| |
| |||||||
Log-Analyse und Auswertung: TrojWare.Win32.Buzus.carj@283207124Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.12.2012, 18:57
| #1 |
 |  TrojWare.Win32.Buzus.carj@283207124 Hallo! Ich habe vor kurzem die Comodo Freeware installiert, und sie hat den genannten Trojaner an drei Stellen entdeckt und in Quarantäne gesteckt: C:\Windows\Temp\restart.exe C:\Windows\Temp\Hinfo.exe C:\Windows\Temp\status.exe Ich habe den / die Trojaner in Comodo-Quarantäne gelassen, dort steckt er immer noch, und mit der aktualisierten Malwarebytes-Freeware das komplette System durchsucht, ohne Befund. Was muss ich jetzt weiter tun? Freue mich über fachkundige Hinweise und Anleitungen. Danke schon mal im Voraus! |
|
27.12.2012, 19:04
| #2 |
| /// Malware-holic   | TrojWare.Win32.Buzus.carj@283207124 Hi
__________________öffne Malwarebytes, Logdateien, poste, falls vorhanden, alle Berichte mit Funden. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
27.12.2012, 19:42
| #3 |
| | TrojWare.Win32.Buzus.carj@283207124 Hallo markusg,
__________________danke für die schnelle Antwort! Hier ist schon mal die logfile von malwarebytes. Die weiteren Punkte in Deiner Antwort arbeite ich heute oder morgen ab. LG Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.12.27.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 sssssssssssssss :: sssssssssssssss-PC [Administrator] Schutz: Aktiviert 27.12.2012 17:02:35 mbam-log-2012-12-27 (17-02-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 352492 Laufzeit: 47 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
27.12.2012, 21:02
| #4 |
| /// Malware-holic | TrojWare.Win32.Buzus.carj@283207124 Hi ich hatte nach Logs mit Funden gefragt, gibts da welche?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.12.2012, 21:48
| #5 |
| | TrojWare.Win32.Buzus.carj@283207124 Hallo, nein, gibt keine. Wie gesagt, ich hab zuerst mit Comodo gescannt. Das Programm OTL hat nur eine textdatei erstellt, kann das sein? Ich wunder mich selbst, denn gestern, mit anderen Sucheinstellungen, hatte ich auch die Extras-Datei. Hier ist das jetzige Resultat.OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.12.2012 20:23:47 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\wwwwwwwwwwwww\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,73 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 77,44% Memory free 15,46 Gb Paging File | 13,65 Gb Available in Paging File | 88,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,75 Gb Total Space | 821,17 Gb Free Space | 89,09% Space Free | Partition Type: NTFS Drive K: | 111,75 Gb Total Space | 97,06 Gb Free Space | 86,86% Space Free | Partition Type: FAT32 Computer Name: wwwwwwwwwwwww-PC | User Name: wwwwwwwwwwwww | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\wwwwwwwwwwwww\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\wwwwwwwwwwwww\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol Virtual CD + DVD\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe () SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol Virtual CD + DVD\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.) DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 1A 00 DD F0 40 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.innehalten.org/" FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.21 12:09:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.02 19:02:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.21 12:09:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.02 19:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\mozilla\Extensions [2012.11.23 18:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\mozilla\Firefox\Profiles\ndcaucj4.default\extensions [2012.11.23 18:25:07 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\mozilla\firefox\profiles\ndcaucj4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.21 12:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.21 12:09:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.21 12:09:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.21 12:09:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.12.21 12:09:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.13 21:34:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 23:33:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.13 21:34:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.13 21:34:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.13 21:34:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.13 21:34:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [MAGIXautostart] D:\install\program\setup.exe File not found O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol Virtual CD + DVD\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [SJelite3Launch] C:\Users\wwwwwwwwwwwww\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe () O4 - HKCU..\RunOnce: [Carry it Easy cleanup] C:\Users\wwwwwwwwwwwww\AppData\Local\Temp\SJelite3\appStop.exe File not found O4 - Startup: C:\Users\wwwwwwwwwwwww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\wwwwwwwwwwwww\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\wwwwwwwwwwwww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files (x86)\palmOne\HOTSYNC.EXE (Palm, Inc.) O4 - Startup: C:\Users\wwwwwwwwwwwww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.21 12:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.21 11:46:03 | 000,000,000 | -H-D | C] -- C:\VritualRoot [2012.12.21 09:34:44 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Malwarebytes [2012.12.21 09:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.21 09:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.21 09:34:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.21 09:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.20 20:33:54 | 000,050,952 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll [2012.12.20 20:33:54 | 000,042,760 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll [2012.12.18 23:35:19 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Spyware Terminator [2012.12.18 23:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2012.12.18 23:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2012.12.18 23:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2012.12.15 23:11:45 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\PCToolsFirewallPlus [2012.12.15 23:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.12.15 23:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012.12.15 23:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Firewall Plus [2012.12.15 22:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA [2012.12.15 21:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2012.12.15 21:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2012.12.15 21:23:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO [2012.12.15 21:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2012.12.15 21:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2012.12.15 21:19:31 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\Comodo [2012.12.15 21:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo [2012.12.15 21:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo [2012.12.14 10:48:40 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\Desktop\Ulrike [2012.12.06 23:45:13 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{09CAEE7A-ACD7-404D-9F3E-83B4FAF958CE} [2012.12.06 12:01:05 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{17439180-46FA-4140-9079-4B324B98606B} [2012.12.06 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{DA572D8A-213B-4A48-91A4-E5B16F4E1680} [2012.12.04 14:26:47 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{27CB550E-A161-44B6-BCDB-10C7D5443D1E} [2012.12.01 15:41:30 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\Desktop\Texte zu SE [2012.11.29 17:17:39 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{A4557B58-59DD-41A1-88EE-C46F8E2C497A} [2012.11.29 17:14:52 | 000,000,000 | ---D | C] -- C:\Users\wwwwwwwwwwwww\AppData\Local\{1FB9E5EC-A05D-496B-800E-F3B0B4587A9A} ========== Files - Modified Within 30 Days ========== [2012.12.27 20:25:17 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012.12.27 20:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.27 19:58:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.27 17:58:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.27 17:00:49 | 000,004,252 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Neues RTF-Dokument (3).rtf [2012.12.27 16:23:32 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 16:23:32 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 16:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.27 16:15:18 | 1932,091,391 | -HS- | M] () -- C:\hiberfil.sys [2012.12.24 22:49:54 | 000,036,890 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Unbenannt2.GIF [2012.12.24 22:48:50 | 000,036,826 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Unbenannt.GIF [2012.12.24 19:27:22 | 000,036,939 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\annonce1.JPG [2012.12.23 22:12:54 | 000,050,952 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll [2012.12.23 22:12:54 | 000,042,760 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll [2012.12.23 11:12:09 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.23 11:12:09 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.23 11:12:09 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.23 11:12:09 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.23 11:12:09 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.21 21:22:12 | 000,004,924 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Antispyware.rtf [2012.12.21 19:18:25 | 000,001,141 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Documents\Ulrike12-2012.axp [2012.12.21 03:17:45 | 000,300,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.19 23:18:33 | 000,608,469 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\9254CS-20 Somatic Experiencing wwwwwwwwwwwww.pdf [2012.12.19 15:06:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.12.19 13:24:09 | 000,020,327 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Kinesiologie-Tests Katja [2012.12.16 21:42:02 | 000,003,773 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Documents\Konzert 2012.axp [2012.12.16 17:31:59 | 000,021,251 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Die vier Eemu.odt [2012.12.15 21:02:02 | 000,249,851 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Adelheid.png [2012.12.13 17:47:30 | 000,199,174 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Gladiole.png [2012.12.04 11:13:07 | 000,001,113 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Neues RTF-Dokument (2).rtf [2012.11.29 06:05:52 | 000,029,756 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Desktop\Notizen 12.odt ========== Files Created - No Company Name ========== [2012.12.24 22:49:54 | 000,036,890 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Unbenannt2.GIF [2012.12.24 22:42:22 | 000,036,826 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Unbenannt.GIF [2012.12.24 19:27:21 | 000,036,939 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\annonce1.JPG [2012.12.21 21:15:20 | 000,004,924 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Antispyware.rtf [2012.12.21 19:18:25 | 000,001,141 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Documents\Ulrike12-2012.axp [2012.12.20 20:35:24 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat [2012.12.19 23:18:23 | 000,608,469 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\9254CS-20 Somatic Experiencing wwwwwwwwwwwww.pdf [2012.12.19 22:36:50 | 000,004,252 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Neues RTF-Dokument (3).rtf [2012.12.19 13:24:09 | 000,020,327 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Kinesiologie-Tests Katja [2012.12.15 21:02:01 | 000,249,851 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Adelheid.png [2012.12.13 17:47:28 | 000,199,174 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Gladiole.png [2012.12.12 00:21:34 | 000,003,773 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Documents\Konzert 2012.axp [2012.12.04 11:12:48 | 000,001,113 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Neues RTF-Dokument (2).rtf [2012.11.29 22:23:52 | 000,029,756 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\Desktop\Notizen 12.odt [2012.07.24 21:44:28 | 000,000,000 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\.gtk-bookmarks [2012.06.04 12:23:52 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT [2012.06.03 12:41:43 | 000,000,228 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.06.03 12:41:43 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.06.03 12:40:12 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.06.03 12:40:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.06.03 08:58:48 | 000,000,191 | ---- | C] () -- C:\Windows\magix.ini [2012.06.03 01:17:23 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2012.06.03 01:16:22 | 000,000,747 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012.06.03 00:36:23 | 000,033,134 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\UserTile.png [2012.06.02 18:29:36 | 000,017,408 | ---- | C] () -- C:\Users\wwwwwwwwwwwww\AppData\Local\WebpageIcons.db [2012.05.29 11:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.17 09:45:20 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.02 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\A Note [2012.10.19 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Audacity [2012.06.03 00:23:11 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Canneverbe Limited [2012.06.04 12:35:26 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Canon [2012.06.16 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\capella-software [2012.12.27 16:17:33 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Dropbox [2012.09.24 22:45:30 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\enchant [2012.12.25 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\FileZilla [2012.12.22 23:12:30 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\FreeDoko [2012.06.02 23:27:57 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\InfraRecorder [2012.06.03 08:46:18 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\KompoZer [2012.07.08 13:16:21 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\MusE [2012.06.02 23:13:10 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\OpenOffice.org [2012.12.15 23:11:57 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\PCToolsFirewallPlus [2012.12.18 23:35:19 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Spyware Terminator [2012.06.02 19:02:07 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Thunderbird [2012.06.10 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Transcend [2012.07.18 10:30:32 | 000,000,000 | ---D | M] -- C:\Users\wwwwwwwwwwwww\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.06.02 10:53:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.07.25 14:55:16 | 000,000,000 | ---D | M] -- C:\BlueByte [2012.06.21 09:12:18 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.06.02 10:53:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.06.03 09:54:47 | 000,000,000 | ---D | M] -- C:\MAGIX [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.19 15:01:38 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.21 19:27:27 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.21 09:34:20 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.06.02 10:53:40 | 000,000,000 | -HSD | M] -- C:\Programme [2012.06.02 11:07:04 | 000,000,000 | ---D | M] -- C:\Spiele [2012.12.27 20:25:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.06.02 10:53:43 | 000,000,000 | R--D | M] -- C:\Users [2012.12.21 11:46:03 | 000,000,000 | -H-D | M] -- C:\VritualRoot [2012.12.20 20:44:57 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.04 19:12:01 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.08.31 21:56:29 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.08.31 21:56:29 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.08.19 16:39:14 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.08.19 16:39:14 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.08.19 16:39:14 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.08.19 16:39:14 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.08.19 16:39:14 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.08.19 16:39:14 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.08.19 16:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.08.19 16:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.08.19 16:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.08.19 16:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.08.19 16:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.08.19 16:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.08.19 16:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.08.19 16:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2012.07.24 21:48:14 | 000,000,000 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\.gtk-bookmarks [2012.12.27 20:25:11 | 003,932,160 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat [2012.12.27 20:25:11 | 000,262,144 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat.LOG1 [2012.06.02 10:53:43 | 000,000,000 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat.LOG2 [2012.06.02 12:28:46 | 000,065,536 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.06.02 12:28:46 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.06.02 12:28:46 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.15 22:22:23 | 000,065,536 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{857d8cc6-46f7-11e2-be9f-c86000568664}.TM.blf [2012.12.15 22:22:23 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{857d8cc6-46f7-11e2-be9f-c86000568664}.TMContainer00000000000000000001.regtrans-ms [2012.12.15 22:22:23 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{857d8cc6-46f7-11e2-be9f-c86000568664}.TMContainer00000000000000000002.regtrans-ms [2012.12.19 15:17:49 | 000,065,536 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{eb12972f-49dd-11e2-a920-c86000568664}.TM.blf [2012.12.19 15:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{eb12972f-49dd-11e2-a920-c86000568664}.TMContainer00000000000000000001.regtrans-ms [2012.12.19 15:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.dat{eb12972f-49dd-11e2-a920-c86000568664}.TMContainer00000000000000000002.regtrans-ms [2012.06.02 10:53:44 | 000,000,020 | -HS- | M] () -- C:\Users\wwwwwwwwwwwww\ntuser.ini [2012.06.04 12:35:26 | 000,000,000 | ---- | M] () -- C:\Users\wwwwwwwwwwwww\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C31F31E6 < End of report > |
|
28.12.2012, 17:23
| #6 |
| /// Malware-holic | TrojWare.Win32.Buzus.carj@283207124 Extras wird nur beim ersten Durchlauf erstellt. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> TrojWare.Win32.Buzus.carj@283207124 |
|
28.12.2012, 19:30
| #7 |
| | TrojWare.Win32.Buzus.carj@283207124 Scan results: Suspicious: PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) Suspicious: sptd ( LockedFile.Multi.Generic ) Suspicious: StarWindServiceAE ( UnsignedFile.Multi.Generic ) |
|
03.01.2013, 17:10
| #8 |
| /// Malware-holic | TrojWare.Win32.Buzus.carj@283207124 Hi öffne bitte c: tdss-killer-Datum.txt und poste deren Inhalt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.01.2013, 18:44
| #9 |
| | TrojWare.Win32.Buzus.carj@283207124 18:49:48.0710 0948 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 18:49:49.0098 0948 ============================================================ 18:49:49.0098 0948 Current date / time: 2012/12/28 18:49:49.0098 18:49:49.0098 0948 SystemInfo: 18:49:49.0098 0948 18:49:49.0098 0948 OS Version: 6.1.7601 ServicePack: 1.0 18:49:49.0098 0948 Product type: Workstation 18:49:49.0099 0948 ComputerName: xxxxxxxxxxxxxxxxxxxxx-PC 18:49:49.0099 0948 UserName: xxxxxxxxxxxxxxxxxxxxx 18:49:49.0099 0948 Windows directory: C:\Windows 18:49:49.0099 0948 System windows directory: C:\Windows 18:49:49.0099 0948 Running under WOW64 18:49:49.0099 0948 Processor architecture: Intel x64 18:49:49.0099 0948 Number of processors: 4 18:49:49.0099 0948 Page size: 0x1000 18:49:49.0099 0948 Boot type: Normal boot 18:49:49.0099 0948 ============================================================ 18:49:49.0652 0948 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:49:49.0657 0948 ============================================================ 18:49:49.0657 0948 \Device\Harddisk0\DR0: 18:49:49.0657 0948 MBR partitions: 18:49:49.0657 0948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x7337D800 18:49:49.0657 0948 ============================================================ 18:49:49.0683 0948 C: <-> \Device\Harddisk0\DR0\Partition1 18:49:49.0683 0948 ============================================================ 18:49:49.0683 0948 Initialize success 18:49:49.0683 0948 ============================================================ 18:51:23.0276 2524 ============================================================ 18:51:23.0276 2524 Scan started 18:51:23.0276 2524 Mode: Manual; SigCheck; TDLFS; 18:51:23.0276 2524 ============================================================ 18:51:23.0370 2524 ================ Scan system memory ======================== 18:51:23.0370 2524 System memory - ok 18:51:23.0371 2524 ================ Scan services ============================= 18:51:23.0579 2524 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:51:23.0813 2524 1394ohci - ok 18:51:23.0848 2524 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:51:23.0867 2524 ACPI - ok 18:51:23.0879 2524 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:51:23.0917 2524 AcpiPmi - ok 18:51:24.0025 2524 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:51:24.0037 2524 AdobeARMservice - ok 18:51:24.0133 2524 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:51:24.0148 2524 AdobeFlashPlayerUpdateSvc - ok 18:51:24.0176 2524 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:51:24.0196 2524 adp94xx - ok 18:51:24.0231 2524 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:51:24.0249 2524 adpahci - ok 18:51:24.0266 2524 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:51:24.0282 2524 adpu320 - ok 18:51:24.0315 2524 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:51:24.0356 2524 AeLookupSvc - ok 18:51:24.0417 2524 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:51:24.0456 2524 AFD - ok 18:51:24.0476 2524 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:51:24.0490 2524 agp440 - ok 18:51:24.0494 2524 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:51:24.0551 2524 ALG - ok 18:51:24.0587 2524 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:51:24.0600 2524 aliide - ok 18:51:24.0643 2524 [ 87E226C0E11182943D28E8BEC61618CD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 18:51:24.0692 2524 AMD External Events Utility - ok 18:51:24.0708 2524 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:51:24.0721 2524 amdide - ok 18:51:24.0738 2524 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 18:51:24.0766 2524 AmdK8 - ok 18:51:24.0895 2524 [ 446A1AAD34191665A8DF6092BD8EB5A8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 18:51:25.0063 2524 amdkmdag - ok 18:51:25.0079 2524 [ F8F8A908FDB005A65DDF7238C814EEA5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 18:51:25.0109 2524 amdkmdap - ok 18:51:25.0138 2524 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 18:51:25.0164 2524 AmdPPM - ok 18:51:25.0202 2524 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:51:25.0216 2524 amdsata - ok 18:51:25.0238 2524 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 18:51:25.0253 2524 amdsbs - ok 18:51:25.0262 2524 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:51:25.0276 2524 amdxata - ok 18:51:25.0290 2524 [ 80A508D0C7A21BC13C01D4C671541203 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys 18:51:30.0536 2524 amd_sata - ok 18:51:30.0569 2524 [ 2BE940F3A632A1A301B22B096BF221F1 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys 18:51:30.0583 2524 amd_xata - ok 18:51:30.0639 2524 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:51:30.0682 2524 AppID - ok 18:51:30.0708 2524 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:51:30.0749 2524 AppIDSvc - ok 18:51:30.0776 2524 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:51:30.0828 2524 Appinfo - ok 18:51:30.0852 2524 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 18:51:30.0866 2524 arc - ok 18:51:30.0893 2524 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:51:30.0907 2524 arcsas - ok 18:51:30.0953 2524 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:51:31.0007 2524 AsyncMac - ok 18:51:31.0025 2524 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:51:31.0038 2524 atapi - ok 18:51:31.0087 2524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:51:31.0144 2524 AudioEndpointBuilder - ok 18:51:31.0153 2524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:51:31.0190 2524 AudioSrv - ok 18:51:31.0235 2524 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:51:31.0295 2524 AxInstSV - ok 18:51:31.0337 2524 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 18:51:31.0373 2524 b06bdrv - ok 18:51:31.0390 2524 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:51:31.0427 2524 b57nd60a - ok 18:51:31.0518 2524 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe 18:51:31.0533 2524 BBSvc - ok 18:51:31.0596 2524 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe 18:51:31.0611 2524 BBUpdate - ok 18:51:31.0624 2524 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:51:31.0660 2524 BDESVC - ok 18:51:31.0679 2524 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:51:31.0711 2524 Beep - ok 18:51:31.0751 2524 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:51:31.0792 2524 BFE - ok 18:51:31.0823 2524 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 18:51:31.0885 2524 BITS - ok 18:51:31.0926 2524 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 18:51:31.0952 2524 blbdrive - ok 18:51:31.0986 2524 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:51:32.0010 2524 bowser - ok 18:51:32.0032 2524 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 18:51:32.0056 2524 BrFiltLo - ok 18:51:32.0067 2524 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 18:51:32.0082 2524 BrFiltUp - ok 18:51:32.0108 2524 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:51:32.0145 2524 Browser - ok 18:51:32.0181 2524 [ E5E9B1625A767CEB6F319C12D33EAB78 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys 18:51:32.0213 2524 BrSerIb - ok 18:51:32.0224 2524 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:51:32.0253 2524 Brserid - ok 18:51:32.0268 2524 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:51:32.0286 2524 BrSerWdm - ok 18:51:32.0304 2524 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:51:32.0336 2524 BrUsbMdm - ok 18:51:32.0354 2524 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:51:32.0384 2524 BrUsbSer - ok 18:51:32.0414 2524 [ D9F6B30AD93CBD165EC71FADF51DF25E ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys 18:51:32.0440 2524 BrUsbSIb - ok 18:51:32.0460 2524 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 18:51:32.0489 2524 BTHMODEM - ok 18:51:32.0536 2524 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:51:32.0572 2524 bthserv - ok 18:51:32.0614 2524 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:51:32.0664 2524 cdfs - ok 18:51:32.0705 2524 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:51:32.0732 2524 cdrom - ok 18:51:32.0756 2524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:51:32.0806 2524 CertPropSvc - ok 18:51:32.0821 2524 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 18:51:32.0838 2524 circlass - ok 18:51:32.0855 2524 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:51:32.0873 2524 CLFS - ok 18:51:32.0939 2524 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:51:32.0952 2524 clr_optimization_v2.0.50727_32 - ok 18:51:32.0999 2524 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:51:33.0013 2524 clr_optimization_v2.0.50727_64 - ok 18:51:33.0163 2524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:51:33.0199 2524 clr_optimization_v4.0.30319_32 - ok 18:51:33.0278 2524 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:51:33.0291 2524 clr_optimization_v4.0.30319_64 - ok 18:51:33.0323 2524 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 18:51:33.0371 2524 CmBatt - ok 18:51:33.0514 2524 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 18:51:33.0567 2524 cmdAgent - ok 18:51:33.0614 2524 [ 2D6DC31AA55BFF702519235DEF0DA68E ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys 18:51:33.0628 2524 cmderd - ok 18:51:33.0658 2524 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys 18:51:33.0680 2524 cmdGuard - ok 18:51:33.0706 2524 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys 18:51:33.0721 2524 cmdHlp - ok 18:51:33.0737 2524 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:51:33.0750 2524 cmdide - ok 18:51:33.0783 2524 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 18:51:33.0830 2524 CNG - ok 18:51:33.0858 2524 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 18:51:33.0870 2524 Compbatt - ok 18:51:33.0908 2524 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:51:33.0947 2524 CompositeBus - ok 18:51:33.0966 2524 COMSysApp - ok 18:51:34.0001 2524 cpuz130 - ok 18:51:34.0024 2524 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 18:51:34.0039 2524 crcdisk - ok 18:51:34.0089 2524 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:51:34.0129 2524 CryptSvc - ok 18:51:34.0195 2524 [ 5A639B2B630B572FFE9B72448A8A514D ] DBService C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe 18:51:34.0283 2524 DBService - ok 18:51:34.0312 2524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:51:34.0367 2524 DcomLaunch - ok 18:51:34.0411 2524 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:51:34.0449 2524 defragsvc - ok 18:51:34.0473 2524 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:51:34.0512 2524 DfsC - ok 18:51:34.0559 2524 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:51:34.0605 2524 Dhcp - ok 18:51:34.0629 2524 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:51:34.0671 2524 discache - ok 18:51:34.0728 2524 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 18:51:34.0741 2524 Disk - ok 18:51:34.0766 2524 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:51:34.0810 2524 Dnscache - ok 18:51:34.0825 2524 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:51:34.0874 2524 dot3svc - ok 18:51:34.0894 2524 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:51:34.0942 2524 DPS - ok 18:51:35.0109 2524 [ 02F0870C07872CC506C33E79883082B3 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe 18:51:35.0150 2524 DragonUpdater - ok 18:51:35.0197 2524 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:51:35.0226 2524 drmkaud - ok 18:51:35.0251 2524 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:51:35.0275 2524 DXGKrnl - ok 18:51:35.0301 2524 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:51:35.0335 2524 EapHost - ok 18:51:35.0383 2524 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 18:51:35.0446 2524 ebdrv - ok 18:51:35.0473 2524 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:51:35.0505 2524 EFS - ok 18:51:35.0564 2524 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:51:35.0613 2524 ehRecvr - ok 18:51:35.0663 2524 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:51:35.0683 2524 ehSched - ok 18:51:35.0739 2524 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 18:51:35.0760 2524 elxstor - ok 18:51:35.0787 2524 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:51:35.0811 2524 ErrDev - ok 18:51:35.0859 2524 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:51:35.0903 2524 EventSystem - ok 18:51:35.0925 2524 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:51:35.0961 2524 exfat - ok 18:51:35.0966 2524 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:51:36.0002 2524 fastfat - ok 18:51:36.0058 2524 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:51:36.0103 2524 Fax - ok 18:51:36.0115 2524 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 18:51:36.0137 2524 fdc - ok 18:51:36.0147 2524 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:51:36.0185 2524 fdPHost - ok 18:51:36.0189 2524 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:51:36.0232 2524 FDResPub - ok 18:51:36.0251 2524 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:51:36.0265 2524 FileInfo - ok 18:51:36.0268 2524 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:51:36.0323 2524 Filetrace - ok 18:51:36.0346 2524 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 18:51:36.0361 2524 flpydisk - ok 18:51:36.0382 2524 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:51:36.0400 2524 FltMgr - ok 18:51:36.0439 2524 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 18:51:36.0472 2524 FontCache - ok 18:51:36.0517 2524 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:51:36.0590 2524 FontCache3.0.0.0 - ok 18:51:36.0595 2524 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:51:36.0608 2524 FsDepends - ok 18:51:36.0636 2524 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:51:36.0648 2524 Fs_Rec - ok 18:51:36.0653 2524 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:51:36.0673 2524 fvevol - ok 18:51:36.0697 2524 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:51:36.0711 2524 gagp30kx - ok 18:51:36.0726 2524 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:51:36.0770 2524 gpsvc - ok 18:51:36.0838 2524 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:51:36.0850 2524 gupdate - ok 18:51:36.0854 2524 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:51:36.0867 2524 gupdatem - ok 18:51:36.0887 2524 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:51:36.0930 2524 hcw85cir - ok 18:51:36.0955 2524 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:51:36.0990 2524 HDAudBus - ok 18:51:37.0009 2524 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 18:51:37.0038 2524 HidBatt - ok 18:51:37.0050 2524 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 18:51:37.0069 2524 HidBth - ok 18:51:37.0095 2524 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 18:51:37.0111 2524 HidIr - ok 18:51:37.0140 2524 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:51:37.0175 2524 hidserv - ok 18:51:37.0227 2524 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 18:51:37.0242 2524 HidUsb - ok 18:51:37.0264 2524 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:51:37.0309 2524 hkmsvc - ok 18:51:37.0330 2524 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:51:37.0354 2524 HomeGroupListener - ok 18:51:37.0371 2524 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:51:37.0389 2524 HomeGroupProvider - ok 18:51:37.0442 2524 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:51:37.0456 2524 HpSAMD - ok 18:51:37.0492 2524 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:51:37.0545 2524 HTTP - ok 18:51:37.0549 2524 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:51:37.0563 2524 hwpolicy - ok 18:51:37.0585 2524 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 18:51:37.0600 2524 i8042prt - ok 18:51:37.0623 2524 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:51:37.0643 2524 iaStorV - ok 18:51:37.0671 2524 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:51:37.0697 2524 idsvc - ok 18:51:37.0709 2524 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:51:37.0722 2524 iirsp - ok 18:51:37.0746 2524 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:51:37.0796 2524 IKEEXT - ok 18:51:37.0845 2524 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\Windows\system32\DRIVERS\inspect.sys 18:51:37.0860 2524 inspect - ok 18:51:37.0931 2524 [ C03463214D23B46B991F582821C8DF69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:51:37.0975 2524 IntcAzAudAddService - ok 18:51:37.0989 2524 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:51:38.0001 2524 intelide - ok 18:51:38.0039 2524 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 18:51:38.0062 2524 intelppm - ok 18:51:38.0086 2524 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:51:38.0129 2524 IPBusEnum - ok 18:51:38.0147 2524 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:51:38.0182 2524 IpFilterDriver - ok 18:51:38.0207 2524 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:51:38.0240 2524 iphlpsvc - ok 18:51:38.0263 2524 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:51:38.0285 2524 IPMIDRV - ok 18:51:38.0311 2524 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:51:38.0356 2524 IPNAT - ok 18:51:38.0374 2524 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:51:38.0407 2524 IRENUM - ok 18:51:38.0417 2524 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:51:38.0429 2524 isapnp - ok 18:51:38.0440 2524 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:51:38.0457 2524 iScsiPrt - ok 18:51:38.0484 2524 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:51:38.0498 2524 kbdclass - ok 18:51:38.0540 2524 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 18:51:38.0568 2524 kbdhid - ok 18:51:38.0585 2524 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:51:38.0600 2524 KeyIso - ok 18:51:38.0637 2524 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:51:38.0652 2524 KSecDD - ok 18:51:38.0663 2524 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:51:38.0680 2524 KSecPkg - ok 18:51:38.0683 2524 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:51:38.0732 2524 ksthunk - ok 18:51:38.0754 2524 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:51:38.0800 2524 KtmRm - ok 18:51:38.0825 2524 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:51:38.0872 2524 LanmanServer - ok 18:51:38.0899 2524 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:51:38.0934 2524 LanmanWorkstation - ok 18:51:38.0966 2524 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:51:39.0013 2524 lltdio - ok 18:51:39.0035 2524 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:51:39.0086 2524 lltdsvc - ok 18:51:39.0089 2524 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:51:39.0127 2524 lmhosts - ok 18:51:39.0158 2524 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 18:51:39.0172 2524 LSI_FC - ok 18:51:39.0196 2524 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:51:39.0212 2524 LSI_SAS - ok 18:51:39.0235 2524 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 18:51:39.0248 2524 LSI_SAS2 - ok 18:51:39.0288 2524 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:51:39.0303 2524 LSI_SCSI - ok 18:51:39.0323 2524 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:51:39.0364 2524 luafv - ok 18:51:39.0413 2524 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:51:39.0428 2524 MBAMProtector - ok 18:51:39.0481 2524 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:51:39.0573 2524 MBAMScheduler - ok 18:51:39.0602 2524 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:51:39.0706 2524 MBAMService - ok 18:51:39.0738 2524 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:51:39.0755 2524 Mcx2Svc - ok 18:51:39.0777 2524 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 18:51:39.0790 2524 megasas - ok 18:51:39.0800 2524 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 18:51:39.0818 2524 MegaSR - ok 18:51:39.0861 2524 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:51:39.0902 2524 MMCSS - ok 18:51:39.0916 2524 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:51:39.0950 2524 Modem - ok 18:51:39.0953 2524 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:51:39.0985 2524 monitor - ok 18:51:40.0018 2524 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:51:40.0031 2524 mouclass - ok 18:51:40.0069 2524 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys 18:51:40.0098 2524 mouhid - ok 18:51:40.0127 2524 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:51:40.0140 2524 mountmgr - ok 18:51:40.0166 2524 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:51:40.0275 2524 MozillaMaintenance - ok 18:51:40.0293 2524 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:51:40.0308 2524 mpio - ok 18:51:40.0322 2524 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:51:40.0356 2524 mpsdrv - ok 18:51:40.0389 2524 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:51:40.0441 2524 MpsSvc - ok 18:51:40.0460 2524 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:51:40.0489 2524 MRxDAV - ok 18:51:40.0520 2524 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:51:40.0543 2524 mrxsmb - ok 18:51:40.0549 2524 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:51:40.0570 2524 mrxsmb10 - ok 18:51:40.0575 2524 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:51:40.0589 2524 mrxsmb20 - ok 18:51:40.0594 2524 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:51:40.0608 2524 msahci - ok 18:51:40.0623 2524 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:51:40.0639 2524 msdsm - ok 18:51:40.0655 2524 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:51:40.0681 2524 MSDTC - ok 18:51:40.0690 2524 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:51:40.0726 2524 Msfs - ok 18:51:40.0744 2524 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:51:40.0778 2524 mshidkmdf - ok 18:51:40.0801 2524 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:51:40.0815 2524 msisadrv - ok 18:51:40.0837 2524 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:51:40.0875 2524 MSiSCSI - ok 18:51:40.0880 2524 msiserver - ok 18:51:40.0920 2524 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:51:40.0966 2524 MSKSSRV - ok 18:51:40.0970 2524 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:51:41.0005 2524 MSPCLOCK - ok 18:51:41.0009 2524 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:51:41.0051 2524 MSPQM - ok 18:51:41.0073 2524 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:51:41.0092 2524 MsRPC - ok 18:51:41.0115 2524 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:51:41.0127 2524 mssmbios - ok 18:51:41.0131 2524 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:51:41.0165 2524 MSTEE - ok 18:51:41.0169 2524 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 18:51:41.0184 2524 MTConfig - ok 18:51:41.0193 2524 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\drivers\ASACPI.sys 18:51:41.0207 2524 MTsensor - ok 18:51:41.0212 2524 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:51:41.0226 2524 Mup - ok 18:51:41.0250 2524 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:51:41.0299 2524 napagent - ok 18:51:41.0336 2524 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:51:41.0366 2524 NativeWifiP - ok 18:51:41.0408 2524 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:51:41.0440 2524 NDIS - ok 18:51:41.0445 2524 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:51:41.0480 2524 NdisCap - ok 18:51:41.0492 2524 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:51:41.0526 2524 NdisTapi - ok 18:51:41.0548 2524 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:51:41.0588 2524 Ndisuio - ok 18:51:41.0593 2524 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:51:41.0631 2524 NdisWan - ok 18:51:41.0650 2524 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:51:41.0694 2524 NDProxy - ok 18:51:41.0726 2524 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:51:41.0767 2524 NetBIOS - ok 18:51:41.0779 2524 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:51:41.0814 2524 NetBT - ok 18:51:41.0831 2524 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:51:41.0845 2524 Netlogon - ok 18:51:41.0874 2524 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:51:41.0922 2524 Netman - ok 18:51:41.0939 2524 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:51:41.0987 2524 netprofm - ok 18:51:42.0011 2524 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:51:42.0087 2524 NetTcpPortSharing - ok 18:51:42.0127 2524 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:51:42.0141 2524 nfrd960 - ok 18:51:42.0168 2524 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:51:42.0193 2524 NlaSvc - ok 18:51:42.0225 2524 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:51:42.0261 2524 Npfs - ok 18:51:42.0286 2524 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:51:42.0320 2524 nsi - ok 18:51:42.0325 2524 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:51:42.0367 2524 nsiproxy - ok 18:51:42.0423 2524 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:51:42.0463 2524 Ntfs - ok 18:51:42.0468 2524 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:51:42.0520 2524 Null - ok 18:51:42.0540 2524 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:51:42.0556 2524 nvraid - ok 18:51:42.0571 2524 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:51:42.0586 2524 nvstor - ok 18:51:42.0607 2524 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:51:42.0621 2524 nv_agp - ok 18:51:42.0635 2524 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:51:42.0658 2524 ohci1394 - ok 18:51:42.0691 2524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:51:42.0736 2524 p2pimsvc - ok 18:51:42.0769 2524 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:51:42.0788 2524 p2psvc - ok 18:51:42.0828 2524 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 18:51:42.0855 2524 Parport - ok 18:51:42.0878 2524 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:51:42.0893 2524 partmgr - ok 18:51:42.0898 2524 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:51:42.0930 2524 PcaSvc - ok 18:51:42.0951 2524 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:51:42.0965 2524 pci - ok 18:51:42.0982 2524 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:51:42.0995 2524 pciide - ok 18:51:43.0015 2524 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 18:51:43.0032 2524 pcmcia - ok 18:51:43.0063 2524 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:51:43.0076 2524 pcw - ok 18:51:43.0087 2524 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:51:43.0128 2524 PEAUTH - ok 18:51:43.0180 2524 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:51:43.0267 2524 PerfHost - ok 18:51:43.0312 2524 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:51:43.0373 2524 pla - ok 18:51:43.0403 2524 [ 9B03B2D34D46F88638D51066531D08DC ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe 18:51:43.0489 2524 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning 18:51:43.0489 2524 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1) 18:51:43.0544 2524 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:51:43.0569 2524 PlugPlay - ok 18:51:43.0579 2524 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:51:43.0602 2524 PNRPAutoReg - ok 18:51:43.0610 2524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:51:43.0627 2524 PNRPsvc - ok 18:51:43.0653 2524 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:51:43.0706 2524 PolicyAgent - ok 18:51:43.0738 2524 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:51:43.0774 2524 Power - ok 18:51:43.0816 2524 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:51:43.0859 2524 PptpMiniport - ok 18:51:43.0877 2524 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 18:51:43.0893 2524 Processor - ok 18:51:43.0950 2524 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:51:43.0984 2524 ProfSvc - ok 18:51:44.0000 2524 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:51:44.0015 2524 ProtectedStorage - ok 18:51:44.0059 2524 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:51:44.0105 2524 Psched - ok 18:51:44.0153 2524 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 18:51:44.0190 2524 ql2300 - ok 18:51:44.0207 2524 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 18:51:44.0222 2524 ql40xx - ok 18:51:44.0243 2524 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:51:44.0266 2524 QWAVE - ok 18:51:44.0274 2524 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:51:44.0293 2524 QWAVEdrv - ok 18:51:44.0297 2524 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:51:44.0331 2524 RasAcd - ok 18:51:44.0343 2524 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:51:44.0376 2524 RasAgileVpn - ok 18:51:44.0390 2524 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:51:44.0436 2524 RasAuto - ok 18:51:44.0452 2524 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:51:44.0498 2524 Rasl2tp - ok 18:51:44.0523 2524 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:51:44.0560 2524 RasMan - ok 18:51:44.0566 2524 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:51:44.0608 2524 RasPppoe - ok 18:51:44.0613 2524 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:51:44.0647 2524 RasSstp - ok 18:51:44.0658 2524 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:51:44.0697 2524 rdbss - ok 18:51:44.0709 2524 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 18:51:44.0735 2524 rdpbus - ok 18:51:44.0740 2524 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:51:44.0772 2524 RDPCDD - ok 18:51:44.0780 2524 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:51:44.0820 2524 RDPENCDD - ok 18:51:44.0827 2524 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:51:44.0860 2524 RDPREFMP - ok 18:51:44.0894 2524 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:51:44.0929 2524 RDPWD - ok 18:51:44.0943 2524 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:51:44.0959 2524 rdyboost - ok 18:51:44.0982 2524 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:51:45.0019 2524 RemoteAccess - ok 18:51:45.0033 2524 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:51:45.0085 2524 RemoteRegistry - ok 18:51:45.0100 2524 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:51:45.0148 2524 RpcEptMapper - ok 18:51:45.0158 2524 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:51:45.0180 2524 RpcLocator - ok 18:51:45.0199 2524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:51:45.0237 2524 RpcSs - ok 18:51:45.0248 2524 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:51:45.0281 2524 rspndr - ok 18:51:45.0307 2524 [ 6CF9DB101A75360E98659F823852E540 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 18:51:45.0328 2524 RTL8167 - ok 18:51:45.0334 2524 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:51:45.0349 2524 SamSs - ok 18:51:45.0357 2524 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:51:45.0371 2524 sbp2port - ok 18:51:45.0397 2524 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:51:45.0446 2524 SCardSvr - ok 18:51:45.0460 2524 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:51:45.0502 2524 scfilter - ok 18:51:45.0538 2524 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:51:45.0599 2524 Schedule - ok 18:51:45.0622 2524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:51:45.0654 2524 SCPolicySvc - ok 18:51:45.0670 2524 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:51:45.0706 2524 SDRSVC - ok 18:51:45.0710 2524 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:51:45.0745 2524 secdrv - ok 18:51:45.0758 2524 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:51:45.0799 2524 seclogon - ok 18:51:45.0813 2524 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:51:45.0849 2524 SENS - ok 18:51:45.0870 2524 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:51:45.0910 2524 SensrSvc - ok 18:51:45.0944 2524 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 18:51:45.0966 2524 Serenum - ok 18:51:45.0988 2524 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 18:51:46.0002 2524 Serial - ok 18:51:46.0030 2524 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 18:51:46.0050 2524 sermouse - ok 18:51:46.0073 2524 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:51:46.0123 2524 SessionEnv - ok 18:51:46.0146 2524 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:51:46.0164 2524 sffdisk - ok 18:51:46.0196 2524 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:51:46.0223 2524 sffp_mmc - ok 18:51:46.0236 2524 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:51:46.0259 2524 sffp_sd - ok 18:51:46.0282 2524 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 18:51:46.0297 2524 sfloppy - ok 18:51:46.0320 2524 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:51:46.0358 2524 SharedAccess - ok 18:51:46.0377 2524 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:51:46.0414 2524 ShellHWDetection - ok 18:51:46.0449 2524 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 18:51:46.0463 2524 SiSRaid2 - ok 18:51:46.0476 2524 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:51:46.0491 2524 SiSRaid4 - ok 18:51:46.0544 2524 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:51:46.0591 2524 Smb - ok 18:51:46.0632 2524 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:51:46.0663 2524 SNMPTRAP - ok 18:51:46.0682 2524 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:51:46.0696 2524 spldr - ok 18:51:46.0742 2524 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 18:51:46.0779 2524 Spooler - ok 18:51:46.0836 2524 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:51:46.0902 2524 sppsvc - ok 18:51:46.0921 2524 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:51:46.0956 2524 sppuinotify - ok 18:51:47.0025 2524 [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd C:\Windows\system32\Drivers\sptd.sys 18:51:47.0025 2524 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97 18:51:47.0026 2524 sptd ( LockedFile.Multi.Generic ) - warning 18:51:47.0026 2524 sptd - detected LockedFile.Multi.Generic (1) 18:51:47.0062 2524 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:51:47.0083 2524 srv - ok 18:51:47.0092 2524 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:51:47.0121 2524 srv2 - ok 18:51:47.0140 2524 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:51:47.0154 2524 srvnet - ok 18:51:47.0166 2524 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:51:47.0203 2524 SSDPSRV - ok 18:51:47.0217 2524 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:51:47.0254 2524 SstpSvc - ok 18:51:47.0304 2524 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol Virtual CD + DVD\StarWind\StarWindServiceAE.exe 18:51:47.0325 2524 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning 18:51:47.0325 2524 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1) 18:51:47.0337 2524 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 18:51:47.0350 2524 stexstor - ok 18:51:47.0403 2524 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:51:47.0439 2524 stisvc - ok 18:51:47.0449 2524 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:51:47.0461 2524 swenum - ok 18:51:47.0489 2524 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:51:47.0532 2524 swprv - ok 18:51:47.0566 2524 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:51:47.0614 2524 SysMain - ok 18:51:47.0635 2524 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:51:47.0668 2524 TabletInputService - ok 18:51:47.0676 2524 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:51:47.0717 2524 TapiSrv - ok 18:51:47.0731 2524 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:51:47.0768 2524 TBS - ok 18:51:47.0821 2524 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:51:47.0876 2524 Tcpip - ok 18:51:47.0902 2524 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:51:47.0937 2524 TCPIP6 - ok 18:51:47.0962 2524 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:51:47.0977 2524 tcpipreg - ok 18:51:47.0993 2524 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:51:48.0027 2524 TDPIPE - ok 18:51:48.0050 2524 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:51:48.0074 2524 TDTCP - ok 18:51:48.0112 2524 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:51:48.0146 2524 tdx - ok 18:51:48.0158 2524 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:51:48.0171 2524 TermDD - ok 18:51:48.0189 2524 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:51:48.0231 2524 TermService - ok 18:51:48.0248 2524 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:51:48.0279 2524 Themes - ok 18:51:48.0290 2524 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:51:48.0324 2524 THREADORDER - ok 18:51:48.0340 2524 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:51:48.0385 2524 TrkWks - ok 18:51:48.0422 2524 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:51:48.0455 2524 TrustedInstaller - ok 18:51:48.0464 2524 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:51:48.0511 2524 tssecsrv - ok 18:51:48.0533 2524 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:51:48.0562 2524 TsUsbFlt - ok 18:51:48.0572 2524 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 18:51:48.0597 2524 TsUsbGD - ok 18:51:48.0631 2524 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:51:48.0680 2524 tunnel - ok 18:51:48.0686 2524 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:51:48.0700 2524 uagp35 - ok 18:51:48.0718 2524 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:51:48.0763 2524 udfs - ok 18:51:48.0788 2524 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:51:48.0813 2524 UI0Detect - ok 18:51:48.0841 2524 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:51:48.0855 2524 uliagpkx - ok 18:51:48.0900 2524 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:51:48.0919 2524 umbus - ok 18:51:48.0945 2524 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 18:51:48.0970 2524 UmPass - ok 18:51:48.0986 2524 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:51:49.0036 2524 upnphost - ok 18:51:49.0053 2524 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:51:49.0093 2524 usbccgp - ok 18:51:49.0138 2524 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:51:49.0157 2524 usbcir - ok 18:51:49.0181 2524 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 18:51:49.0208 2524 usbehci - ok 18:51:49.0230 2524 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys 18:51:49.0254 2524 usbhub - ok 18:51:49.0268 2524 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:51:49.0297 2524 usbohci - ok 18:51:49.0346 2524 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:51:49.0372 2524 usbprint - ok 18:51:49.0402 2524 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 18:51:49.0419 2524 usbscan - ok 18:51:49.0435 2524 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:51:49.0470 2524 USBSTOR - ok 18:51:49.0485 2524 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:51:49.0506 2524 usbuhci - ok 18:51:49.0522 2524 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:51:49.0557 2524 UxSms - ok 18:51:49.0581 2524 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:51:49.0595 2524 VaultSvc - ok 18:51:49.0626 2524 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:51:49.0640 2524 vdrvroot - ok 18:51:49.0692 2524 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:51:49.0742 2524 vds - ok 18:51:49.0797 2524 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:51:49.0813 2524 vga - ok 18:51:49.0828 2524 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:51:49.0861 2524 VgaSave - ok 18:51:49.0892 2524 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:51:49.0907 2524 vhdmp - ok 18:51:49.0922 2524 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:51:49.0934 2524 viaide - ok 18:51:49.0957 2524 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:51:49.0971 2524 volmgr - ok 18:51:49.0997 2524 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:51:50.0014 2524 volmgrx - ok 18:51:50.0040 2524 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:51:50.0057 2524 volsnap - ok 18:51:50.0102 2524 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:51:50.0118 2524 vsmraid - ok 18:51:50.0156 2524 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:51:50.0220 2524 VSS - ok 18:51:50.0239 2524 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 18:51:50.0263 2524 vwifibus - ok 18:51:50.0291 2524 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:51:50.0332 2524 W32Time - ok 18:51:50.0351 2524 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 18:51:50.0379 2524 WacomPen - ok 18:51:50.0424 2524 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:51:50.0470 2524 WANARP - ok 18:51:50.0493 2524 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:51:50.0526 2524 Wanarpv6 - ok 18:51:50.0568 2524 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:51:50.0626 2524 wbengine - ok 18:51:50.0640 2524 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:51:50.0663 2524 WbioSrvc - ok 18:51:50.0672 2524 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:51:50.0708 2524 wcncsvc - ok 18:51:50.0723 2524 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:51:50.0747 2524 WcsPlugInService - ok 18:51:50.0773 2524 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 18:51:50.0786 2524 Wd - ok 18:51:50.0823 2524 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:51:50.0853 2524 Wdf01000 - ok 18:51:50.0858 2524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:51:50.0923 2524 WdiServiceHost - ok 18:51:50.0928 2524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:51:50.0948 2524 WdiSystemHost - ok 18:51:50.0961 2524 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:51:50.0995 2524 WebClient - ok 18:51:51.0013 2524 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:51:51.0062 2524 Wecsvc - ok 18:51:51.0077 2524 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:51:51.0123 2524 wercplsupport - ok 18:51:51.0141 2524 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:51:51.0175 2524 WerSvc - ok 18:51:51.0190 2524 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:51:51.0223 2524 WfpLwf - ok 18:51:51.0229 2524 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:51:51.0243 2524 WIMMount - ok 18:51:51.0258 2524 WinDefend - ok 18:51:51.0266 2524 WinHttpAutoProxySvc - ok 18:51:51.0314 2524 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:51:51.0351 2524 Winmgmt - ok 18:51:51.0397 2524 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:51:51.0455 2524 WinRM - ok 18:51:51.0519 2524 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:51:51.0552 2524 WinUsb - ok 18:51:51.0587 2524 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:51:51.0628 2524 Wlansvc - ok 18:51:51.0739 2524 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 18:51:51.0751 2524 wlcrasvc - ok 18:51:51.0841 2524 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:51:51.0889 2524 wlidsvc - ok 18:51:51.0903 2524 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:51:51.0917 2524 WmiAcpi - ok 18:51:51.0944 2524 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:51:51.0976 2524 wmiApSrv - ok 18:51:51.0994 2524 WMPNetworkSvc - ok 18:51:52.0007 2524 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:51:52.0032 2524 WPCSvc - ok 18:51:52.0045 2524 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:51:52.0063 2524 WPDBusEnum - ok 18:51:52.0078 2524 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:51:52.0113 2524 ws2ifsl - ok 18:51:52.0128 2524 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 18:51:52.0158 2524 wscsvc - ok 18:51:52.0163 2524 WSearch - ok 18:51:52.0233 2524 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:51:52.0285 2524 wuauserv - ok 18:51:52.0317 2524 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:51:52.0359 2524 WudfPf - ok 18:51:52.0405 2524 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:51:52.0433 2524 WUDFRd - ok 18:51:52.0460 2524 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:51:52.0487 2524 wudfsvc - ok 18:51:52.0505 2524 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:51:52.0527 2524 WwanSvc - ok 18:51:52.0550 2524 ================ Scan global =============================== 18:51:52.0581 2524 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:51:52.0605 2524 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 18:51:52.0611 2524 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 18:51:52.0631 2524 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:51:52.0652 2524 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:51:52.0655 2524 [Global] - ok 18:51:52.0656 2524 ================ Scan MBR ================================== 18:51:52.0666 2524 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:51:52.0861 2524 \Device\Harddisk0\DR0 - ok 18:51:52.0862 2524 ================ Scan VBR ================================== 18:51:52.0864 2524 [ E30C2C84493D010BB14F3E6B4F6E3DB6 ] \Device\Harddisk0\DR0\Partition1 18:51:52.0865 2524 \Device\Harddisk0\DR0\Partition1 - ok 18:51:52.0867 2524 ============================================================ 18:51:52.0867 2524 Scan finished 18:51:52.0867 2524 ============================================================ 18:51:52.0874 2392 Detected object count: 3 18:51:52.0874 2392 Actual detected object count: 3 18:53:30.0422 2392 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user 18:53:30.0422 2392 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:53:30.0425 2392 sptd ( LockedFile.Multi.Generic ) - skipped by user 18:53:30.0425 2392 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 18:53:30.0426 2392 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user 18:53:30.0426 2392 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:56:55.0296 4080 Deinitialize success |
|
03.01.2013, 19:26
| #10 | |
| /// Malware-holic | TrojWare.Win32.Buzus.carj@283207124 hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.01.2013, 00:52
| #11 |
| | TrojWare.Win32.Buzus.carj@283207124 Combofix Logfile: Code:
ATTFilter ComboFix 13-01-03.05 - xxxxxxxxxxxxxxxxxx 04.01.2013 0:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.7918.6522 [GMT 1:00]
ausgeführt von:: c:\users\xxxxxxxxxxxxxxxxxx\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-03 bis 2013-01-03 ))))))))))))))))))))))))))))))
.
.
2013-01-03 23:43 . 2013-01-03 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-31 13:07 . 2012-12-31 13:07 -------- d-----w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Local\Programs
2012-12-21 10:46 . 2012-12-21 10:46 -------- d-----w- C:\VritualRoot
2012-12-21 08:34 . 2012-12-21 08:34 -------- d-----w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Malwarebytes
2012-12-21 08:34 . 2012-12-21 08:34 -------- d-----w- c:\programdata\Malwarebytes
2012-12-21 08:34 . 2012-12-31 13:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-21 08:34 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-21 02:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 02:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 02:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 02:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 19:33 . 2012-12-23 21:12 50952 ----a-w- c:\windows\system32\certsentry.dll
2012-12-20 19:33 . 2012-12-23 21:12 42760 ----a-w- c:\windows\SysWow64\certsentry.dll
2012-12-20 19:33 . 2012-12-20 19:33 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-12-20 19:33 . 2012-12-20 19:33 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-12-20 19:33 . 2012-12-20 19:33 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-12-19 22:15 . 2012-12-19 22:15 16363960 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-12-19 21:50 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE912D84-8200-4FD4-93CF-F6C2F7BF6C4E}\mpengine.dll
2012-12-18 22:35 . 2012-12-19 14:02 -------- d-----w- c:\programdata\Spyware Terminator
2012-12-18 22:35 . 2012-12-18 22:35 -------- d-----w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Spyware Terminator
2012-12-18 22:33 . 2012-12-19 14:02 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-12-15 22:11 . 2012-12-15 22:11 -------- d-----w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\PCToolsFirewallPlus
2012-12-15 22:11 . 2012-12-19 14:02 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-12-15 22:11 . 2012-12-19 14:02 -------- d-----w- c:\program files (x86)\PC Tools Firewall Plus
2012-12-15 21:21 . 2012-12-15 21:21 -------- d-----w- c:\programdata\CPA_VA
2012-12-15 20:50 . 2012-12-15 20:50 -------- d-----w- c:\program files (x86)\CheckPoint
2012-12-15 20:50 . 2012-12-15 20:50 -------- d-----w- c:\programdata\CheckPoint
2012-12-15 20:19 . 2012-12-22 21:47 -------- d-----w- c:\programdata\Comodo
2012-12-15 20:19 . 2012-12-20 19:54 -------- d-----w- c:\program files\COMODO
2012-12-15 20:19 . 2012-12-15 21:16 -------- d-----w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Local\Comodo
2012-12-15 20:19 . 2012-12-23 21:12 -------- d-----w- c:\program files (x86)\Comodo
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-19 22:16 . 2012-06-25 13:22 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-19 22:16 . 2012-06-02 21:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-19 21:57 . 2012-06-10 10:02 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-07 22:38 . 2012-11-07 22:38 94288 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 22:38 . 2012-11-07 22:38 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 22:38 . 2012-11-07 22:38 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 22:37 . 2012-11-07 22:37 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 22:37 . 2012-11-07 22:37 41240 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 22:37 . 2012-11-07 22:37 301264 ----a-w- c:\windows\SysWow64\guard32.dll
2012-11-07 22:37 . 2012-11-07 22:37 390392 ----a-w- c:\windows\system32\guard64.dll
2012-10-30 22:50 . 2012-08-31 20:56 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-12-19 21:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-19 21:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-19 21:50 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 14:48 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 14:48 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 14:48 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 14:48 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol Virtual CD + DVD\AxAutoMntSrv.exe" [2010-08-20 33120]
"SJelite3Launch"="c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe" [2009-04-03 176128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
HotSync Manager.lnk - c:\program files (x86)\palmOne\HOTSYNC.EXE [2004-4-13 299008]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
R3 cpuz130;cpuz130;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-11 77952]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-11 37504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-29 503352]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-11-07 22736]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 204288]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2010-10-28 189776]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-12-19 1868432]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-23 648808]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 50571652
*NewlyCreated* - 78865984
*Deregistered* - 50571652
*Deregistered* - 78865984
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 22:16]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 20:56]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 20:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\xxxxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ndcaucj4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.innehalten.org/
FF - ExtSQL: 2012-11-19 21:29; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-MAGIXautostart - d:\install\program\setup.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-04 00:47:07
ComboFix-quarantined-files.txt 2013-01-03 23:47
.
Vor Suchlauf: 9 Verzeichnis(se), 889.787.908.096 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 889.806.884.864 Bytes frei
.
- - End Of File - - 437A7E71FB6ED15E07B2AD0C7A20B50E
|
|
05.01.2013, 18:30
| #12 |
| /// Malware-holic | TrojWare.Win32.Buzus.carj@283207124 Hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 22:17
| #13 |
| | TrojWare.Win32.Buzus.carj@283207124 Hallo manche Microsoftprogramme kann ich nicht beurteilen. Hier die Liste: ABC Amber Audio Converter 02.06.2012notwendig AbiWord 2.8.6 AbiSource Developers 01.06.2012 2.8.6unnötig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 18.12.2012 6,00MB 11.5.502.135notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 16.08.2012 121,9MB 10.1.4notwendig Audacity 1.3.14 (Unicode) Audacity Team 02.06.2012 40,5MB unnötig Bing Bar Microsoft Corporation 12.09.2012 0,45MB 7.1.391.0unbekannt Canon MP Navigator EX 4.0 03.06.2012notwendig Canon Solution Menu EX 03.06.2012notwendig CanoScan LiDE 210 Scanner Driver 03.06.2012notwendig CCleaner Piriform 23.12.2012 3.15notwendig CDBurnerXP CDBurnerXP 20.11.2012 12,4MB 4.4.2.3442notwendig Comodo Dragon COMODO 22.12.2012 70,7MB 23.4.0.0unnötig COMODO Internet Security COMODO Security Solutions Inc. 19.12.2012 162,5MB 5.12.59641.2599notwendig COMODO Internet Security COMODO Security Solutions Inc. 20.12.2012 5.12.59641.2599notwendig??? DATA BECKER capella studio & scan 2.0 DATA BECKER GmbH & Co. KG 15.06.2012 122,6MB 6.0.17.0unnötig Die Siedler IV 24.07.2012unnötig Dropbox Dropbox, Inc. 02.01.2013 1.6.11notwendig FileZilla Client 3.5.3 FileZilla Project 22.07.2012 16,6MB 3.5.3notwendig FreeDoko 0.7.10 Borg Enders und Diether Knof 02.06.2012 0.7.10notwendig Futuremark SystemInfo Futuremark Corporation 28.05.2012 3.21.2.1unbekannt InfraRecorder Christian Kindahl 01.06.2012 unnötig Java(TM) 6 Update 37 Oracle 01.07.2012 95,7MB 6.0.370notwendig LIMBO 29.06.2012 92,9MB unnötig MAGIX music studio 2004 deLuxe MAGIX AG 02.06.2012 1.0.1.545notwendig MAGIX notation 02.06.2012 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 30.12.2012 18,5MB 1.70.0.1100notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.06.2012 38,8MB 4.0.30319unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.06.2012 2,94MB 4.0.30319unbekannt Microsoft Office 2010 Microsoft Corporation 28.05.2012 6,31MB 14.0.4763.1000unnötig Microsoft Silverlight Microsoft Corporation 17.07.2012 40,4MB 4.1.10329.0unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 28.05.2012 1,70MB 3.1.0000unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.07.2012 0,29MB 8.0.61001unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 02.06.2012 0,77MB 9.0.30729.4148unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.07.2012 0,76MB 9.0.30729.6161unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 01.06.2012 2,06MB 9.0.21022unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.06.2012 0,58MB 9.0.30729.4148unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.07.2012 0,58MB 9.0.30729.6161unbekannt Mozilla Firefox 17.0.1 (x86 de) Mozilla 20.12.2012 41,1MB 17.0.1notwendig Mozilla Maintenance Service Mozilla 20.12.2012 0,32MB 17.0.1unbekannt Mozilla Thunderbird 10.0.2 (x86 de) Mozilla 01.06.2012 37,3MB 10.0.2notwendig MuseScore 1.2 MuseScore score typesetter Werner Schweer and Others 07.07.2012 1.2.0unnötig OpenAL 01.06.2012 unbekannt OpenOffice.org 3.3 OpenOffice.org 02.06.2012 415MB 3.3.9567notwendig Paint.NET v3.5.10 dotPDN LLC 01.06.2012 10,7MB 3.60.0notwendig Palm Desktop Palm, Inc. 01.06.2012 38,5MB 4.1.0410notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 28.05.2012 6.0.1.6215notwendig VLC media player 2.0.1 VideoLAN 02.06.2012 2.0.1notwendig Windows Live Essentials Microsoft Corporation 18.07.2012 15.4.3555.0308notwendig Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 28.05.2012 5,58MB 15.4.5722.2unbekannt |
|
07.01.2013, 16:35
| #14 |
| /// Malware-holic | TrojWare.Win32.Buzus.carj@283207124 Hi du hast die Bezeichnungen direkt an die Versionsnummer getan, das kann man schlecht lesen, bitte noch mal erstellen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.01.2013, 23:15
| #15 |
| | TrojWare.Win32.Buzus.carj@283207124 ABC Amber Audio Converter 02.06.2012 notwendig AbiWord 2.8.6 AbiSource Developers 01.06.2012 2.8.6 unnötig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 18.12.2012 6,00MB 11.5.502.135 notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 16.08.2012 121,9MB 10.1.4 notwendig Audacity 1.3.14 (Unicode) Audacity Team 02.06.2012 40,5MB unnötig Bing Bar Microsoft Corporation 12.09.2012 0,45MB 7.1.391.0 unbekannt Canon MP Navigator EX 4.0 03.06.2012 notwendig Canon Solution Menu EX 03.06.2012 notwendig CanoScan LiDE 210 Scanner Driver 03.06.2012 notwendig CCleaner Piriform 23.12.2012 3.15 notwendig CDBurnerXP CDBurnerXP 20.11.2012 12,4MB 4.4.2.3442 notwendig Comodo Dragon COMODO 22.12.2012 70,7MB 23.4.0.0 unnötig COMODO Internet Security COMODO Security Solutions Inc. 19.12.2012 162,5MB 5.12.59641.2599 notwendig COMODO Internet Security COMODO Security Solutions Inc. 20.12.2012 5.12.59641.2599 notwendig??? DATA BECKER capella studio & scan 2.0 DATA BECKER GmbH & Co. KG 15.06.2012 122,6MB 6.0.17.0 unnötig Die Siedler IV 24.07.2012 unnötig Dropbox Dropbox, Inc. 02.01.2013 1.6.11 notwendig FileZilla Client 3.5.3 FileZilla Project 22.07.2012 16,6MB 3.5.3 notwendig FreeDoko 0.7.10 Borg Enders und Diether Knof 02.06.2012 0.7.10 notwendig Futuremark SystemInfo Futuremark Corporation 28.05.2012 3.21.2.1 unbekannt InfraRecorder Christian Kindahl 01.06.2012 unnötig Java(TM) 6 Update 37 Oracle 01.07.2012 95,7MB 6.0.370 notwendig LIMBO 29.06.2012 92,9MB unnötig MAGIX music studio 2004 deLuxe MAGIX AG 02.06.2012 1.0.1.545 notwendig MAGIX notation 02.06.2012 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 30.12.2012 18,5MB 1.70.0.1100 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.06.2012 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.06.2012 2,94MB 4.0.30319 unbekannt Microsoft Office 2010 Microsoft Corporation 28.05.2012 6,31MB 14.0.4763.1000 unnötig Microsoft Silverlight Microsoft Corporation 17.07.2012 40,4MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 28.05.2012 1,70MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.07.2012 0,29MB 8.0.61001 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 02.06.2012 0,77MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.07.2012 0,76MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 01.06.2012 2,06MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.06.2012 0,58MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.07.2012 0,58MB 9.0.30729.6161 unbekannt Mozilla Firefox 17.0.1 (x86 de) Mozilla 20.12.2012 41,1MB 17.0.1 notwendig Mozilla Maintenance Service Mozilla 20.12.2012 0,32MB 17.0.1 unbekannt Mozilla Thunderbird 10.0.2 (x86 de) Mozilla 01.06.2012 37,3MB 10.0.2 notwendig MuseScore 1.2 MuseScore score typesetter Werner Schweer and Others 07.07.2012 1.2.0 unnötig OpenAL 01.06.2012 unbekannt OpenOffice.org 3.3 OpenOffice.org 02.06.2012 415MB 3.3.9567 notwendig Paint.NET v3.5.10 dotPDN LLC 01.06.2012 10,7MB 3.60.0 notwendig Palm Desktop Palm, Inc. 01.06.2012 38,5MB 4.1.0410 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 28.05.2012 6.0.1.6215 notwendig VLC media player 2.0.1 VideoLAN 02.06.2012 2.0.1 notwendig Windows Live Essentials Microsoft Corporation 18.07.2012 15.4.3555.0308 notwendig Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 28.05.2012 5,58MB 15.4.5722.2 unbekannt |
|
| Themen zu TrojWare.Win32.Buzus.carj@283207124 |
| comodo, durchsucht, entdeck, entdeckt, freeware, freue, hinweise, installier, installiert, komplette, kurzem, quarantäne, stelle, system, temp, troja, trojaner, windows, windows\temp |
