 3528 Actual detected object count: 4 22:17:30.0439 3528 br3gmdm ( UnsignedFile.Multi.Generic ) - skipped by user 22:17:30.0439 3528 br3gmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:17:30.0439 3528 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 22:17:30.0439 3528 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:17:30.0439 3528 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 22:17:30.0439 3528 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:17:30.0439 3528 sptd ( LockedFile.Multi.Generic ) - skipped by user 22:17:30.0439 3528 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 22:18:44.0597 1640 Deinitialize success |
|
23.05.2012, 21:34
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner durch email Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2012, 22:11
| #15 |
| | Trojaner durch email Combofix Logfile: Code:
ATTFilter ComboFix 12-05-23.05 - Nancy Dietrich 23.05.2012 22:58:16.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.481 [GMT 2:00]
ausgeführt von:: c:\users\Nancy Dietrich\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\service
c:\windows\system32\service\02022011_TIS17_SfFniAU.log
c:\windows\system32\service\09112010_TIS17_SfFniAU.log
c:\windows\system32\service\17032011_TIS17_SfFniAU.log
c:\windows\system32\service\18052011_TIS17_SfFniAU.log
c:\windows\system32\service\18082010_TIS17_SfFniAU.log
c:\windows\system32\service\26102010_TIS17_SfFniAU.log
c:\windows\system32\service\27052011_TIS17_SfFniAU.log
c:\windows\system32\service\29102010_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-23 bis 2012-05-23 ))))))))))))))))))))))))))))))
.
.
2012-05-23 21:06 . 2012-05-23 21:06 -------- d-----w- c:\users\Nancy Dietrich\AppData\Local\temp
2012-05-23 21:06 . 2012-05-23 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 19:09 . 2012-05-23 19:09 -------- d-----w- C:\_OTL
2012-05-23 08:41 . 2012-05-23 21:04 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BC2FCA0-F985-4ADA-9F97-ECDC11B95EE4}\offreg.dll
2012-05-23 05:10 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BC2FCA0-F985-4ADA-9F97-ECDC11B95EE4}\mpengine.dll
2012-05-22 19:41 . 2012-05-22 19:41 -------- d-----w- c:\program files\ESET
2012-05-22 07:20 . 2012-05-22 07:20 -------- d-----w- c:\users\Nancy Dietrich\AppData\Roaming\Malwarebytes
2012-05-22 07:20 . 2012-05-22 07:20 -------- d-----w- c:\programdata\Malwarebytes
2012-05-22 07:20 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 07:20 . 2012-05-22 07:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-21 21:11 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-21 21:11 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-21 20:18 . 2012-05-21 20:18 -------- d-----w- c:\windows\system32\SPReview
2012-05-21 20:13 . 2012-05-21 20:13 -------- d-----w- c:\windows\system32\EventProviders
2012-05-21 19:24 . 2012-05-21 19:24 -------- d-----w- c:\program files\Common Files\Java
2012-05-21 19:24 . 2012-05-21 19:24 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-21 19:24 . 2012-05-21 19:24 -------- d-----w- c:\program files\Java
2012-05-15 12:26 . 2012-05-15 12:27 -------- d-----w- c:\users\Nancy Dietrich\AppData\Roaming\elsterformular
2012-05-15 12:26 . 2012-05-15 12:26 -------- d-----w- c:\programdata\elsterformular
2012-05-15 12:25 . 2012-05-15 12:25 -------- d-----w- c:\program files\ElsterFormular
2012-05-10 06:11 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 06:11 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 06:11 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 06:11 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 06:11 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 06:11 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 06:11 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 20:29 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-21 19:24 . 2010-08-30 11:49 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-08 23:02 . 2012-03-08 23:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 23:02 . 2012-03-08 23:02 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-08 23:02 . 2012-03-08 23:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 23:02 . 2012-03-08 23:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 23:02 . 2012-03-08 23:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-08 23:02 . 2012-03-08 23:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-08 23:02 . 2012-03-08 23:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-08 23:02 . 2012-03-08 23:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 23:02 . 2012-03-08 23:02 367104 ----a-w- c:\windows\system32\html.iec
2012-03-08 23:02 . 2012-03-08 23:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-08 23:02 . 2012-03-08 23:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-08 23:02 . 2012-03-08 23:02 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-08 23:02 . 2012-03-08 23:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-08 23:02 . 2012-03-08 23:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-08 23:02 . 2012-03-08 23:02 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-08 23:02 . 2012-03-08 23:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-08 23:02 . 2012-03-08 23:02 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-01 05:46 . 2012-04-12 21:27 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 21:27 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 21:27 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 21:27 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-12 21:32 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 21:32 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 21:32 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 21:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Nancy Dietrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DieKuhIstWeg.lnk - c:\program files\DieKuhIstWeg\DieKuhIstWeg.exe [N/A]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 br3gmdm;BandLuxe 3.5G USB Adapter - MODEM;c:\windows\system32\DRIVERS\br3gmdm.sys [2009-09-02 107008]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-17 436792]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 04560860
*Deregistered* - 04560860
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
IE: Free YouTube to MP3 Converter - c:\users\Nancy Dietrich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nancy Dietrich\AppData\Roaming\Mozilla\Firefox\Profiles\m8z0c9fr.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.funmoods.autoRvrt, false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=wbst
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=wbst
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=wbst&q=
FF - user.js: extensions.funmoods.id - b46aeaac0000000000000013727e5808
FF - user.js: extensions.funmoods.instlDay - 15452
FF - user.js: extensions.funmoods.vrsn - 1.5.19.3
FF - user.js: extensions.funmoods.vrsni - 1.5.19.3
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.19.316:50
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - wbst
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7F7B7DC-7DEC-4E84-9A87-ECE02E8A160A} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-ASUSPRP - c:\program files\ASUS\APRP\APRP.EXE
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1300949366-1523165212-3671452292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1300949366-1523165212-3671452292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-23 23:09:59
ComboFix-quarantined-files.txt 2012-05-23 21:09
.
Vor Suchlauf: 9 Verzeichnis(se), 31.475.724.288 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 31.381.811.200 Bytes frei
.
- - End Of File - - 89BB0E380ECADC900D05FC17936F696A
|
|
| Themen zu Trojaner durch email |
| andere, anhang, bild, dateien, email, erste mal, gelöscht, gestern, komische, laufen, min, mp3, neu, private, programme, programmen, rechnung, sache, sachen, sp3, systemwiederherstellung, systemwiederherstellung gemacht, troja, trojaner, windowsupdates, übergeben, öffnen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
