| |
| |||||||
Log-Analyse und Auswertung: TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.02.2012, 22:42
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Das ist ein Fehlalarm! Virenscanner deaktivieren und TDSS-Killer ausführen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.02.2012, 17:48
| #17 |
 | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Hallo Arne,
__________________hatte schon fast sowas vermutet. Habe mich aber nicht so recht getraut, es ohne Virenscanner zu versuchen, auf das Abschalten war ja immer explizit hingewiesen worden. Ohne hat es aber prima geklappt, hier das Log. Gruß - dedza Code:
ATTFilter 17:26:46.0094 3300 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
17:26:46.0204 3300 ============================================================
17:26:46.0204 3300 Current date / time: 2012/02/17 17:26:46.0204
17:26:46.0204 3300 SystemInfo:
17:26:46.0204 3300
17:26:46.0204 3300 OS Version: 6.1.7600 ServicePack: 0.0
17:26:46.0204 3300 Product type: Workstation
17:26:46.0204 3300 ComputerName: COMPI
17:26:46.0204 3300 UserName: trudi
17:26:46.0204 3300 Windows directory: C:\Windows
17:26:46.0204 3300 System windows directory: C:\Windows
17:26:46.0204 3300 Running under WOW64
17:26:46.0204 3300 Processor architecture: Intel x64
17:26:46.0204 3300 Number of processors: 4
17:26:46.0204 3300 Page size: 0x1000
17:26:46.0204 3300 Boot type: Normal boot
17:26:46.0204 3300 ============================================================
17:26:49.0090 3300 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:26:49.0105 3300 \Device\Harddisk0\DR0:
17:26:49.0105 3300 MBR used
17:26:49.0105 3300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:26:49.0105 3300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48A76000
17:26:49.0105 3300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48ADA000, BlocksNum 0x1D4A000
17:26:49.0105 3300 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
17:26:49.0199 3300 Initialize success
17:26:49.0199 3300 ============================================================
17:27:42.0925 4072 ============================================================
17:27:42.0925 4072 Scan started
17:27:42.0925 4072 Mode: Manual; SigCheck; TDLFS;
17:27:42.0925 4072 ============================================================
17:27:45.0733 4072 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:27:45.0889 4072 1394ohci - ok
17:27:46.0778 4072 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:27:46.0810 4072 ACPI - ok
17:27:47.0387 4072 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:27:47.0543 4072 AcpiPmi - ok
17:27:48.0370 4072 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:27:48.0432 4072 adp94xx - ok
17:27:49.0087 4072 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:27:49.0165 4072 adpahci - ok
17:27:49.0696 4072 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:27:49.0727 4072 adpu320 - ok
17:27:50.0366 4072 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:27:50.0444 4072 AFD - ok
17:27:51.0006 4072 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:27:51.0037 4072 agp440 - ok
17:27:51.0755 4072 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:27:51.0770 4072 aliide - ok
17:27:52.0597 4072 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:27:52.0628 4072 amdide - ok
17:27:53.0408 4072 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:27:53.0486 4072 AmdK8 - ok
17:27:54.0734 4072 amdkmdag (55e2968133cd22614f102add2fcffe46) C:\Windows\system32\DRIVERS\atikmdag.sys
17:27:55.0156 4072 amdkmdag - ok
17:27:55.0858 4072 amdkmdap (93e44e7d300b2dbc805fec7005bb12ce) C:\Windows\system32\DRIVERS\atikmpag.sys
17:27:55.0904 4072 amdkmdap - ok
17:27:56.0528 4072 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:27:56.0591 4072 AmdPPM - ok
17:27:57.0355 4072 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:27:57.0386 4072 amdsata - ok
17:27:58.0151 4072 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:27:58.0182 4072 amdsbs - ok
17:27:58.0868 4072 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:27:58.0900 4072 amdxata - ok
17:27:59.0414 4072 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:27:59.0492 4072 AppID - ok
17:27:59.0867 4072 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:27:59.0882 4072 arc - ok
17:28:00.0413 4072 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:28:00.0428 4072 arcsas - ok
17:28:00.0928 4072 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:28:01.0130 4072 AsyncMac - ok
17:28:01.0723 4072 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:28:01.0754 4072 atapi - ok
17:28:02.0254 4072 AthBTPort (c647c19b70b4717106f6b59e80d6f38f) C:\Windows\system32\DRIVERS\btath_flt.sys
17:28:02.0316 4072 AthBTPort - ok
17:28:02.0924 4072 AthDfu (17d367ae1ad05852303a8bdfab5d028b) C:\Windows\system32\Drivers\AthDfu.sys
17:28:02.0971 4072 AthDfu - ok
17:28:03.0845 4072 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
17:28:03.0970 4072 athr - ok
17:28:04.0921 4072 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
17:28:04.0968 4072 avgntflt - ok
17:28:05.0764 4072 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
17:28:05.0779 4072 avipbb - ok
17:28:06.0450 4072 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:28:06.0528 4072 b06bdrv - ok
17:28:07.0105 4072 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:28:07.0168 4072 b57nd60a - ok
17:28:07.0714 4072 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:28:07.0823 4072 Beep - ok
17:28:08.0494 4072 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:28:08.0556 4072 blbdrive - ok
17:28:09.0430 4072 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:28:09.0539 4072 bowser - ok
17:28:10.0553 4072 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:28:10.0647 4072 BrFiltLo - ok
17:28:11.0520 4072 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:28:11.0551 4072 BrFiltUp - ok
17:28:11.0895 4072 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:28:11.0941 4072 Brserid - ok
17:28:12.0425 4072 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:28:12.0487 4072 BrSerWdm - ok
17:28:13.0049 4072 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:28:13.0096 4072 BrUsbMdm - ok
17:28:13.0533 4072 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:28:13.0595 4072 BrUsbSer - ok
17:28:14.0141 4072 BTATH_A2DP (f5b0c8426147f8455a58470753355a86) C:\Windows\system32\drivers\btath_a2dp.sys
17:28:14.0219 4072 BTATH_A2DP - ok
17:28:14.0781 4072 BTATH_BUS (613a1fd0db78f8df45fc0091868f1032) C:\Windows\system32\DRIVERS\btath_bus.sys
17:28:14.0874 4072 BTATH_BUS - ok
17:28:15.0467 4072 BTATH_HCRP (30c1769f1dbf567a2f31492e819cbdc2) C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:28:15.0514 4072 BTATH_HCRP - ok
17:28:16.0075 4072 BTATH_RCP (6b476536c991f953ded4b92cc505b3a8) C:\Windows\system32\DRIVERS\btath_rcp.sys
17:28:16.0122 4072 BTATH_RCP - ok
17:28:16.0637 4072 BtFilter (e808a9b7dbd8db51d6a02beba677ae88) C:\Windows\system32\DRIVERS\btfilter.sys
17:28:16.0699 4072 BtFilter - ok
17:28:17.0277 4072 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
17:28:17.0339 4072 BthEnum - ok
17:28:17.0869 4072 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:28:17.0932 4072 BTHMODEM - ok
17:28:18.0462 4072 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:28:18.0525 4072 BthPan - ok
17:28:19.0055 4072 BTHPORT (538392664fee486620dfea146f2500bc) C:\Windows\system32\Drivers\BTHport.sys
17:28:19.0117 4072 BTHPORT - ok
17:28:19.0710 4072 BTHUSB (6e71522e317b22257d8e37a1584b5829) C:\Windows\system32\Drivers\BTHUSB.sys
17:28:19.0773 4072 BTHUSB - ok
17:28:20.0397 4072 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:28:20.0490 4072 cdfs - ok
17:28:21.0130 4072 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:28:21.0161 4072 cdrom - ok
17:28:21.0723 4072 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:28:21.0754 4072 circlass - ok
17:28:22.0159 4072 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:28:22.0191 4072 CLFS - ok
17:28:22.0768 4072 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
17:28:22.0783 4072 clwvd - ok
17:28:23.0548 4072 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:28:23.0595 4072 CmBatt - ok
17:28:24.0078 4072 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:28:24.0109 4072 cmdide - ok
17:28:24.0655 4072 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
17:28:24.0749 4072 CNG - ok
17:28:25.0373 4072 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:28:25.0404 4072 Compbatt - ok
17:28:26.0044 4072 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:28:26.0075 4072 CompositeBus - ok
17:28:26.0699 4072 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:28:26.0715 4072 crcdisk - ok
17:28:27.0479 4072 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:28:27.0557 4072 DfsC - ok
17:28:28.0072 4072 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:28:28.0165 4072 discache - ok
17:28:28.0852 4072 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:28:28.0883 4072 Disk - ok
17:28:29.0491 4072 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:28:29.0538 4072 drmkaud - ok
17:28:30.0459 4072 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:28:30.0505 4072 DXGKrnl - ok
17:28:31.0925 4072 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:28:32.0065 4072 ebdrv - ok
17:28:33.0189 4072 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:28:33.0267 4072 elxstor - ok
17:28:34.0249 4072 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:28:34.0343 4072 ErrDev - ok
17:28:35.0685 4072 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:28:35.0763 4072 exfat - ok
17:28:36.0324 4072 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:28:36.0418 4072 fastfat - ok
17:28:36.0964 4072 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:28:37.0026 4072 fdc - ok
17:28:37.0557 4072 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:28:37.0588 4072 FileInfo - ok
17:28:38.0305 4072 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:28:38.0399 4072 Filetrace - ok
17:28:38.0773 4072 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:28:38.0820 4072 flpydisk - ok
17:28:39.0397 4072 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:28:39.0444 4072 FltMgr - ok
17:28:39.0975 4072 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:28:40.0006 4072 FsDepends - ok
17:28:40.0599 4072 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:28:40.0630 4072 Fs_Rec - ok
17:28:41.0020 4072 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:28:41.0051 4072 fvevol - ok
17:28:41.0550 4072 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:28:41.0581 4072 gagp30kx - ok
17:28:42.0065 4072 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:28:42.0096 4072 hcw85cir - ok
17:28:42.0907 4072 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:28:43.0001 4072 HdAudAddService - ok
17:28:43.0843 4072 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:28:43.0921 4072 HDAudBus - ok
17:28:44.0717 4072 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:28:44.0764 4072 HidBatt - ok
17:28:45.0372 4072 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:28:45.0435 4072 HidBth - ok
17:28:45.0887 4072 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:28:45.0949 4072 HidIr - ok
17:28:46.0542 4072 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:28:46.0589 4072 HidUsb - ok
17:28:47.0197 4072 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:28:47.0229 4072 HpSAMD - ok
17:28:47.0915 4072 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:28:48.0055 4072 HTTP - ok
17:28:48.0523 4072 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:28:48.0539 4072 hwpolicy - ok
17:28:49.0163 4072 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:28:49.0194 4072 i8042prt - ok
17:28:49.0803 4072 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
17:28:49.0849 4072 iaStor - ok
17:28:50.0614 4072 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:28:50.0645 4072 iaStorV - ok
17:28:52.0408 4072 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:28:52.0767 4072 igfx - ok
17:28:53.0313 4072 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:28:53.0344 4072 iirsp - ok
17:28:53.0921 4072 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:28:53.0999 4072 IntcDAud - ok
17:28:54.0467 4072 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:28:54.0483 4072 intelide - ok
17:28:56.0526 4072 intelkmd (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdpmd64.sys
17:28:56.0869 4072 intelkmd - ok
17:28:57.0478 4072 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:28:57.0540 4072 intelppm - ok
17:28:58.0195 4072 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:28:58.0289 4072 IpFilterDriver - ok
17:28:58.0944 4072 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:28:58.0991 4072 IPMIDRV - ok
17:28:59.0521 4072 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:28:59.0631 4072 IPNAT - ok
17:29:00.0192 4072 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:29:00.0301 4072 IRENUM - ok
17:29:01.0144 4072 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:29:01.0175 4072 isapnp - ok
17:29:02.0017 4072 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:29:02.0080 4072 iScsiPrt - ok
17:29:02.0766 4072 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:29:02.0782 4072 kbdclass - ok
17:29:03.0484 4072 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:29:03.0531 4072 kbdhid - ok
17:29:04.0311 4072 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
17:29:04.0342 4072 KSecDD - ok
17:29:05.0059 4072 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
17:29:05.0091 4072 KSecPkg - ok
17:29:05.0652 4072 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:29:05.0761 4072 ksthunk - ok
17:29:06.0417 4072 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:29:06.0541 4072 lltdio - ok
17:29:07.0197 4072 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:29:07.0212 4072 LSI_FC - ok
17:29:07.0945 4072 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:29:07.0977 4072 LSI_SAS - ok
17:29:08.0413 4072 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:29:08.0445 4072 LSI_SAS2 - ok
17:29:08.0991 4072 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:29:09.0022 4072 LSI_SCSI - ok
17:29:09.0396 4072 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:29:09.0490 4072 luafv - ok
17:29:10.0114 4072 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:29:10.0145 4072 megasas - ok
17:29:10.0738 4072 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:29:10.0769 4072 MegaSR - ok
17:29:11.0455 4072 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:29:11.0471 4072 MEIx64 - ok
17:29:12.0157 4072 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:29:12.0267 4072 Modem - ok
17:29:12.0859 4072 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:29:12.0922 4072 monitor - ok
17:29:13.0639 4072 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:29:13.0655 4072 mouclass - ok
17:29:14.0201 4072 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:29:14.0279 4072 mouhid - ok
17:29:15.0059 4072 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:29:15.0075 4072 mountmgr - ok
17:29:15.0777 4072 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:29:15.0792 4072 mpio - ok
17:29:16.0447 4072 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:29:16.0510 4072 mpsdrv - ok
17:29:17.0087 4072 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:29:17.0149 4072 MRxDAV - ok
17:29:17.0664 4072 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:29:17.0711 4072 mrxsmb - ok
17:29:18.0335 4072 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:29:18.0397 4072 mrxsmb10 - ok
17:29:18.0975 4072 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:29:19.0037 4072 mrxsmb20 - ok
17:29:19.0599 4072 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
17:29:19.0614 4072 msahci - ok
17:29:20.0082 4072 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:29:20.0098 4072 msdsm - ok
17:29:20.0753 4072 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:29:20.0815 4072 Msfs - ok
17:29:21.0471 4072 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:29:21.0564 4072 mshidkmdf - ok
17:29:22.0157 4072 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:29:22.0173 4072 msisadrv - ok
17:29:22.0750 4072 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:29:22.0859 4072 MSKSSRV - ok
17:29:23.0389 4072 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:29:23.0499 4072 MSPCLOCK - ok
17:29:24.0091 4072 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:29:24.0201 4072 MSPQM - ok
17:29:24.0731 4072 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:29:24.0762 4072 MsRPC - ok
17:29:25.0480 4072 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:29:25.0511 4072 mssmbios - ok
17:29:25.0995 4072 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:29:26.0151 4072 MSTEE - ok
17:29:26.0681 4072 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:29:26.0743 4072 MTConfig - ok
17:29:27.0336 4072 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:29:27.0352 4072 Mup - ok
17:29:27.0945 4072 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:29:28.0023 4072 NativeWifiP - ok
17:29:28.0709 4072 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:29:28.0771 4072 NDIS - ok
17:29:29.0286 4072 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:29:29.0395 4072 NdisCap - ok
17:29:29.0957 4072 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:29:30.0035 4072 NdisTapi - ok
17:29:30.0550 4072 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:29:30.0643 4072 Ndisuio - ok
17:29:31.0189 4072 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:29:31.0267 4072 NdisWan - ok
17:29:32.0047 4072 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:29:32.0157 4072 NDProxy - ok
17:29:32.0703 4072 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:29:32.0843 4072 NetBIOS - ok
17:29:33.0295 4072 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:29:33.0389 4072 NetBT - ok
17:29:34.0575 4072 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:29:34.0762 4072 netw5v64 - ok
17:29:35.0479 4072 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:29:35.0511 4072 nfrd960 - ok
17:29:36.0072 4072 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:29:36.0181 4072 Npfs - ok
17:29:36.0852 4072 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:29:36.0961 4072 nsiproxy - ok
17:29:37.0695 4072 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:29:37.0819 4072 Ntfs - ok
17:29:38.0350 4072 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:29:38.0428 4072 Null - ok
17:29:39.0083 4072 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:29:39.0114 4072 nvraid - ok
17:29:39.0754 4072 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:29:39.0769 4072 nvstor - ok
17:29:40.0503 4072 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:29:40.0518 4072 nv_agp - ok
17:29:41.0095 4072 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:29:41.0158 4072 ohci1394 - ok
17:29:41.0719 4072 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:29:41.0751 4072 Parport - ok
17:29:42.0468 4072 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:29:42.0499 4072 partmgr - ok
17:29:43.0404 4072 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:29:43.0435 4072 pci - ok
17:29:43.0950 4072 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:29:43.0966 4072 pciide - ok
17:29:44.0434 4072 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:29:44.0481 4072 pcmcia - ok
17:29:44.0980 4072 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:29:44.0995 4072 pcw - ok
17:29:45.0557 4072 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:29:45.0713 4072 PEAUTH - ok
17:29:46.0337 4072 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:29:46.0431 4072 PptpMiniport - ok
17:29:47.0133 4072 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:29:47.0179 4072 Processor - ok
17:29:47.0897 4072 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:29:47.0975 4072 Psched - ok
17:29:48.0693 4072 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:29:48.0802 4072 ql2300 - ok
17:29:49.0348 4072 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:29:49.0379 4072 ql40xx - ok
17:29:49.0847 4072 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:29:49.0909 4072 QWAVEdrv - ok
17:29:50.0580 4072 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:29:50.0705 4072 RasAcd - ok
17:29:51.0251 4072 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:29:51.0345 4072 RasAgileVpn - ok
17:29:52.0062 4072 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:29:52.0171 4072 Rasl2tp - ok
17:29:52.0749 4072 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:29:52.0858 4072 RasPppoe - ok
17:29:53.0419 4072 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:29:53.0513 4072 RasSstp - ok
17:29:54.0121 4072 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:29:54.0262 4072 rdbss - ok
17:29:54.0839 4072 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:29:54.0886 4072 rdpbus - ok
17:29:55.0666 4072 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:29:55.0759 4072 RDPCDD - ok
17:29:56.0383 4072 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:29:56.0477 4072 RDPENCDD - ok
17:29:57.0070 4072 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:29:57.0148 4072 RDPREFMP - ok
17:29:57.0912 4072 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
17:29:58.0006 4072 RDPWD - ok
17:29:58.0723 4072 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
17:29:58.0755 4072 rdyboost - ok
17:29:59.0504 4072 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:29:59.0582 4072 RFCOMM - ok
17:30:00.0330 4072 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
17:30:00.0362 4072 RSPCIESTOR - ok
17:30:00.0986 4072 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:30:01.0110 4072 rspndr - ok
17:30:01.0812 4072 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:30:01.0844 4072 RTL8167 - ok
17:30:02.0436 4072 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:30:02.0468 4072 sbp2port - ok
17:30:03.0076 4072 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:30:03.0170 4072 scfilter - ok
17:30:03.0731 4072 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
17:30:03.0778 4072 sdbus - ok
17:30:04.0527 4072 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:30:04.0620 4072 secdrv - ok
17:30:05.0260 4072 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:30:05.0291 4072 Serenum - ok
17:30:05.0822 4072 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:30:05.0884 4072 Serial - ok
17:30:06.0508 4072 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:30:06.0555 4072 sermouse - ok
17:30:06.0992 4072 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:30:07.0038 4072 sffdisk - ok
17:30:07.0662 4072 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:30:07.0709 4072 sffp_mmc - ok
17:30:08.0240 4072 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:30:08.0286 4072 sffp_sd - ok
17:30:08.0754 4072 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:30:08.0770 4072 sfloppy - ok
17:30:09.0113 4072 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:30:09.0160 4072 Sftfs - ok
17:30:09.0644 4072 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:30:09.0659 4072 Sftplay - ok
17:30:10.0174 4072 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:30:10.0190 4072 Sftredir - ok
17:30:10.0798 4072 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:30:10.0814 4072 Sftvol - ok
17:30:11.0516 4072 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:30:11.0547 4072 SiSRaid2 - ok
17:30:12.0124 4072 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:30:12.0155 4072 SiSRaid4 - ok
17:30:12.0701 4072 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:30:12.0810 4072 Smb - ok
17:30:13.0310 4072 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:30:13.0341 4072 spldr - ok
17:30:14.0168 4072 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:30:14.0246 4072 srv - ok
17:30:14.0823 4072 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:30:14.0901 4072 srv2 - ok
17:30:15.0587 4072 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:30:15.0634 4072 SrvHsfHDA - ok
17:30:16.0476 4072 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:30:16.0632 4072 SrvHsfV92 - ok
17:30:17.0350 4072 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:30:17.0444 4072 SrvHsfWinac - ok
17:30:18.0099 4072 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:30:18.0146 4072 srvnet - ok
17:30:19.0144 4072 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:30:19.0160 4072 stexstor - ok
17:30:20.0392 4072 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
17:30:20.0548 4072 STHDA - ok
17:30:21.0312 4072 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:30:21.0344 4072 swenum - ok
17:30:21.0890 4072 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
17:30:21.0936 4072 SynTP - ok
17:30:22.0670 4072 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
17:30:22.0888 4072 Tcpip - ok
17:30:24.0089 4072 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
17:30:24.0136 4072 TCPIP6 - ok
17:30:24.0807 4072 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:30:24.0885 4072 tcpipreg - ok
17:30:25.0478 4072 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:30:25.0556 4072 TDPIPE - ok
17:30:26.0055 4072 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:30:26.0148 4072 TDTCP - ok
17:30:26.0772 4072 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:30:26.0850 4072 tdx - ok
17:30:27.0178 4072 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:30:27.0209 4072 TermDD - ok
17:30:27.0771 4072 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:30:27.0833 4072 tssecsrv - ok
17:30:28.0535 4072 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:30:28.0644 4072 tunnel - ok
17:30:29.0159 4072 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:30:29.0190 4072 uagp35 - ok
17:30:29.0799 4072 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
17:30:29.0846 4072 udfs - ok
17:30:30.0314 4072 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:30:30.0345 4072 uliagpkx - ok
17:30:31.0016 4072 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:30:31.0062 4072 umbus - ok
17:30:31.0655 4072 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:30:31.0702 4072 UmPass - ok
17:30:32.0326 4072 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
17:30:32.0388 4072 usbccgp - ok
17:30:32.0919 4072 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:30:32.0981 4072 usbcir - ok
17:30:33.0621 4072 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
17:30:33.0652 4072 usbehci - ok
17:30:34.0401 4072 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
17:30:34.0448 4072 usbhub - ok
17:30:34.0994 4072 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
17:30:35.0040 4072 usbohci - ok
17:30:35.0586 4072 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:30:35.0664 4072 usbprint - ok
17:30:36.0210 4072 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:30:36.0273 4072 usbscan - ok
17:30:36.0850 4072 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:30:36.0881 4072 USBSTOR - ok
17:30:37.0505 4072 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
17:30:37.0552 4072 usbuhci - ok
17:30:38.0160 4072 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
17:30:38.0238 4072 usbvideo - ok
17:30:38.0738 4072 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:30:38.0769 4072 vdrvroot - ok
17:30:39.0299 4072 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:30:39.0330 4072 vga - ok
17:30:40.0142 4072 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:30:40.0235 4072 VgaSave - ok
17:30:40.0890 4072 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:30:40.0922 4072 vhdmp - ok
17:30:41.0421 4072 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:30:41.0452 4072 viaide - ok
17:30:41.0936 4072 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:30:41.0951 4072 volmgr - ok
17:30:42.0747 4072 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:30:42.0809 4072 volmgrx - ok
17:30:43.0464 4072 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:30:43.0496 4072 volsnap - ok
17:30:43.0964 4072 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:30:43.0995 4072 vsmraid - ok
17:30:44.0650 4072 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:30:44.0697 4072 vwifibus - ok
17:30:45.0305 4072 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:30:45.0368 4072 vwififlt - ok
17:30:45.0898 4072 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:30:45.0945 4072 vwifimp - ok
17:30:46.0569 4072 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:30:46.0631 4072 WacomPen - ok
17:30:47.0302 4072 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:47.0396 4072 WANARP - ok
17:30:47.0458 4072 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:47.0505 4072 Wanarpv6 - ok
17:30:48.0191 4072 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:30:48.0207 4072 Wd - ok
17:30:48.0800 4072 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:30:48.0846 4072 Wdf01000 - ok
17:30:49.0408 4072 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:30:49.0486 4072 WfpLwf - ok
17:30:50.0001 4072 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:30:50.0032 4072 WIMMount - ok
17:30:50.0640 4072 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
17:30:50.0703 4072 WinUsb - ok
17:30:51.0280 4072 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:30:51.0327 4072 WmiAcpi - ok
17:30:51.0966 4072 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:30:52.0060 4072 ws2ifsl - ok
17:30:52.0762 4072 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:30:52.0871 4072 WudfPf - ok
17:30:53.0433 4072 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:30:53.0511 4072 WUDFRd - ok
17:30:54.0166 4072 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
17:30:54.0244 4072 yukonw7 - ok
17:30:54.0338 4072 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:30:54.0587 4072 \Device\Harddisk0\DR0 - ok
17:30:54.0634 4072 Boot (0x1200) (64946ef165bad6d6d45ac275099325f6) \Device\Harddisk0\DR0\Partition0
17:30:54.0634 4072 \Device\Harddisk0\DR0\Partition0 - ok
17:30:54.0650 4072 Boot (0x1200) (04f88cdb514fda32b18975d5b1afcb11) \Device\Harddisk0\DR0\Partition1
17:30:54.0650 4072 \Device\Harddisk0\DR0\Partition1 - ok
17:30:54.0696 4072 Boot (0x1200) (9e13157db14d68c71737766e4ea843f7) \Device\Harddisk0\DR0\Partition2
17:30:54.0696 4072 \Device\Harddisk0\DR0\Partition2 - ok
17:30:54.0743 4072 Boot (0x1200) (cebd86535535586811ca897a22193fb2) \Device\Harddisk0\DR0\Partition3
17:30:54.0743 4072 \Device\Harddisk0\DR0\Partition3 - ok
17:30:54.0759 4072 ============================================================
17:30:54.0759 4072 Scan finished
17:30:54.0759 4072 ============================================================
17:30:54.0774 3552 Detected object count: 0
17:30:54.0774 3552 Actual detected object count: 0
|
|
17.02.2012, 17:52
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
17.02.2012, 23:59
| #19 |
| | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Hallo Arne, Combofix ist ausgeführt, hier die Datei. Gruß - dedza Code:
ATTFilter ComboFix 12-02-17.02 - trudi 17.02.2012 23:45:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.6092.4627 [GMT 1:00]
ausgeführt von:: c:\users\trudi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\trudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-17 bis 2012-02-17 ))))))))))))))))))))))))))))))
.
.
2012-02-17 22:49 . 2012-02-17 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 09:07 . 2012-02-15 09:07 -------- d-----w- C:\_OTL
2012-02-11 23:01 . 2012-02-12 20:31 -------- d-----w- C:\2012
2012-02-11 19:47 . 2012-02-12 20:21 -------- d-----w- C:\2011.1
2012-02-10 21:05 . 2012-02-10 21:05 -------- d-----w- c:\program files (x86)\ESET
2012-02-10 20:46 . 2012-02-10 20:46 -------- d-----w- c:\users\trudi\AppData\Roaming\Malwarebytes
2012-02-10 20:46 . 2012-02-10 20:46 -------- d-----w- c:\programdata\Malwarebytes
2012-02-10 20:46 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-10 20:46 . 2012-02-10 20:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-09 22:31 . 2012-02-09 22:31 -------- d-----w- C:\HP_TOOLS_mountHPSF
2012-01-26 20:55 . 2011-11-17 05:39 314368 ----a-w- c:\windows\SysWow64\webio.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-17 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-03 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 12:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-13 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2009-10-28 388608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-17 23:51:25
ComboFix-quarantined-files.txt 2012-02-17 22:51
.
Vor Suchlauf: 12 Verzeichnis(se), 569.264.779.264 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 569.168.183.296 Bytes frei
.
- - End Of File - - 9296B4D4F3986D3FEADB26A37C26DA35
|
|
19.02.2012, 18:24
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.02.2012, 17:03
| #21 |
| | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Hallo Arne, das Tool hat nach einigen Sekunden Scan zunächst mal Windows abstürzen lassen, nach dem Neustart ging es dann aber. Hier aswMBR.txt. Gruß - dedza Code:
ATTFilter aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-20 16:47:08
-----------------------------
16:47:08.514 OS Version: Windows x64 6.1.7600
16:47:08.514 Number of processors: 4 586 0x2A07
16:47:08.514 ComputerName: COMPI UserName: trudi
16:47:09.809 Initialze error C0000034 - driver not loaded
16:47:15.768 AVAST engine defs: 12022001
16:47:22.554 Service scanning
16:48:00.291 Modules scanning
16:48:00.291 Disk 0 trace - called modules:
16:48:00.291
16:48:04.097 AVAST engine scan C:\Windows
16:48:10.446 AVAST engine scan C:\Windows\system32
16:50:00.208 AVAST engine scan C:\Windows\system32\drivers
16:50:13.811 AVAST engine scan C:\Users\trudi
16:52:56.520 AVAST engine scan C:\ProgramData
16:53:41.338 Scan finished successfully
16:54:06.657 The log file has been saved successfully to "C:\Users\trudi\Desktop\aswMBR.txt"
|
|
20.02.2012, 20:54
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Das Log ist nicht so das was ich wollte. Füh aswMBR nochmal aus. Per Rechtsklick als Admin starten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.02.2012, 22:03
| #23 |
| | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Hallo Arne, hier ein neuer versuch, sieht besser aus... Gruß- dedza Code:
ATTFilter aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-20 21:41:35
-----------------------------
21:41:35.731 OS Version: Windows x64 6.1.7600
21:41:35.731 Number of processors: 4 586 0x2A07
21:41:35.746 ComputerName: COMPI UserName: trudi
21:41:37.244 Initialize success
21:41:40.005 AVAST engine defs: 12022001
21:41:45.637 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:41:45.637 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
21:41:45.699 Disk 0 MBR read successfully
21:41:45.715 Disk 0 MBR scan
21:41:45.715 Disk 0 Windows 7 default MBR code
21:41:45.730 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:41:45.761 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595180 MB offset 409600
21:41:45.808 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14996 MB offset 1219338240
21:41:45.839 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
21:41:45.855 Service scanning
21:42:20.050 Modules scanning
21:42:20.066 Disk 0 trace - called modules:
21:42:20.128 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:42:20.643 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008421060]
21:42:20.643 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006522050]
21:42:22.562 AVAST engine scan C:\Windows
21:42:28.209 AVAST engine scan C:\Windows\system32
21:44:18.330 AVAST engine scan C:\Windows\system32\drivers
21:44:34.912 AVAST engine scan C:\Users\trudi
21:46:50.555 AVAST engine scan C:\ProgramData
21:47:31.973 Scan finished successfully
21:47:49.070 Disk 0 MBR has been saved successfully to "C:\Users\trudi\Desktop\MBR.dat"
21:47:49.070 The log file has been saved successfully to "C:\Users\trudi\Desktop\aswMBR.txt"
|
|
21.02.2012, 12:13
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2012, 00:12
| #25 |
| | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Hallo Arne, hier das Ergebnis von Malwarebyte: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.21.05 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 trudi :: COMPI [Administrator] 21.02.2012 21:12:51 mbam-log-2012-02-21 (21-12-51).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 357152 Laufzeit: 54 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und von SuperAntiSpyware: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/22/2012 at 00:01 AM
Application Version : 5.0.1144
Core Rules Database Version : 8262
Trace Rules Database Version: 6074
Scan type : Complete Scan
Total Scan Time : 01:33:44
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator
Memory items scanned : 742
Memory threats detected : 0
Registry items scanned : 64686
Registry threats detected : 0
File items scanned : 167517
File threats detected : 113
Adware.Tracking Cookie
C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\PZJ8HGQ0.txt [ /c.atdmt.com ]
C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\NMI26PYG.txt [ /smartadserver.com ]
C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\E8133IG8.txt [ /mediaplex.com ]
C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\GSNU6BLQ.txt [ /doubleclick.net ]
C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\JS9J0EOG.txt [ /apmebf.com ]
C:\Users\trudi\AppData\Roaming\Microsoft\Windows\Cookies\69L1SMZG.txt [ /atdmt.com ]
C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\HIOOQY78.txt [ Cookie:standard@smartadserver.com/ ]
C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\GZ285CYJ.txt [ Cookie:standard@apmebf.com/ ]
C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\24Y0VM31.txt [ Cookie:standard@mediaplex.com/ ]
C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\Low\0I8ZKBMB.txt [ Cookie:standard@c.atdmt.com/ ]
C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\Low\OQQ1DSA9.txt [ Cookie:standard@doubleclick.net/ ]
C:\USERS\STANDARD\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZIUCDBMD.txt [ Cookie:standard@atdmt.com/ ]
C:\USERS\STANDARD\Cookies\HIOOQY78.txt [ Cookie:standard@smartadserver.com/ ]
C:\USERS\STANDARD\Cookies\GZ285CYJ.txt [ Cookie:standard@apmebf.com/ ]
C:\USERS\STANDARD\Cookies\24Y0VM31.txt [ Cookie:standard@mediaplex.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\MVKP6CM8.txt [ Cookie:trudi@c.atdmt.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\W9UMEK2T.txt [ Cookie:trudi@fr.sitestat.com/renault-group/dacia-de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\5FMS3G9A.txt [ Cookie:trudi@ad4.adfarm1.adition.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\FH0NV32M.txt [ Cookie:trudi@questionmarket.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\C9TD0K4S.txt [ Cookie:trudi@adfarm1.adition.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YOJ65EY3.txt [ Cookie:trudi@tribalfusion.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\P0SG1055.txt [ Cookie:trudi@smartadserver.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\4MGPVUQ3.txt [ Cookie:trudi@invitemedia.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YRRG6HA3.txt [ Cookie:trudi@eas.apm.emediate.eu/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\FF7TW9AG.txt [ Cookie:trudi@lfstmedia.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\9N2LQJAD.txt [ Cookie:trudi@ad.adserver01.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\6ZSTG61F.txt [ Cookie:trudi@media.campartner.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\GD4HA009.txt [ Cookie:trudi@ww251.smartadserver.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\HUYZMEQM.txt [ Cookie:trudi@ad2.adfarm1.adition.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\10IQX5FP.txt [ Cookie:trudi@ad.zanox.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\EMFEW5KT.txt [ Cookie:trudi@unitymedia.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\VKAAQPKO.txt [ Cookie:trudi@snapfish.112.2o7.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\RAOKPT26.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1069804837/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\5QDQ9228.txt [ Cookie:trudi@yieldmanager.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\HTAOE3XP.txt [ Cookie:trudi@countomat.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\CGRBTD67.txt [ Cookie:trudi@clickfuse.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\EF6F6RXE.txt [ Cookie:trudi@adtech.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\KUW670N9.txt [ Cookie:trudi@tracking.mindshare.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YBVONDD.txt [ Cookie:trudi@mediaplex.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\78SH0R8O.txt [ Cookie:trudi@liveperson.net/hc/36005843 ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\4SPZMY7X.txt [ Cookie:trudi@tradedoubler.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\3WENMOE6.txt [ Cookie:trudi@dyntracker.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\N1AKXJIY.txt [ Cookie:trudi@doubleclick.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\LW1QMJ9H.txt [ Cookie:trudi@tracking.quisma.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\5L2XHUML.txt [ Cookie:trudi@imrworldwide.com/cgi-bin ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\MPX7DC2C.txt [ Cookie:trudi@ad1.dyntracker.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BNPKLPWX.txt [ Cookie:trudi@generaltracking.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\5GKG7YN6.txt [ Cookie:trudi@webmasterplan.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\CGEZ9LLP.txt [ Cookie:trudi@ad.dyntracker.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\V3BXLU46.txt [ Cookie:trudi@apmebf.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\GG2DYCA1.txt [ Cookie:trudi@track.webtrekk.de/562243648792138/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\8YGAYY75.txt [ Cookie:trudi@partners.webmasterplan.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\C47C2S2H.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1041120653/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\VKFA454D.txt [ Cookie:trudi@tracking.mlsat02.de/buttinette/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\00K55W82.txt [ Cookie:trudi@bizrate.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\QLQUCO2P.txt [ Cookie:trudi@adform.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\FTC9Z8KS.txt [ Cookie:trudi@ad3.adfarm1.adition.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\trudi@secmedia[1].txt [ Cookie:trudi@secmedia.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\EV3FQIH3.txt [ Cookie:trudi@adbrite.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\CEMW47OU.txt [ Cookie:trudi@ad1.adfarm1.adition.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\2B0RIWUO.txt [ Cookie:trudi@im.banner.t-online.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\MADGY5J6.txt [ Cookie:trudi@a.revenuemax.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\0UIGZI0H.txt [ Cookie:trudi@int.sitestat.com/panasonic/de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\NVT5ZF5V.txt [ Cookie:trudi@revsci.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\WP263AED.txt [ Cookie:trudi@guj.122.2o7.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\UEJI20VQ.txt [ Cookie:trudi@ad.adnet.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\EKALZFQQ.txt [ Cookie:trudi@int.sitestat.com/panasonic/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\IVPJXEMH.txt [ Cookie:trudi@liveperson.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\VCFLTMDE.txt [ Cookie:trudi@content.yieldmanager.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\TIKTXTJQ.txt [ Cookie:trudi@www.etracker.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\04GWVIVZ.txt [ Cookie:trudi@serving-sys.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BVMDISFV.txt [ Cookie:trudi@zanox-affiliate.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q6ALN5NT.txt [ Cookie:trudi@www.networkadvertising.org/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\28K1AV96.txt [ Cookie:trudi@xiti.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\UCJEPNV5.txt [ Cookie:trudi@bs.serving-sys.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\HIRW4EFQ.txt [ Cookie:trudi@ad.yieldmanager.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\RSJX65J3.txt [ Cookie:trudi@collective-media.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\4K30VQZ6.txt [ Cookie:trudi@clicks.pangora.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\316SHFAP.txt [ Cookie:trudi@microsoftwindows.112.2o7.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\LK9GIF4H.txt [ Cookie:trudi@fr.sitestat.com/renault-group/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\TD4TYSKT.txt [ Cookie:trudi@kontera.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\CI4NFF13.txt [ Cookie:trudi@unister-adservices.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\WR14ASEW.txt [ Cookie:trudi@legolas-media.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\4VSHMQQN.txt [ Cookie:trudi@casalemedia.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\HOA7GM0A.txt [ Cookie:trudi@autoscout24.112.2o7.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\F0AMPGF3.txt [ Cookie:trudi@adserver2.clipkit.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\226VA97Q.txt [ Cookie:trudi@cunda.122.2o7.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\2QSQV6VO.txt [ Cookie:trudi@specificmedia.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\B88HD6N8.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1054681775/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\AXBQ5MU3.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1070307116/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\230D7QPL.txt [ Cookie:trudi@adserver.trojaner-info.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\P9IH0R9N.txt [ Cookie:trudi@tracking.mobile.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\K748A4ZW.txt [ Cookie:trudi@advertising.com/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\AZL4V3NY.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1072331127/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\J2ZA2H2H.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1071209279/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\RG90YAJI.txt [ Cookie:trudi@adx.chip.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\UA0Q7V1Y.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/954736752/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\8A0WSGFM.txt [ Cookie:trudi@sales.liveperson.net/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\80CHURDT.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1041113907/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\S6JTT72W.txt [ Cookie:trudi@www.zanox-affiliate.de/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\GNXZ8XGB.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/950437851/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YJ68PBNO.txt [ Cookie:trudi@komtrack.com/tr ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\LV2RJWNU.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1071214352/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\I1HW9TU6.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1064075388/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\KU28Q97I.txt [ Cookie:trudi@www.googleadservices.com/pagead/conversion/1038913304/ ]
C:\USERS\TRUDI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YDN6PK42.txt [ Cookie:trudi@adtechus.com/ ]
C:\USERS\TRUDI\Cookies\PZJ8HGQ0.txt [ Cookie:trudi@c.atdmt.com/ ]
C:\USERS\TRUDI\Cookies\NMI26PYG.txt [ Cookie:trudi@smartadserver.com/ ]
C:\USERS\TRUDI\Cookies\E8133IG8.txt [ Cookie:trudi@mediaplex.com/ ]
C:\USERS\TRUDI\Cookies\GSNU6BLQ.txt [ Cookie:trudi@doubleclick.net/ ]
C:\USERS\TRUDI\Cookies\JS9J0EOG.txt [ Cookie:trudi@apmebf.com/ ]
C:\USERS\TRUDI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TRUDI@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]
C:\USERS\TRUDI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TRUDI@PARTY-DISCOUNT[1].TXT [ /PARTY-DISCOUNT ]
Viele Grüße - dedza |
|
22.02.2012, 11:08
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2012, 21:22
| #27 | ||
| | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Hallo Arne, zunächst vielen Dank für die Mühe!! Zitat:
Allerdings war ich nicht sicher, ob durch das Verschieben in die Avira-Quarantäne alles sicher gefunden und unschädlich gemacht wurde. Von all den durchgeführten Checks hatte dann ja nur eset einen Fund gemeldet. Ist der Rechner jetzt clean ? Das waren ja nun einige Trojaner-Funde auf einmal. Wie gefährlich waren die Burschen eigentlich? Beim Googeln findet man eher selten eine gut erklärte aktuelle Virenliste. Kann ich das System besser schützen? Habe ein wenig im Forum gelesen, auch im Bezug auf Virenscanner. Sollte ich Avira ersetzen - Du empfiehlst Avast. Oder ein Produkt kaufen (Kaspersky?). Zitat:
Macht das Sinn und verhindert die Cookies? HTML-Code: www.networkadvertising.org/managing/opt_out.asp Also nochmals vielen Dank  und viele Grüße -dedza |
|
22.02.2012, 21:57
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7Zitat:
Wie gesagt sind Cookies aber keine Gefahr Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2012, 22:20
| #29 | |
| | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Hallo Arne, danke für die ausführliche Antwort mit den vielen Hinweisen. Allerdings funktioniert die Deinstallation von Combofix tatsächlich nicht so ganz.  Nach der Eingabe der uninstall-Anweisung werden in einem Fenster schnell viele Dekomprimierungen angezeigt, dann zeigt eine Meldung: Zitat:
Viele Grüße - dedza |
|
24.02.2012, 10:48
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 Downloade dir bitte CF_UNINST.exe und speichere diese auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/PSW.Karagany, TR/Dldr.Karagany, TR/Crypt.XPACK, TR/Fakesysdef unter W7 |
| avira, boot, computer, data, error, failed, file, folge, gelöscht, hardware, laptop, meldung, neustart, not, opera, ram, rechner, starten, system, system32, systemwiederherstellung, this, tr/crypt.xpack, tr/dldr.karagany, trojaner, windows |
Linear-Darstellung
