| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ein neuer Fall von TR\Crypt.XPACK.Gen.3Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.03.2012, 02:17
| #1 |
 |  Ein neuer Fall von TR\Crypt.XPACK.Gen.3 Hallo, mein System (Windows 7 - 64 Bit) wurde mit dem o.g. Virus infiziert. Avira Antivirus hat ihn gefunden und versucht zu löschen. Bei Avira steht unter Ereignisse: Code:
ATTFilter In der Datei 'C:\Users\myo\AppData\Local\Temp\rZcEthtcApF43P.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter In der Datei 'C:\Users\myo\AppData\Local\Temp\rZcEthtcApF43P.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Code:
ATTFilter Die Datei 'C:\Users\myo\AppData\Local\Temp\rZcEthtcApF43P.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 4aa0f835.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5237d7ea.qua' verschoben!
Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 18. März 2012 22:35
Es wird nach 3569307 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MYOHO
Versionsinformationen:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 13:51:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 10:09:21
AVSCAN.DLL : 12.1.0.18 65744 Bytes 15.02.2012 10:09:20
LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 10:09:22
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15.02.2012 10:09:23
AVREG.DLL : 12.1.0.29 228048 Bytes 15.02.2012 10:09:23
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:10:45
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 20:30:49
VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 20:31:07
VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 20:31:34
VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 20:31:49
VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 20:32:11
VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 20:32:33
VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 20:32:54
VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 20:34:35
VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 20:34:35
VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 20:34:35
VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 05:23:57
VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 05:23:58
VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 08:59:28
VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 09:00:00
VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 10:09:15
VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 10:21:15
VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 15:18:21
VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 15:17:54
VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 15:17:46
VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 18:10:19
VBASE023.VDF : 7.11.24.152 165888 Bytes 05.03.2012 18:10:34
VBASE024.VDF : 7.11.24.204 177664 Bytes 07.03.2012 00:06:56
VBASE025.VDF : 7.11.25.30 245248 Bytes 12.03.2012 11:35:21
VBASE026.VDF : 7.11.25.121 252416 Bytes 15.03.2012 11:37:28
VBASE027.VDF : 7.11.25.122 2048 Bytes 15.03.2012 11:37:28
VBASE028.VDF : 7.11.25.123 2048 Bytes 15.03.2012 11:37:28
VBASE029.VDF : 7.11.25.124 2048 Bytes 15.03.2012 11:37:28
VBASE030.VDF : 7.11.25.125 2048 Bytes 15.03.2012 11:37:28
VBASE031.VDF : 7.11.25.142 71680 Bytes 16.03.2012 11:37:58
Engineversion : 8.2.10.24
AEVDF.DLL : 8.1.2.2 106868 Bytes 26.10.2011 13:27:25
AESCRIPT.DLL : 8.1.4.10 455035 Bytes 16.03.2012 11:37:45
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 19:37:33
AESBX.DLL : 8.2.5.5 606579 Bytes 13.03.2012 11:36:09
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.5 803190 Bytes 08.03.2012 00:07:04
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 20:58:11
AEHEUR.DLL : 8.1.4.7 4501878 Bytes 17.03.2012 11:39:10
AEHELP.DLL : 8.1.19.0 254327 Bytes 19.01.2012 17:27:59
AEGEN.DLL : 8.1.5.23 409973 Bytes 08.03.2012 00:06:57
AEEXP.DLL : 8.1.0.25 74101 Bytes 16.03.2012 11:37:46
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 16.03.2012 11:37:29
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 10:09:20
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f616b99\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Sonntag, 18. März 2012 22:35
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IkEJJmteVRTh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mplayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smplayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'javaw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'brss01a.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'bgsvcgen.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'brsvc01a.exe' - '1' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\myo\AppData\Local\Temp\rZcEthtcApF43P.exe'
C:\Users\myo\AppData\Local\Temp\rZcEthtcApF43P.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 4aa0f835.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5237d7ea.qua' verschoben!
Ende des Suchlaufs: Sonntag, 18. März 2012 22:37
Benötigte Zeit: 01:08 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
24 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
23 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
2 Hinweise
35103 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
http://www.trojaner-board.de/111794-...k-gen-3-a.html Dann startete sich das System neu. Im abgesicherten Modus fand Avira nichts und nach dem Systemneustart traten die gleichen Fehlermeldungen wie zuvor auf, bis der Rechner wieder neu startete. defogger habe ich zum disablen ausgeführt. dds machte die folgenden Logs: DDS.txt: [CODE].DDS Logfile: DDS Logfile: DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Ho at 1:36:31 on 2012-03-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4095.2824 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [NPSStartup]
mRun: [<NO NAME>]
mRun: [avgnt] "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - D:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Spamihilator.lnk - D:\Program Files (x86)\Spamihilator\spamihilator.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyGaming\PartyPoker\RunApp.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C3BE1494-EA54-4DA6-8895-4CADAF2FD5F2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE8B9136-4379-4E79-99BE-7613669E724A} : DhcpNameServer = 213.191.74.19 62.109.123.197
TCP: Interfaces\{FE8B9136-4379-4E79-99BE-7613669E724A}\A5578616573756 : DhcpNameServer = 213.191.74.19 62.109.123.197
TCP: Interfaces\{FE8B9136-4379-4E79-99BE-7613669E724A}\C656E616C657 : DhcpNameServer = 213.191.92.86 62.109.123.7
mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{326E768D-4182-46FD-9C16-1449A49795F4}
{593DDEC6-7468-4cdd-90E1-42DADAA222E9}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{AE7CD045-E861-484f-8273-0445EE161910}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
mRun-x64: [NPSStartup]
mRun-x64: [(Standard)]
mRun-x64: [avgnt] "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyGaming\PartyPoker\RunApp.exe
Hosts: 74.208.105.171 gs.apple.com
Hosts: 74.208.10.249 gs.apple.com
Hosts: 127.255.255.255 www.mobile-master.de mobile-master.de
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
S2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 AntiVirSchedulerService;Avira Planer;D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-13 86224]
S2 AntiVirService;Avira Echtzeit Scanner;D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-13 110032]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 GtDetectSc;GtDetectSc;C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe [2008-5-8 314880]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-16 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-2 2214504]
S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-2 2280312]
S3 DrmCAudio;DrmCAudio;C:\Windows\system32\drivers\DrmCAudio.sys --> C:\Windows\system32\drivers\DrmCAudio.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\system32\DRIVERS\Gt51Ip.sys --> C:\Windows\system32\DRIVERS\Gt51Ip.sys [?]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys --> C:\Windows\system32\DRIVERS\gt72ubus.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-16 136176]
S3 PAC7311;Trust CP-2300 Webcam;C:\Windows\system32\DRIVERS\PA707UCM.SYS --> C:\Windows\system32\DRIVERS\PA707UCM.SYS [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RTL8187B;RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) von Realtek;C:\Windows\system32\DRIVERS\RTL8187B.sys --> C:\Windows\system32\DRIVERS\RTL8187B.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys --> C:\Windows\system32\DRIVERS\s0016bus.sys [?]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys --> C:\Windows\system32\DRIVERS\s0016mdfl.sys [?]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys --> C:\Windows\system32\DRIVERS\s0016mdm.sys [?]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys --> C:\Windows\system32\DRIVERS\s0016mgmt.sys [?]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys --> C:\Windows\system32\DRIVERS\s0016nd5.sys [?]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys --> C:\Windows\system32\DRIVERS\s0016obex.sys [?]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys --> C:\Windows\system32\DRIVERS\s0016unic.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\Windows\system32\DRIVERS\s816bus.sys --> C:\Windows\system32\DRIVERS\s816bus.sys [?]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s816mdfl.sys --> C:\Windows\system32\DRIVERS\s816mdfl.sys [?]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s816mdm.sys --> C:\Windows\system32\DRIVERS\s816mdm.sys [?]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s816mgmt.sys --> C:\Windows\system32\DRIVERS\s816mgmt.sys [?]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\Windows\system32\DRIVERS\s816nd5.sys --> C:\Windows\system32\DRIVERS\s816nd5.sys [?]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s816obex.sys --> C:\Windows\system32\DRIVERS\s816obex.sys [?]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\Windows\system32\DRIVERS\s816unic.sys --> C:\Windows\system32\DRIVERS\s816unic.sys [?]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys --> C:\Windows\system32\DRIVERS\ss_bbus.sys [?]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys --> C:\Windows\system32\DRIVERS\ss_bmdfl.sys [?]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys --> C:\Windows\system32\DRIVERS\ss_bmdm.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-9-3 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2012-03-18 23:41:29 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-03-18 21:35:26 448512 ---ha-w- C:\ProgramData\IkEJJmteVRTh.exe
2012-03-15 16:48:51 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-03-15 16:48:51 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-03-15 16:48:51 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-03-15 16:48:51 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-03-15 16:48:51 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-03-15 16:47:42 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-03-15 16:47:41 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-03-13 21:51:32 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-13 21:51:31 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-13 21:51:31 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 21:49:02 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 21:49:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 21:49:01 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 21:49:01 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 21:49:00 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 21:49:00 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 21:48:59 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 21:48:59 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-13 21:48:59 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 21:48:58 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 21:48:58 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-05 18:47:56 331136 ----a-w- C:\Windows\PFUn.EXE
2012-03-05 11:42:11 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2012-02-23 07:29:16 -------- d--h--w- C:\Users\Ho\AppData\Roaming\pdfforge
2012-02-23 07:29:13 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2012-02-23 07:29:12 64512 ----a-w- C:\Windows\SysWow64\MSCC2DE.DLL
2012-02-23 07:29:12 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2012-02-21 16:24:55 -------- d--h--w- C:\Users\Ho\.VirtualBox
2012-02-21 15:10:06 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-02-21 15:09:55 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-02-19 16:15:34 -------- d-----w- C:\Program Files (x86)\Tesseract-OCR
.
==================== Find3M ====================
.
2012-02-21 14:41:48 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2006-05-03 11:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 12:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 14:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 23:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 1:37:07,48 ===============
--- --- --- --- --- --- --- --- --- Attach.txt Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 27.10.2009 14:24:00
System Uptime: 19.03.2012 01:31:55 (0 hours ago)
.
Motherboard: ASRock | | G31M-GS
Processor: Pentium(R) Dual-Core CPU E6300 @ 2.80GHz | CPUSocket | 2743/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 18,452 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7,423 GiB free.
E: is FIXED (NTFS) - 402 GiB total, 109,404 GiB free.
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Photoshop CS5
Adobe Reader X (10.1.0) - Deutsch
Adobe Shockwave Player 11.5
Advanced PDF Password Recovery
Anti-reCAPTCHA v3.02 JD
ASIO4ALL
Audacity 1.3.13 (Unicode)
Aurora SVG Viewer & Converter version 11.5
Auto Gordian Knot 2.55
Avira Free Antivirus
Blogger Backup Utility
BMWi-Businessplaner Fuehren
BMWi-Businessplaner Gründung
BMWi-Softwarepaket 10
BMWi Updater
CanoScan Toolbox Ver4.9
CDBurnerXP
Condition Zero
Condition Zero Deleted Scenes
Counter-Strike
CS_Manager
DHTML Editing Component
DivX-Setup
DivX Plus DirectShow Filters
DVD Decrypter (Remove Only)
ElsterFormular für Privatanwender
erLT
EssentialFax
EVEREST Home Edition v2.20
FinePixViewer Resource
FinePixViewer Ver.5.5
FinePixViewer YTUPL
FL Studio 9
Foxit PDF Editor
Frontschweine
GIMP 2.6.7
Google Earth
Google Earth Plug-in
Google Update Helper
GTK+ Runtime 2.14.7 rev a (nur entfernen)
Hardcore
HLSW v1.3.2.1
IL Download Manager
ImgBurn
Inkscape 0.48.1
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 30
JDownloader
Joe
LAME v3.98.2 for Audacity
linguatec Voice Reader
Logitech SetPoint
Lost Horizon
MAGIX Video deluxe 16 Premium 9.0.0.54 (D)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MozBackup 1.5.1
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (3.0)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MyPhoneExplorer
NVIDIA GAME System Software 2.8.1
OpenAL
OpenOffice.org 3.2
PartyPoker
PDF Settings CS5
PDFCreator
PersonalFax 1.65
PG Music DirectX Plugins 2.0.0.0
Picasa 3
Pidgin
PixiePack Codec Pack
PoiZone
ProtectDisc Driver, Version 11
Python 2.7.1
QuickTime Alternative 3.2.2
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
REAPER
redist
Samsung New PC Studio
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
SIW version 2011.10.29
Skype™ 5.5
SMPlayer 0.6.9
Steam
StreamTorrent 1.0
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
TeamViewer 6
TIPP10 Version 2.1.0
TMPGEnc Authoring Works 4
Total Commander (Remove or Repair)
Toxic Biohazard
TrueCrypt
Turbo Lister 2
Ubuntu
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.10
VobSub v2.23 (Remove Only)
Winamp
Windows Media Player Firefox Plugin
WUSB54GC
XviD MPEG4 Video Codec (remove only)
Zattoo4 4.0.5
.
==== End Of File ===========================
|
|
19.03.2012, 12:21
| #2 |
| /// Malware-holic   | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 hi,
__________________welche fehlermeldungen traten zusätzlich auf, ich möchte sie von deinem pc sehen bitte. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
19.03.2012, 13:10
| #3 |
| | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 Hallo markusg,
__________________vielen Dank, dass du dich meinem Problem angenommen hast. Im Anhang habe ich eine Bilddatei beigefügt, auf der die Fehrlermeldungen zu sehen sind, die kurz nach Systemstart auftreten. Die Meldung oben links kommt ein paar Sekunden verzögert. OTL hat nur ein Logfile produziert: Code:
ATTFilter OTL logfile created on: 19.03.2012 12:40:08 - Run 2 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\myo\Desktop\Trojaner Logs 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,45 Gb Available Physical Memory | 86,30% Memory free 8,00 Gb Paging File | 7,48 Gb Available in Paging File | 93,49% Paging File free Paging file location(s): e:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 49,35 Gb Total Space | 18,98 Gb Free Space | 38,45% Space Free | Partition Type: NTFS Drive D: | 14,65 Gb Total Space | 7,42 Gb Free Space | 50,67% Space Free | Partition Type: NTFS Drive E: | 401,76 Gb Total Space | 208,13 Gb Free Space | 51,80% Space Free | Partition Type: NTFS Computer Name: MYOHO | User Name: Ho | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\myo\Desktop\Trojaner Logs\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccess) -- d:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (SOURCENEXT) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (GtDetectSc) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV) SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\BRSVC01A.EXE (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (s816mdm) -- C:\Windows\SysNative\drivers\s816mdm.sys (MCCI Corporation) DRV:64bit: - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\SysNative\drivers\s816unic.sys (MCCI) DRV:64bit: - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s816mgmt.sys (MCCI Corporation) DRV:64bit: - (s816obex) -- C:\Windows\SysNative\drivers\s816obex.sys (MCCI Corporation) DRV:64bit: - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\SysNative\drivers\s816bus.sys (MCCI Corporation) DRV:64bit: - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\SysNative\drivers\s816nd5.sys (MCCI Corporation) DRV:64bit: - (s816mdfl) -- C:\Windows\SysNative\drivers\s816mdfl.sys (MCCI Corporation) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (DrmCAudio) -- C:\Windows\SysNative\drivers\DrmCAudio.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys () DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation) DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\drivers\Gt51Ip.sys (Option N.V.) DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\drivers\gt72ubus.sys (Option N.V.) DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\drivers\gtptser.sys (Option N.V.) DRV:64bit: - (PAC7311) -- C:\Windows\SysNative\drivers\PA707UCM.SYS (PixArt Imaging Inc.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: d:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: e:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: D:\Program Files (x86)\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: D:\Program Files (x86)\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Program Files (x86)\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.07.22 14:29:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.15 14:53:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.15 14:53:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 22:30:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: d:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.08 20:28:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.25 11:06:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.12.20 20:14:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\support@easy-hide-ip.com: d:\Program Files (x86)\Easy-Hide-IP\ff-extension [2010.03.04 18:24:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ho\AppData\Roaming\mozilla\Extensions [2010.03.04 18:24:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ho\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.04.08 20:41:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ho\AppData\Roaming\mozilla\Sunbird\Profiles\quz7f7yf.default\extensions [2010.04.08 20:41:32 | 000,000,000 | -H-D | M] (MyPhoneExplorer) -- C:\Users\Ho\AppData\Roaming\mozilla\Sunbird\Profiles\quz7f7yf.default\extensions\myphoneexplorer@fjsoft.at [2011.02.24 20:10:29 | 000,000,000 | ---D | M] (No name found) -- D:\PROGRAM FILES (X86)\MOZILLA SUNBIRD\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103} File not found (No name found) -- D:\PROGRAM FILES (X86)\MOZILLA SUNBIRD\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG File not found (No name found) -- D:\PROGRAM FILES (X86)\MOZILLA SUNBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG O1 HOSTS File: ([2011.08.16 06:56:19 | 000,001,082 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 74.208.105.171 gs.apple.com O1 - Hosts: 74.208.10.249 gs.apple.com O1 - Hosts: 127.255.255.255 www.mobile-master.de mobile-master.de O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 www.google-analytics.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex File not found O4 - HKCU..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyGaming\PartyPoker\RunApp.exe () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3BE1494-EA54-4DA6-8895-4CADAF2FD5F2}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE8B9136-4379-4E79-99BE-7613669E724A}: DhcpNameServer = 213.191.74.19 62.109.123.197 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {621FCD24-4498-4324-A81E-07D331376EDF} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - D:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: DNS7reminder - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Easy-Hide-IP - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Essential Fax Print Controller - hkey= - key= - C:\Program Files (x86)\EssentialFax\essfaxcontrol.exe () MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - StartUpReg: TrayServer - hkey= - key= - E:\Program Files (x86)\MAGIX\Video_deluxe_16_Premium\Trayserver.exe (MAGIX AG) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.19 09:58:56 | 000,000,000 | ---D | C] -- C:\.Trash-1000 [2012.03.19 00:41:29 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.03.15 17:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec [2012.03.05 19:47:56 | 000,331,136 | ---- | C] (Mirko Böer) -- C:\Windows\PFUn.EXE [2012.03.05 19:47:55 | 000,000,000 | -H-D | C] -- C:\Users\Ho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PersonalFax [2012.03.05 12:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt [2012.03.05 12:42:11 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012.02.23 08:29:16 | 000,000,000 | -H-D | C] -- C:\Users\Ho\AppData\Roaming\pdfforge [2012.02.23 08:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.02.21 17:24:55 | 000,000,000 | -H-D | C] -- C:\Users\Ho\.VirtualBox [2012.02.21 16:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2012.02.19 17:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\designer [2012.02.19 17:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tesseract-OCR [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\Ho\*.tmp files -> C:\Users\Ho\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.19 12:38:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.19 12:38:28 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.19 12:38:28 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.19 12:38:28 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.19 12:38:28 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.19 12:34:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.19 12:33:58 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.03.19 12:33:14 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.19 12:33:13 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.19 12:30:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.19 01:35:56 | 000,000,020 | ---- | M] () -- C:\Users\Ho\defogger_reenable [2012.03.18 22:32:20 | 000,448,512 | -H-- | M] ( ) -- C:\ProgramData\IkEJJmteVRTh.exe [2012.03.18 22:13:06 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.18 22:12:19 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3880435414-3585075777-220885001-1001UA.job [2012.03.18 20:12:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3880435414-3585075777-220885001-1001Core.job [2012.03.18 08:18:04 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.03.15 05:09:53 | 004,994,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.05 19:48:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\FaxMan [2012.03.05 19:47:56 | 000,003,020 | R--- | M] () -- C:\Windows\PersonalFax_Uninstall.in [2012.03.05 12:42:11 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012.02.21 15:28:37 | 000,134,975 | ---- | M] () -- C:\wubildr [2012.02.21 15:13:04 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\Ho\*.tmp files -> C:\Users\Ho\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.19 01:35:55 | 000,000,020 | ---- | C] () -- C:\Users\Ho\defogger_reenable [2012.03.18 22:35:26 | 000,448,512 | -H-- | C] ( ) -- C:\ProgramData\IkEJJmteVRTh.exe [2012.03.18 08:18:04 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.03.05 19:48:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\FaxMan [2012.03.05 19:47:56 | 000,003,020 | R--- | C] () -- C:\Windows\PersonalFax_Uninstall.in [2012.02.21 15:28:37 | 000,134,975 | ---- | C] () -- C:\wubildr [2012.02.21 15:13:04 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr [2012.02.21 14:50:09 | 729,067,520 | ---- | C] () -- C:\ubuntu-11.10-desktop-i386.iso [2012.02.08 20:19:18 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.10.31 18:42:30 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2011.03.27 19:26:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.11.30 21:03:56 | 000,003,584 | -H-- | C] () -- C:\Users\Ho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.29 16:42:52 | 000,017,408 | -H-- | C] () -- C:\Users\Ho\AppData\Local\WebpageIcons.db [2010.05.09 01:56:49 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe ========== LOP Check ========== [2010.05.03 19:29:17 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\.purple [2011.07.07 15:32:25 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Advanced Font Viewer [2010.01.09 13:19:52 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Anvil Studio [2011.11.09 19:54:18 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\DAEMON Tools Lite [2011.11.09 19:54:18 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\DAEMON Tools Pro [2012.03.18 08:18:50 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\elsterformular [2010.08.05 09:03:35 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\FUJIFILM [2009.11.18 01:06:55 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\ImgBurn [2011.07.10 08:06:16 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\inkscape [2010.01.23 21:33:55 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Leadertech [2011.12.02 14:33:48 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\MyPhoneExplorer [2010.02.14 15:18:03 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Notation [2011.10.31 18:49:44 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Notepad++ [2010.07.31 16:59:36 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Nuance [2012.02.23 08:29:16 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\pdfforge [2010.09.03 18:36:07 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Samsung [2009.12.08 21:27:56 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Screaming Bee [2010.09.19 13:21:55 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Spamihilator [2010.03.04 18:24:01 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Thunderbird [2011.05.25 13:25:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.08.05 15:56:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.03.19 09:58:56 | 000,000,000 | ---D | M] -- C:\.Trash-1000 [2011.03.27 19:36:36 | 000,000,000 | ---D | M] -- C:\2011-03-27 [2011.02.23 19:45:00 | 000,000,000 | -HSD | M] -- C:\Boot [2009.10.27 15:38:13 | 000,000,000 | -H-D | M] -- C:\CanoScan [2011.06.25 21:30:40 | 000,000,000 | ---D | M] -- C:\Converted [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.10.27 14:28:21 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.10.27 15:33:46 | 000,000,000 | ---D | M] -- C:\Intel [2012.03.19 00:48:14 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0 [2010.01.05 16:25:35 | 000,000,000 | ---D | M] -- C:\Magix [2011.07.03 17:00:12 | 000,000,000 | ---D | M] -- C:\olgames [2010.11.02 11:22:40 | 000,000,000 | ---D | M] -- C:\PDFOCR_Output [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.20 20:16:27 | 000,000,000 | R--D | M] -- C:\Program Files [2012.02.19 17:15:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.03.18 22:35:26 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.10.27 14:28:21 | 000,000,000 | -HSD | M] -- C:\Programme [2009.10.27 14:28:22 | 000,000,000 | -HSD | M] -- C:\Recovery [2010.10.29 02:20:28 | 000,000,000 | ---D | M] -- C:\Spiele [2012.03.19 01:31:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.02 19:00:26 | 000,000,000 | R--D | M] -- C:\Users [2012.03.19 00:20:24 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011.07.10 17:34:10 | 000,001,295 | -H-- | M] () -- C:\Users\Ho\.recently-used.xbel [2012.03.19 01:35:56 | 000,000,020 | ---- | M] () -- C:\Users\Ho\defogger_reenable [2012.03.19 12:38:56 | 001,835,008 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT [2012.03.19 12:38:56 | 000,262,144 | -HS- | M] () -- C:\Users\Ho\ntuser.dat.LOG1 [2009.11.13 01:45:29 | 000,000,000 | -HS- | M] () -- C:\Users\Ho\ntuser.dat.LOG2 [2009.11.13 01:45:30 | 000,065,536 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2009.11.13 01:45:30 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2009.11.13 01:45:30 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2009.12.08 22:58:22 | 000,065,536 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{1a1f079c-e444-11de-be38-001966e11ce0}.TM.blf [2009.12.08 22:58:22 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{1a1f079c-e444-11de-be38-001966e11ce0}.TMContainer00000000000000000001.regtrans-ms [2009.12.08 22:58:22 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{1a1f079c-e444-11de-be38-001966e11ce0}.TMContainer00000000000000000002.regtrans-ms [2009.11.24 18:22:50 | 000,065,536 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{23ee550e-d84f-11de-8db1-001966e11ce0}.TM.blf [2009.11.24 18:22:50 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{23ee550e-d84f-11de-8db1-001966e11ce0}.TMContainer00000000000000000001.regtrans-ms [2009.11.24 18:22:50 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{23ee550e-d84f-11de-8db1-001966e11ce0}.TMContainer00000000000000000002.regtrans-ms [2009.12.23 11:48:27 | 000,065,536 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{9be74a8b-e827-11de-a7f3-001966e11ce0}.TM.blf [2009.12.23 11:48:27 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{9be74a8b-e827-11de-a7f3-001966e11ce0}.TMContainer00000000000000000001.regtrans-ms [2009.12.23 11:48:27 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{9be74a8b-e827-11de-a7f3-001966e11ce0}.TMContainer00000000000000000002.regtrans-ms [2009.12.10 12:19:50 | 000,065,536 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{ec89a9ac-e57c-11de-be7f-001966e11ce0}.TM.blf [2009.12.10 12:19:50 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{ec89a9ac-e57c-11de-be7f-001966e11ce0}.TMContainer00000000000000000001.regtrans-ms [2009.12.10 12:19:50 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{ec89a9ac-e57c-11de-be7f-001966e11ce0}.TMContainer00000000000000000002.regtrans-ms [2009.11.13 01:45:29 | 000,000,020 | -HS- | M] () -- C:\Users\Ho\ntuser.ini [2010.04.23 20:05:32 | 000,000,016 | -H-- | M] () -- C:\Users\Ho\persistent_state [2 C:\Users\Ho\*.tmp files -> C:\Users\Ho\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:9B013599 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F35A93AD @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D43E156 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:50DD4118 < End of report > |
|
19.03.2012, 13:13
| #4 |
| /// Malware-holic | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 hi ich brauch die meldung mal bitte als text, danke.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.03.2012, 13:33
| #5 |
| | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 Ein der vielen Fehlermeldungen hat folgenden Text: Code:
ATTFilter Windows - Delayed Write Failed
Failed to save alle the components for the file \\System32\000015b0. The file is corrupted or unreadable. This error may be caused by a PC hardware problem.
Die spätere Meldung hat folgenden Inhalt: Code:
ATTFilter Microsoft Windows
Windows detected a hard disk problem
A potential disk failure may caue loss of files, applications and documents stored on the hard disk. It's highly recommended to scan and solve HDD problems beore continue using this PC.
--> Scan and fix (recommended)
Prevents future problems with files stored on this disk or device.
--> Delay scan
Your computer will be restarted
Ich bin grad immer etwas ängstlich, dass infizierte System im normalen Modus zu starten. Macht das nichts aus? |
|
19.03.2012, 13:36
| #6 |
| /// Malware-holic | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 du bist doch im moment im abgesicherten modus mit netzwerk. bist du da im betroffenen konto angemeldet gewesen? falls nein, mach das mal bitte und erstelle die otl logs von dort aus
__________________ --> Ein neuer Fall von TR\Crypt.XPACK.Gen.3 |
|
19.03.2012, 13:49
| #7 |
| | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 Als ich OTL hab laufen lassen, war ich unter Windows mit dem betroffenen Konto im abgesicherten Modus mit Netzwerktreibern angemeldet, habe OTL aber als Administrator ausgeführt. Geändert von Beagles (19.03.2012 um 14:02 Uhr) |
|
19.03.2012, 14:33
| #8 |
| /// Malware-holic | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 lade unhide: Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren. Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.03.2012, 15:25
| #9 |
| | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 Unhide habe ich erfolgreich ausgeführt. Combofix hat kurz nach seinem Scan den Rechner neu gestartet. Ich habe dann den Windows im normalen Modus gebootet und Combofix öffnete ein Fenster, schloss es, öffnete ein neues, schloss es usw. Bald gesellten sich die altbekannten Fehlermeldungen dazu, der Desktop wurde ein Flackerfeuerwerk, die CPU wurde maximal genutzt und Windows meldete überfüllten RAM. Ich meldete mich mit Affengriff ab und startete im abgesicherten Modus neu. Eine C:\Combofix.txt exisitiert nicht. Dies ist der Inhalt der C:\ComboFix\ComboFix.txt: Code:
ATTFilter ComboFix 12-03-18.04 - Ho 19.03.2012 15:07:14.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4095.3099 [GMT 1:00]
ausgeführt von:: C:\Users\myo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
Geändert von Beagles (19.03.2012 um 15:35 Uhr) |
|
19.03.2012, 16:40
| #10 |
| /// Malware-holic | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 lass combofix im abgesicherten modus starten, melde dich, wenn combofix neustartet, wieder im selben konto im abgesicherten modus an. dann sollte es gehen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.03.2012, 17:28
| #11 |
| | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 Habe im abgesicherten Modus mit dem Benutzerkonto "ho" Combofix über die Combofix.exe auf dem Desktop gestartet. Combofix hat bis Stufe 50 nach infizierten Dateien gesucht und dann für eine halbe Sekunde den Neustart angekündigt. Im Bootmenü habe ich wieder den abgesicherten Modus (immer mit Netzwerktreibern) gewählt und mich wieder mit dem Benutzerkonto "ho" angemeldet. Automatisch hat sich nichts gestartet, eine Combofix.txt existiert unter c:\ nicht. Ich habe Combofix über die Combofix.exe auf dem Desktop gestartet. Combofix hat bis Stufe 50 nach infizierten Dateien gesucht und dann für eine halbe Sekunde den Neustart angekündigt. Im Bootmenü habe ich wieder den abgesicherten Modus (immer mit Netzwerktreibern) gewählt und mich wieder mit dem Benutzerkonto "ho" angemeldet. Automatisch hat sich nichts gestartet, eine Combofix.txt existiert unter c:\ nicht. Ist ne Schleife. Die Combofix.txt unter c:\combofix\ ist auch noch immer unverändert und wie zuvor gepostet. |
|
19.03.2012, 18:05
| #12 |
| /// Malware-holic | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.03.2012, 18:25
| #13 |
| | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 tdss killer report: Code:
ATTFilter 18:21:58.0410 1372 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:21:58.0847 1372 ============================================================
18:21:58.0847 1372 Current date / time: 2012/03/19 18:21:58.0847
18:21:58.0847 1372 SystemInfo:
18:21:58.0847 1372
18:21:58.0847 1372 OS Version: 6.1.7601 ServicePack: 1.0
18:21:58.0847 1372 Product type: Workstation
18:21:58.0847 1372 ComputerName: MYOHO
18:21:58.0847 1372 UserName: Ho
18:21:58.0847 1372 Windows directory: C:\Windows
18:21:58.0847 1372 System windows directory: C:\Windows
18:21:58.0847 1372 Running under WOW64
18:21:58.0847 1372 Processor architecture: Intel x64
18:21:58.0847 1372 Number of processors: 2
18:21:58.0847 1372 Page size: 0x1000
18:21:58.0847 1372 Boot type: Safe boot with network
18:21:58.0847 1372 ============================================================
18:22:00.0050 1372 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:22:00.0066 1372 \Device\Harddisk0\DR0:
18:22:00.0066 1372 MBR used
18:22:00.0066 1372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x62B22D2
18:22:00.0082 1372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x62B3800, BlocksNum 0x1D4B800
18:22:00.0082 1372 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7FFF000, BlocksNum 0x32386800
18:22:00.0160 1372 Initialize success
18:22:00.0160 1372 ============================================================
18:22:13.0035 1748 ============================================================
18:22:13.0035 1748 Scan started
18:22:13.0035 1748 Mode: Manual; SigCheck; TDLFS;
18:22:13.0035 1748 ============================================================
18:22:14.0003 1748 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:22:14.0269 1748 1394ohci - ok
18:22:14.0378 1748 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
18:22:14.0863 1748 acedrv11 - ok
18:22:14.0925 1748 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:22:14.0941 1748 ACPI - ok
18:22:14.0988 1748 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:22:15.0050 1748 AcpiPmi - ok
18:22:15.0097 1748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:22:15.0113 1748 adp94xx - ok
18:22:15.0144 1748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:22:15.0144 1748 adpahci - ok
18:22:15.0160 1748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:22:15.0175 1748 adpu320 - ok
18:22:15.0238 1748 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:22:15.0269 1748 AFD - ok
18:22:15.0347 1748 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
18:22:15.0394 1748 AgereSoftModem - ok
18:22:15.0425 1748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:22:15.0425 1748 agp440 - ok
18:22:15.0457 1748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:22:15.0472 1748 aliide - ok
18:22:15.0488 1748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:22:15.0488 1748 amdide - ok
18:22:15.0519 1748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:22:15.0566 1748 AmdK8 - ok
18:22:15.0582 1748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:22:15.0613 1748 AmdPPM - ok
18:22:15.0644 1748 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:22:15.0644 1748 amdsata - ok
18:22:15.0660 1748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:22:15.0675 1748 amdsbs - ok
18:22:15.0707 1748 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:22:15.0707 1748 amdxata - ok
18:22:15.0785 1748 AnyDVD (7e9b3ae62c0d9cfda16f2d97f939a7b1) C:\Windows\system32\Drivers\AnyDVD.sys
18:22:15.0785 1748 AnyDVD - ok
18:22:15.0832 1748 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:22:15.0941 1748 AppID - ok
18:22:16.0019 1748 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:22:16.0035 1748 arc - ok
18:22:16.0050 1748 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:22:16.0050 1748 arcsas - ok
18:22:16.0082 1748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:22:16.0175 1748 AsyncMac - ok
18:22:16.0207 1748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:22:16.0207 1748 atapi - ok
18:22:16.0269 1748 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
18:22:16.0269 1748 atksgt - ok
18:22:16.0316 1748 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:22:16.0332 1748 avgntflt - ok
18:22:16.0363 1748 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
18:22:16.0363 1748 avipbb - ok
18:22:16.0378 1748 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:22:16.0394 1748 avkmgr - ok
18:22:16.0425 1748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:22:16.0457 1748 b06bdrv - ok
18:22:16.0488 1748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:22:16.0535 1748 b57nd60a - ok
18:22:16.0597 1748 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:22:16.0628 1748 Beep - ok
18:22:16.0691 1748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:22:16.0707 1748 blbdrive - ok
18:22:16.0722 1748 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:22:16.0753 1748 bowser - ok
18:22:16.0769 1748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:22:16.0816 1748 BrFiltLo - ok
18:22:16.0832 1748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:22:16.0832 1748 BrFiltUp - ok
18:22:16.0878 1748 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:22:16.0910 1748 BridgeMP - ok
18:22:16.0941 1748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:22:16.0957 1748 Brserid - ok
18:22:16.0972 1748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:22:16.0988 1748 BrSerWdm - ok
18:22:17.0003 1748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:22:17.0035 1748 BrUsbMdm - ok
18:22:17.0050 1748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:22:17.0066 1748 BrUsbSer - ok
18:22:17.0082 1748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:22:17.0097 1748 BTHMODEM - ok
18:22:17.0222 1748 catchme - ok
18:22:17.0285 1748 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:22:17.0332 1748 cdfs - ok
18:22:17.0347 1748 cdrbsdrv - ok
18:22:17.0394 1748 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:22:17.0410 1748 cdrom - ok
18:22:17.0457 1748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:22:17.0472 1748 circlass - ok
18:22:17.0503 1748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:22:17.0519 1748 CLFS - ok
18:22:17.0550 1748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:22:17.0566 1748 CmBatt - ok
18:22:17.0582 1748 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:22:17.0597 1748 cmdide - ok
18:22:17.0628 1748 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:22:17.0660 1748 CNG - ok
18:22:17.0675 1748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:22:17.0691 1748 Compbatt - ok
18:22:17.0722 1748 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:22:17.0753 1748 CompositeBus - ok
18:22:17.0769 1748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:22:17.0785 1748 crcdisk - ok
18:22:17.0816 1748 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:22:17.0863 1748 CSC - ok
18:22:17.0910 1748 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:22:17.0941 1748 DfsC - ok
18:22:17.0972 1748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:22:18.0003 1748 discache - ok
18:22:18.0035 1748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:22:18.0035 1748 Disk - ok
18:22:18.0082 1748 DrmCAudio (f3bc19b53c752434d25207deb3393f39) C:\Windows\system32\drivers\DrmCAudio.sys
18:22:18.0097 1748 DrmCAudio - ok
18:22:18.0128 1748 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:22:18.0144 1748 drmkaud - ok
18:22:18.0207 1748 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:22:18.0222 1748 DXGKrnl - ok
18:22:18.0285 1748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:22:18.0363 1748 ebdrv - ok
18:22:18.0441 1748 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:22:18.0457 1748 ElbyCDIO - ok
18:22:18.0488 1748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:22:18.0503 1748 elxstor - ok
18:22:18.0535 1748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:22:18.0566 1748 ErrDev - ok
18:22:18.0597 1748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:22:18.0628 1748 exfat - ok
18:22:18.0644 1748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:22:18.0675 1748 fastfat - ok
18:22:18.0707 1748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:22:18.0769 1748 fdc - ok
18:22:18.0800 1748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:22:18.0800 1748 FileInfo - ok
18:22:18.0816 1748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:22:18.0847 1748 Filetrace - ok
18:22:18.0863 1748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:22:18.0878 1748 flpydisk - ok
18:22:18.0925 1748 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:22:18.0941 1748 FltMgr - ok
18:22:18.0957 1748 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:22:18.0957 1748 FsDepends - ok
18:22:18.0988 1748 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:18.0988 1748 Fs_Rec - ok
18:22:19.0050 1748 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:22:19.0066 1748 fvevol - ok
18:22:19.0082 1748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:22:19.0097 1748 gagp30kx - ok
18:22:19.0128 1748 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
18:22:19.0128 1748 ggflt - ok
18:22:19.0144 1748 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
18:22:19.0144 1748 ggsemc - ok
18:22:19.0160 1748 GMSIPCI - ok
18:22:19.0191 1748 GT72NDISIPXP (e69d3bff7ae9c6d33419a80e13692c2f) C:\Windows\system32\DRIVERS\Gt51Ip.sys
18:22:19.0222 1748 GT72NDISIPXP - ok
18:22:19.0253 1748 GT72UBUS (7e1ef45f4287614ac48e5ad7b5b46d70) C:\Windows\system32\DRIVERS\gt72ubus.sys
18:22:19.0269 1748 GT72UBUS - ok
18:22:19.0300 1748 GTPTSER (261cd8a73e74b496c29007ea761cda05) C:\Windows\system32\DRIVERS\gtptser.sys
18:22:19.0332 1748 GTPTSER - ok
18:22:19.0457 1748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:22:19.0488 1748 hcw85cir - ok
18:22:19.0519 1748 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:22:19.0535 1748 HdAudAddService - ok
18:22:19.0582 1748 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:22:19.0597 1748 HDAudBus - ok
18:22:19.0628 1748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:22:19.0644 1748 HidBatt - ok
18:22:19.0660 1748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:22:19.0691 1748 HidBth - ok
18:22:19.0707 1748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:22:19.0722 1748 HidIr - ok
18:22:19.0769 1748 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:19.0785 1748 HidUsb - ok
18:22:19.0816 1748 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:22:19.0816 1748 HpSAMD - ok
18:22:19.0863 1748 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:22:19.0910 1748 HTTP - ok
18:22:19.0957 1748 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:22:19.0957 1748 hwpolicy - ok
18:22:19.0988 1748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:22:20.0003 1748 i8042prt - ok
18:22:20.0035 1748 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:22:20.0050 1748 iaStorV - ok
18:22:20.0082 1748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:22:20.0082 1748 iirsp - ok
18:22:20.0160 1748 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
18:22:20.0207 1748 IntcAzAudAddService - ok
18:22:20.0222 1748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:22:20.0238 1748 intelide - ok
18:22:20.0253 1748 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:20.0269 1748 intelppm - ok
18:22:20.0300 1748 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:20.0332 1748 IpFilterDriver - ok
18:22:20.0363 1748 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:22:20.0363 1748 IPMIDRV - ok
18:22:20.0378 1748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:22:20.0425 1748 IPNAT - ok
18:22:20.0457 1748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:22:20.0488 1748 IRENUM - ok
18:22:20.0519 1748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:22:20.0519 1748 isapnp - ok
18:22:20.0535 1748 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:22:20.0550 1748 iScsiPrt - ok
18:22:20.0566 1748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:22:20.0582 1748 kbdclass - ok
18:22:20.0613 1748 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:22:20.0644 1748 kbdhid - ok
18:22:20.0675 1748 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:22:20.0691 1748 KSecDD - ok
18:22:20.0707 1748 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:22:20.0722 1748 KSecPkg - ok
18:22:20.0753 1748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:22:20.0800 1748 ksthunk - ok
18:22:20.0832 1748 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:22:20.0847 1748 LHidFilt - ok
18:22:20.0878 1748 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
18:22:20.0894 1748 lirsgt - ok
18:22:20.0925 1748 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:20.0957 1748 lltdio - ok
18:22:20.0988 1748 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:22:21.0003 1748 LMouFilt - ok
18:22:21.0019 1748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:22:21.0035 1748 LSI_FC - ok
18:22:21.0050 1748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:22:21.0066 1748 LSI_SAS - ok
18:22:21.0082 1748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:22:21.0097 1748 LSI_SAS2 - ok
18:22:21.0113 1748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:22:21.0113 1748 LSI_SCSI - ok
18:22:21.0144 1748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:22:21.0175 1748 luafv - ok
18:22:21.0191 1748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:22:21.0207 1748 megasas - ok
18:22:21.0222 1748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:22:21.0238 1748 MegaSR - ok
18:22:21.0269 1748 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:22:21.0300 1748 Modem - ok
18:22:21.0332 1748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:22:21.0363 1748 monitor - ok
18:22:21.0394 1748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:22:21.0410 1748 mouclass - ok
18:22:21.0441 1748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:21.0457 1748 mouhid - ok
18:22:21.0488 1748 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:22:21.0488 1748 mountmgr - ok
18:22:21.0519 1748 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:22:21.0535 1748 mpio - ok
18:22:21.0550 1748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:22:21.0582 1748 mpsdrv - ok
18:22:21.0613 1748 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:22:21.0660 1748 MRxDAV - ok
18:22:21.0691 1748 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:21.0722 1748 mrxsmb - ok
18:22:21.0753 1748 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:21.0769 1748 mrxsmb10 - ok
18:22:21.0800 1748 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:21.0816 1748 mrxsmb20 - ok
18:22:21.0847 1748 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:22:21.0847 1748 msahci - ok
18:22:21.0878 1748 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:22:21.0894 1748 msdsm - ok
18:22:21.0925 1748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:22:21.0957 1748 Msfs - ok
18:22:21.0972 1748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:22:22.0019 1748 mshidkmdf - ok
18:22:22.0050 1748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:22:22.0066 1748 msisadrv - ok
18:22:22.0097 1748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:22.0128 1748 MSKSSRV - ok
18:22:22.0128 1748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:22.0175 1748 MSPCLOCK - ok
18:22:22.0175 1748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:22:22.0222 1748 MSPQM - ok
18:22:22.0253 1748 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:22:22.0269 1748 MsRPC - ok
18:22:22.0300 1748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:22:22.0316 1748 mssmbios - ok
18:22:22.0332 1748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:22:22.0378 1748 MSTEE - ok
18:22:22.0394 1748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:22:22.0410 1748 MTConfig - ok
18:22:22.0441 1748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:22:22.0441 1748 Mup - ok
18:22:22.0488 1748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:22.0503 1748 NativeWifiP - ok
18:22:22.0535 1748 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:22:22.0566 1748 NDIS - ok
18:22:22.0582 1748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:22:22.0613 1748 NdisCap - ok
18:22:22.0628 1748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:22.0675 1748 NdisTapi - ok
18:22:22.0707 1748 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:22.0738 1748 Ndisuio - ok
18:22:22.0769 1748 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:22.0800 1748 NdisWan - ok
18:22:22.0832 1748 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:22:22.0878 1748 NDProxy - ok
18:22:22.0894 1748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:22:22.0925 1748 NetBIOS - ok
18:22:22.0957 1748 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:22:23.0003 1748 NetBT - ok
18:22:23.0050 1748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:22:23.0050 1748 nfrd960 - ok
18:22:23.0082 1748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:22:23.0113 1748 Npfs - ok
18:22:23.0128 1748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:22:23.0160 1748 nsiproxy - ok
18:22:23.0222 1748 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:22:23.0253 1748 Ntfs - ok
18:22:23.0285 1748 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:22:23.0316 1748 Null - ok
18:22:23.0519 1748 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:22:23.0785 1748 nvlddmkm - ok
18:22:23.0816 1748 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:22:23.0816 1748 nvraid - ok
18:22:23.0847 1748 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:22:23.0863 1748 nvstor - ok
18:22:23.0910 1748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:22:23.0910 1748 nv_agp - ok
18:22:23.0941 1748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:22:23.0957 1748 ohci1394 - ok
18:22:24.0003 1748 PAC7311 (7c13fb24315fd6d2894f2e41e8276183) C:\Windows\system32\DRIVERS\PA707UCM.SYS
18:22:24.0035 1748 PAC7311 - ok
18:22:24.0066 1748 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:22:24.0082 1748 Parport - ok
18:22:24.0113 1748 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:22:24.0113 1748 partmgr - ok
18:22:24.0144 1748 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:22:24.0160 1748 pci - ok
18:22:24.0191 1748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:22:24.0191 1748 pciide - ok
18:22:24.0222 1748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:22:24.0238 1748 pcmcia - ok
18:22:24.0253 1748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:22:24.0253 1748 pcw - ok
18:22:24.0285 1748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:22:24.0316 1748 PEAUTH - ok
18:22:24.0394 1748 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:22:24.0425 1748 PptpMiniport - ok
18:22:24.0425 1748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:22:24.0457 1748 Processor - ok
18:22:24.0503 1748 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:22:24.0535 1748 Psched - ok
18:22:24.0582 1748 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:22:24.0628 1748 ql2300 - ok
18:22:24.0644 1748 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:22:24.0644 1748 ql40xx - ok
18:22:24.0660 1748 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:22:24.0691 1748 QWAVEdrv - ok
18:22:24.0707 1748 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:22:24.0738 1748 RasAcd - ok
18:22:24.0769 1748 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:22:24.0800 1748 RasAgileVpn - ok
18:22:24.0832 1748 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:24.0863 1748 Rasl2tp - ok
18:22:24.0878 1748 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:24.0925 1748 RasPppoe - ok
18:22:24.0941 1748 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:22:24.0988 1748 RasSstp - ok
18:22:25.0019 1748 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:22:25.0050 1748 rdbss - ok
18:22:25.0082 1748 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:22:25.0097 1748 rdpbus - ok
18:22:25.0113 1748 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:25.0144 1748 RDPCDD - ok
18:22:25.0191 1748 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:22:25.0207 1748 RDPDR - ok
18:22:25.0238 1748 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:22:25.0269 1748 RDPENCDD - ok
18:22:25.0285 1748 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:22:25.0316 1748 RDPREFMP - ok
18:22:25.0363 1748 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:22:25.0378 1748 RdpVideoMiniport - ok
18:22:25.0410 1748 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:22:25.0441 1748 RDPWD - ok
18:22:25.0488 1748 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:22:25.0488 1748 rdyboost - ok
18:22:25.0550 1748 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
18:22:25.0550 1748 Revoflt - ok
18:22:25.0597 1748 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:22:25.0644 1748 rspndr - ok
18:22:25.0675 1748 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:22:25.0691 1748 RTL8167 - ok
18:22:25.0738 1748 RTL8187B (f70a9384917659a4c5ef30f0f4ec484d) C:\Windows\system32\DRIVERS\RTL8187B.sys
18:22:25.0769 1748 RTL8187B - ok
18:22:25.0800 1748 s0016bus (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
18:22:25.0800 1748 s0016bus - ok
18:22:25.0847 1748 s0016mdfl (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
18:22:25.0847 1748 s0016mdfl - ok
18:22:25.0863 1748 s0016mdm (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
18:22:25.0863 1748 s0016mdm - ok
18:22:25.0894 1748 s0016mgmt (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
18:22:25.0910 1748 s0016mgmt - ok
18:22:25.0925 1748 s0016nd5 (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
18:22:25.0925 1748 s0016nd5 - ok
18:22:25.0957 1748 s0016obex (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
18:22:25.0957 1748 s0016obex - ok
18:22:26.0003 1748 s0016unic (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
18:22:26.0019 1748 s0016unic - ok
18:22:26.0035 1748 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:22:26.0066 1748 s3cap - ok
18:22:26.0113 1748 s816bus (81f778d9f3f71f48f498ca1f773d1539) C:\Windows\system32\DRIVERS\s816bus.sys
18:22:26.0113 1748 s816bus - ok
18:22:26.0160 1748 s816mdfl (3f4e14192b72a148dd508329e04affd4) C:\Windows\system32\DRIVERS\s816mdfl.sys
18:22:26.0160 1748 s816mdfl - ok
18:22:26.0175 1748 s816mdm (17a29b53dfd7e9cd8043b7adadb83f22) C:\Windows\system32\DRIVERS\s816mdm.sys
18:22:26.0175 1748 s816mdm - ok
18:22:26.0207 1748 s816mgmt (f9ba1c5df3854d36ea1f7086feb97643) C:\Windows\system32\DRIVERS\s816mgmt.sys
18:22:26.0222 1748 s816mgmt - ok
18:22:26.0253 1748 s816nd5 (0323c1accd67844304d69e6bfd93e52d) C:\Windows\system32\DRIVERS\s816nd5.sys
18:22:26.0269 1748 s816nd5 - ok
18:22:26.0300 1748 s816obex (f8e19bfb8a67407cd54c5fd63f7b3c17) C:\Windows\system32\DRIVERS\s816obex.sys
18:22:26.0300 1748 s816obex - ok
18:22:26.0332 1748 s816unic (b8a998b3a7d6da10221d479e4dde5ef7) C:\Windows\system32\DRIVERS\s816unic.sys
18:22:26.0332 1748 s816unic - ok
18:22:26.0363 1748 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:22:26.0378 1748 sbp2port - ok
18:22:26.0394 1748 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:22:26.0425 1748 scfilter - ok
18:22:26.0472 1748 ScreamBAudioSvc (e03b9294a9b70a214328b2b518f20db0) C:\Windows\system32\drivers\ScreamingBAudio64.sys
18:22:26.0488 1748 ScreamBAudioSvc - ok
18:22:26.0519 1748 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
18:22:26.0550 1748 seehcri - ok
18:22:26.0582 1748 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:22:26.0597 1748 Serenum - ok
18:22:26.0628 1748 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:22:26.0660 1748 Serial - ok
18:22:26.0675 1748 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:22:26.0691 1748 sermouse - ok
18:22:26.0722 1748 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:22:26.0753 1748 sffdisk - ok
18:22:26.0769 1748 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:22:26.0769 1748 sffp_mmc - ok
18:22:26.0785 1748 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:22:26.0800 1748 sffp_sd - ok
18:22:26.0816 1748 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:26.0847 1748 sfloppy - ok
18:22:26.0878 1748 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:22:26.0878 1748 SiSRaid2 - ok
18:22:26.0910 1748 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:22:26.0910 1748 SiSRaid4 - ok
18:22:26.0941 1748 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:22:26.0972 1748 Smb - ok
18:22:27.0003 1748 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:22:27.0019 1748 spldr - ok
18:22:27.0082 1748 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
18:22:27.0113 1748 sptd - ok
18:22:27.0144 1748 SRS_SSCFilter (83be26217fd07b3613d151d24aaa9beb) C:\Windows\system32\drivers\srs_sscfilter_amd64.sys
18:22:27.0160 1748 SRS_SSCFilter - ok
18:22:27.0191 1748 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:22:27.0222 1748 srv - ok
18:22:27.0253 1748 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:22:27.0269 1748 srv2 - ok
18:22:27.0316 1748 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:22:27.0332 1748 srvnet - ok
18:22:27.0410 1748 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
18:22:27.0425 1748 ss_bbus - ok
18:22:27.0457 1748 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:22:27.0457 1748 ss_bmdfl - ok
18:22:27.0488 1748 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:22:27.0488 1748 ss_bmdm - ok
18:22:27.0535 1748 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
18:22:27.0535 1748 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:22:27.0535 1748 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:22:27.0566 1748 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:22:27.0582 1748 stexstor - ok
18:22:27.0613 1748 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:22:27.0613 1748 storflt - ok
18:22:27.0628 1748 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:22:27.0644 1748 storvsc - ok
18:22:27.0660 1748 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:22:27.0675 1748 swenum - ok
18:22:27.0707 1748 Synth3dVsc - ok
18:22:27.0785 1748 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:22:27.0847 1748 Tcpip - ok
18:22:27.0878 1748 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:22:27.0910 1748 TCPIP6 - ok
18:22:27.0957 1748 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:22:27.0988 1748 tcpipreg - ok
18:22:28.0019 1748 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:22:28.0035 1748 TDPIPE - ok
18:22:28.0050 1748 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:22:28.0066 1748 TDTCP - ok
18:22:28.0113 1748 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:22:28.0144 1748 tdx - ok
18:22:28.0191 1748 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:22:28.0191 1748 TermDD - ok
18:22:28.0222 1748 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
18:22:28.0238 1748 TFsExDisk - ok
18:22:28.0285 1748 truecrypt (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
18:22:28.0300 1748 truecrypt - ok
18:22:28.0332 1748 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:28.0363 1748 tssecsrv - ok
18:22:28.0410 1748 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:22:28.0425 1748 TsUsbFlt - ok
18:22:28.0441 1748 tsusbhub - ok
18:22:28.0472 1748 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:28.0519 1748 tunnel - ok
18:22:28.0535 1748 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:22:28.0550 1748 uagp35 - ok
18:22:28.0582 1748 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:22:28.0613 1748 udfs - ok
18:22:28.0644 1748 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:22:28.0660 1748 uliagpkx - ok
18:22:28.0675 1748 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:22:28.0691 1748 umbus - ok
18:22:28.0722 1748 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:22:28.0738 1748 UmPass - ok
18:22:28.0753 1748 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:22:28.0769 1748 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:22:28.0769 1748 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:22:28.0800 1748 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:22:28.0816 1748 usbaudio - ok
18:22:28.0832 1748 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:28.0863 1748 usbccgp - ok
18:22:28.0894 1748 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:22:28.0910 1748 usbcir - ok
18:22:28.0941 1748 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:22:28.0957 1748 usbehci - ok
18:22:28.0988 1748 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
18:22:29.0003 1748 usbhub - ok
18:22:29.0019 1748 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:22:29.0035 1748 usbohci - ok
18:22:29.0066 1748 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:29.0082 1748 usbprint - ok
18:22:29.0097 1748 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:22:29.0113 1748 usbscan - ok
18:22:29.0144 1748 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:29.0160 1748 USBSTOR - ok
18:22:29.0175 1748 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:22:29.0191 1748 usbuhci - ok
18:22:29.0222 1748 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
18:22:29.0238 1748 VBoxDrv - ok
18:22:29.0269 1748 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:22:29.0285 1748 VBoxNetAdp - ok
18:22:29.0316 1748 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
18:22:29.0316 1748 VBoxNetFlt - ok
18:22:29.0363 1748 VBoxUSB (bcfe50247fbe5c8cb2e22fa5938ea6f7) C:\Windows\system32\Drivers\VBoxUSB.sys
18:22:29.0363 1748 VBoxUSB - ok
18:22:29.0410 1748 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
18:22:29.0410 1748 VBoxUSBMon - ok
18:22:29.0441 1748 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
18:22:29.0472 1748 VClone - ok
18:22:29.0503 1748 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:22:29.0503 1748 vdrvroot - ok
18:22:29.0535 1748 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:29.0535 1748 vga - ok
18:22:29.0550 1748 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:22:29.0582 1748 VgaSave - ok
18:22:29.0613 1748 VGPU - ok
18:22:29.0628 1748 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:22:29.0644 1748 vhdmp - ok
18:22:29.0675 1748 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:22:29.0675 1748 viaide - ok
18:22:29.0691 1748 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:22:29.0707 1748 vmbus - ok
18:22:29.0722 1748 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:22:29.0738 1748 VMBusHID - ok
18:22:29.0769 1748 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:22:29.0769 1748 volmgr - ok
18:22:29.0800 1748 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:22:29.0816 1748 volmgrx - ok
18:22:29.0832 1748 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:22:29.0847 1748 volsnap - ok
18:22:29.0878 1748 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:22:29.0878 1748 vsmraid - ok
18:22:29.0910 1748 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:22:29.0925 1748 vwifibus - ok
18:22:29.0941 1748 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:22:29.0957 1748 WacomPen - ok
18:22:29.0988 1748 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:30.0019 1748 WANARP - ok
18:22:30.0035 1748 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:30.0050 1748 Wanarpv6 - ok
18:22:30.0097 1748 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:22:30.0113 1748 Wd - ok
18:22:30.0128 1748 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:22:30.0160 1748 Wdf01000 - ok
18:22:30.0207 1748 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:22:30.0222 1748 WfpLwf - ok
18:22:30.0253 1748 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:22:30.0253 1748 WIMMount - ok
18:22:30.0316 1748 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:22:30.0332 1748 WinUsb - ok
18:22:30.0363 1748 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:22:30.0378 1748 WmiAcpi - ok
18:22:30.0410 1748 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:22:30.0441 1748 ws2ifsl - ok
18:22:30.0472 1748 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
18:22:30.0488 1748 WsAudio_DeviceS(1) - ok
18:22:30.0519 1748 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
18:22:30.0519 1748 WsAudio_DeviceS(2) - ok
18:22:30.0535 1748 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
18:22:30.0550 1748 WsAudio_DeviceS(3) - ok
18:22:30.0566 1748 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
18:22:30.0566 1748 WsAudio_DeviceS(4) - ok
18:22:30.0582 1748 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
18:22:30.0597 1748 WsAudio_DeviceS(5) - ok
18:22:30.0628 1748 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:22:30.0660 1748 WudfPf - ok
18:22:30.0707 1748 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:30.0738 1748 WUDFRd - ok
18:22:30.0800 1748 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:22:30.0894 1748 \Device\Harddisk0\DR0 - ok
18:22:30.0894 1748 Boot (0x1200) (92cb0a444f5f895e06aee7682f61d01b) \Device\Harddisk0\DR0\Partition0
18:22:30.0894 1748 \Device\Harddisk0\DR0\Partition0 - ok
18:22:30.0941 1748 Boot (0x1200) (c4a64d34ca2d9bbb6b8201c770b8ac04) \Device\Harddisk0\DR0\Partition1
18:22:30.0941 1748 \Device\Harddisk0\DR0\Partition1 - ok
18:22:30.0957 1748 Boot (0x1200) (89391f71fe6fa9b1792526e0c14baa51) \Device\Harddisk0\DR0\Partition2
18:22:30.0957 1748 \Device\Harddisk0\DR0\Partition2 - ok
18:22:30.0957 1748 ============================================================
18:22:30.0957 1748 Scan finished
18:22:30.0957 1748 ============================================================
18:22:30.0972 0932 Detected object count: 2
18:22:30.0972 0932 Actual detected object count: 2
18:23:11.0332 0932 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:11.0332 0932 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:11.0332 0932 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:11.0332 0932 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
19.03.2012, 18:31
| #14 |
| /// Malware-holic | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 in den normalen modus kannst du ja prinzipiell wieder oder? malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.03.2012, 18:43
| #15 |
| | Ein neuer Fall von TR\Crypt.XPACK.Gen.3 Im normalen Modus veranstalten Combofix und die "Hardware-Defekt-Fehlermeldungen" weiterhin ein Bildschirmfeuerwerk und das System ist nicht wirklich benutzbar. Abmelden und sauber neu starten - das klappt. Und den abgesicherten Modus mag Malwarebytes ja leider nicht... EDIT: Oh, wohl nicht als Admin gestart. Jetzt scannt es im abgesicherten Modus. Log folgt. |
|
| Themen zu Ein neuer Fall von TR\Crypt.XPACK.Gen.3 |
| acrobat update, adobe, antivirus, avg, converter, cpu, decrypter, defender, desktop, device driver, drahtlos-802.11b/g-usb, entfernen, explorer, firefox, google, helper, home, hängen, kaspersky, logfile, monitor.exe, nt.dll, ntdll.dll, nvidia, nvidia update, photoshop, plug-in, programm, prozesse, realtek, scan, security, svchost.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojan, usb, virtualbox, virus, windows, wuauclt.exe |
Linear-Darstellung
